KCMS DATA PROTECTION POLICY
1.1 Kensington and Chelsea Music Society (KCMS, a registered charity, no. 291038) will, as part of its day-to-day activities, process personal data (which may be held on paper, electronically, or otherwise). KCMS recognises the need to treat it in an appropriate and lawful manner, in accordance with the General Data Protection Regulation 2016 (GDPR) which becomes effective on 25 May 2018. The purpose of this policy is to make you aware of how we will handle your personal data.
1.2 KCMS holds four main types of data. The first is our mailing list to supporters who have given us permission to contact them about KCMS events. These mailings are sent from a password-protected, exclusive KCMS email account on a Gmail server. The mailing list is held in a special, password-protected folder on the Hon Sec.’s computer. The passwords are only known to the Hon. Secretary and Chairman and is changed regularly to increase security. The second is information about our financial supporters, held by the Treasurer and necessary for claiming Gift Aid. Again, this is information is password protected. The third is a list of our current members, whose personal details are necessary to keep on file in case of changes to the programme throughout the season. The final category is emails between KCMS and supporters, again held on the KCMS email account. Old emails that are no longer relevant are regularly deleted from this account.
2. DATA PROTECTION PRINCIPLES
2. We will comply with the following principles. Personal data will be:
(a) Processed fairly, lawfully and transparently.
(b) Processed for limited purposes and in an appropriate way.
(c) Relevant and not excessive for the purpose.
(e) Not kept longer than necessary for the purpose.
(f) Processed in line with individuals’ rights.
2.2 “Personal data” means recorded information we hold about you from which you can be identified. “Processing” means doing anything with the data such as accessing, disclosing, destroying or using it in any way.
3. HOLDING AND USING DATA
3.1 We will only process your personal data where your consent has been given or where there is a clear legitimate interest i.e. where there is a legitimate purpose behind the processing, where it is necessary and where the legitimate interest is not overriden by your interests, rights and freedoms.
3.2 We will never ask our supporters for sensitive personal data such as religious beliefs.
3.3 When you make donations, either one-off or as standing orders, we will need to hold your personal data, which we may share with your bank and HMRC.
3.4 When you request to be on our mailing list, your name, along with any contact information you supplied, will be stored on our password-protected mailing list.
4. HOW WE ARE LIKELY TO USE YOUR PERSONAL DATA
4.1 KCMS’s mailing list involves the processing of personal data in order to let its subscribers know about forthcoming KCMS events. This is a mailing list built up over many years and includes those who have subscribed at concerts, via our website’s contact form and in person to one of our Trustees. We have not taken the decision to renew these opt-in decisions in 2018 because of the small scale of our operation and because there is a very clear and easy way to unsubscribe from our non-intrusive mailouts.
4.2 We will process the data you have provided for administrative and management purposes and to enable us to operate KCMS as a viable charity. We will only process your personal data for the specific purpose of administering the work of KCMS (“the Purpose”). Your personal data will only be processed to the extent that it is necessary for the Purpose.
5. ACCURATE DATA. We will take reasonable steps to keep the data we store about you accurate and up to date. Please notify us if your personal details change or if you become aware of any inaccuracies in the personal data we hold about you so that we can make the necessary amendments.
6. DATA RETENTION
We will not keep your personal data for longer than is necessary for the Purpose. This means that data will be destroyed or erased from our systems when it is no longer required or if you decide to unsubscribe from our mailing list.
7. PROCESSING IN LINE WITH YOUR RIGHTS
You have the right to:
(a) Request reasonable access to any personal data we hold about you.
(b) Prevent the processing of your data for direct marketing purposes.
(c) Ask to have inaccurate data held about you amended or deleted.
8. DATA SECURITY
8.1 We will take all reasonable measures to avoid accidental loss of your data, and that no unauthorised or unlawful processing of it takes place. All our data management systems are password-protected and accessible only to the KCMS Administrator and certain Trustees.
8.2 We will not transfer details to a third party unless required to do so by law.
8.3 Maintaining data security means guaranteeing the confidentiality, integrity and availability (for authorised purposes) of personal data.
9. SUBJECT ACCESS REQUESTS
If you wish to know what personal data we hold about you, please make the request in writing. All such written requests should be sent to the Data Protection Officer & Hon. Secretary, Maria Renzi Brivio, at KCMS’s registered address.
10. BREACHES OF THIS POLICY
If you consider that this policy has not been followed in respect of personal data about yourself or others please contact the Data Protection Officer, Maria Renzi Brivio, at the KCMS’s registered address. As the Hon. Secretary, she has overall responsibility for KCMS’s ongoing compliance with the GDPR.
This Policy will be reviewed annually by KCMS’s Trustees.
William Vann, KCMS Co-Chairman, 23rd May 2018