General Data Protection Regulation Policy
The Garforth Brass Organisation aims to ensure that all personal data collected about players and other individuals is collected, stored and processed in accordance with the General Data Protection Regulation (GDPR) and the expected provisions of the Data Protection Act 2018 (DPA 2018) as set out in the Data Protection Bill.
This policy applies to all personal data, regardless of whether it is in paper or electronic format, and explains what personal data Garforth Brass stores, how it uses that information and what rights members have.
The Garforth Brass Organisation’s GDPR Policy will be published on the its website and all information will be deemed to cover both the contesting band (known as Garforth Brass), concert band (known as Garforth Jubilee Band) and training Band.
Personal Data – Definition and Use
Personal data means data that is subject to GDPR, and includes information used for the purpose of allowing members of The Garforth Brass Organisation to contact other members. A full list of personal data currently held by Garforth Brass is as follows:
- Name(s) of member
- Postal Address
- Telephone numbers (home, daytime and mobile)
- Email addresses
- Date of birth
- Subscription payments
- Gift Aid Declarations
- Instrument loan
- Consent to GDPR policies
- DBS status (where applicable)
- Medical information and allergy status
- Names, addresses and telephone numbers of emergency contacts
- Brass Band Players Ltd Registration Cards
Where The Garforth Brass Organisation members are aged under 18 years old, Personal Data will be held (with consent) both for the member and, for safeguarding reasons, those of their parent or legal guardian.
All Personal Data shall be reviewed and updated where necessary bi-annually on (or within a week of) the 31st of March and the 30th of September and any data no longer required will be destroyed.
The Garforth Brass Organisation stores and uses personal data (see section 2) solely for the purpose of legitimate use and administration of:
- Management of the band (contacts, subscriptions, newsletters, fundraising and the delivery of information from the committee)
- Organising events (contests, concerts, engagements, meetings and social gatherings)
Personal data will not be shared with any other third parties.
Members are required to confirm agreement that The Garforth Brass Organisation is authorised to:
- Store their personal data
- Maintain a soft/electronic copy of their personal data securely on Google Workspace (password protected)
The Garforth Brass Organisation will collect personal data from new members on joining. All members will be asked to confirm agreement that their personal data can be stored at the time of joining.
The Garforth Brass Organisation stores personal data in an electronic database which is password protected.
The committee has appointed Hayley Cotterill as its Data Protection Officer (DPO).
The Membership Database is only available to the Chairman, Treasurer, Secretary, Data Protection Officer and Musical Director.
Any paper copies of information, for example hard copies of information forms submitted to the DPO by band members, will be destroyed as soon as the information is transferred to the electronic database. This will be done within a timely manner by the DPO and in the meantime hard copies will be stored securely.
Members’ financial data is not required for membership renewal.
Stored financial data is used solely for the purposes of reimbursing members for expenditure on behalf of The Garforth Brass Organisation.
If a member resigns or leaves Garforth Brass for any reason their personal data will be kept for up to 6 months before being removed from the Membership Database, with the exception of their name and contact details which will be retained for archive purposes.
If, for any reason, a member of the committee besides the DPO is in receipt of personal information from a band member (for example if they have collected personal information forms in the absence of the DPO) they should ensure that the information is passed to the DPO at the soonest opportunity and in the meantime is stored securely. If the information they have received is in an electronic format they should forward it to the DPO and then ensure that the information is permanently deleted from their records.
If the personnel fulfilling the above named roles that have access to personal information changes then the password protecting the data will also be changed so that only people currently fulfilling a role have access,
Any person may request deletion of their personal data. The Chairman shall ensure that all requests are enacted upon within 14 days of receiving the request.
Members have the right, at any time, to see the information that The Garforth Brass Organisation holds on them. A request should be made in writing to the Chairman. A member has the right to complain to the Information Commissioner’s Office (ICO) if they believe there is a problem with The Garforth Brass Organisation’s handling of their data which cannot be resolved directly.
Details of the ICO can be found at https://ico.org.uk
Associated Consent Form
Consent forms associated with this policy can be found in appendix A.
This policy was last updated in November 2021.