Unsplashed background img 1

Data Privacy Policy

Our data privacy policy

Personal data relates to a living individual who can be identified from it (the ‘data subject’.) The processing of personal data (including use) is governed by the General Data Protection Regulation (the “GDPR”) which is part of the Data Protection Act, 1998.

The Association has a legitimate interest in keeping members informed of its activities and even has a contractual obligation to do so. The GDPR is unclear on the scope of legitimate interest, but it is generally agreed that consent should be sought from non-members whose personal data is held by the Association, or if members’ data is shared outside the Association.

Personal data is used -

  • to administer membership records;
  • to maintain financial records (including the processing of gift aid applications);
  • to inform people of events and activities of the Association and news of related musical activities in the Northampton district;
  • generally to promote the interests of the Association.

The Association complies with its obligations under the GDPR by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure; and by ensuring that appropriate technical measures are in place to protect personal data.

All personal data will be treated as strictly confidential and will only be shared with other members of the Association in order to carry out a service to other members or for purposes connected with its activities. It will not be shared with third parties except with the data subject’s consent; it will not be sold.

Membership and mailing list data will be retained while it is still current; gift aid declarations and associated paperwork will be retained for 7 years after the tax year to which they relate.

If the Association wishes to use personal data for a new purpose, not covered by this Data Privacy Policy, a new notice will be issued explaining the use and setting out the purposes and processing conditions and seeking the data subject’s consent.

This policy will be reviewed every 2 years.

Data subjects have the right -

  • to request a copy of any personal data which the Association holds about them;
  • to request the Association to correct any personal data that is inaccurate or out of date;
  • to request that personal data be erased if it is no longer necessary for the Association to retain it;
  • to withdraw consent to the processing at any time;
  • to request the data controller to provide them with their personal data and , if they wish, send it to another data controller;
  • if there is a dispute about the accuracy or processing of personal data, to request a restriction be placed on further processing;
  • to object to the processing of personal data;
  • to lodge a complaint with the Information Commissioner’s Office; see the website at www.ico.org.uk.

Adopted May 2018
Mark Gibson, President | Helen Murphy, Secretary