1. Introduction
To conform to the General Data Protection Regulation (GDPR) 25 May 2018, Douglas Music is required to update its Data Protection Policy.
We (Douglas Music Society, trading as Parbold Douglas Music Lancashire) determine why and how we collect and use personal data provided by You (our patrons). The way that we use your data will not change; this document makes clear how our Data Protection Policy will continue under the new GDPR legislation. This policy will operate in conjunction with our updated Reference Statement.
Prepared by: Chris Rowe, Douglas Music Society Board Member Trustee & Data Protection Officer
Douglas Music Society, 13th July 2018
Formally adopted in November 2018.
Douglas Music Society holds a full Data Protection Policy [Reference Statement] in its administration manual. This is available on request.
2. Principles
Personal information gathered by Parbold Douglas Music is kept in order to:
- Inform our audience of events
- Undertake market research about our audience, such as where patrons travel from, and what their musical preferences are
- Manage and keep a record of ticket sales.
This information will never be passed on to third parties
In processing your personal data, we will hold to the following principles:
- We will ensure all our patrons and volunteers are aware of what personal data is recorded about them and why; and in what circumstances it might be used
- We will take all reasonable steps to ensure data is accurate, up to date, and not misleading
- We will process only the minimum amount of data necessary to provide our services
- We will obtain consent before using data for promoting events
- We will handle data with care; to ensure it is kept securely, to ensure that it is reviewed and updated annually, is destroyed when no longer relevant
3. Further Information
- We will comply with the requirements of Data Protection law and Article 8 of the Human Rights Act for example, if we receive any request from a person seeking to access personal data of someone else, we will carefully consider Data Protection law before disclosing it)
- When introducing any new method of processing data (or amending an existing one) we will carefully consider possible risks to privacy rights
- We will respond to a request from one of our patrons for access to his or her personal data as a formal Subject Access Request
- We will share personal data with external bodies only if there is a current agreement in place to do so, or it is approved by the Data Protection Officer. Data will never be shared with any organisation or individual outside the European Economic Area.
- Monitoring, recording or disclosing telephone calls, internet activity, video images, either of our patrons or of our volunteers, will be carried out in compliance with Data Protection law and with the regulator’s Code of Practice.
- Any ‘data matching’ techniques for market research will only be used in line with formal codes of practice, to ensure our patrons have been informed, and given their consent.
- We will maintain an up-to-date entry in the Public Register of Data Controllers.