Privacy Notice – Nonsuch Singers
Nonsuch Singers is a registered charity (No. 1105880) established in 1977 for the purpose of the presenting of public concerts, providing musical performance for other occasions such as religious services and by such other means as the Charity, through its Trustees, determines from time to time.
This Privacy Notice has been prepared to provide information about how Nonsuch Singers will use (or “process”) personal data about individuals.
What personal information do we hold about you and why?
We hold data about current and former members; those who have sung with us as extras or expressed an interest in doing do; people who have auditioned for us; soloists and accompanists who have performed or who are invited to perform with Nonsuch Singers; contacts at our venues; those who initiate correspondence with us for any reason and our audience database (people who have attended concerts or asked to be added to our mailing list).
We hold data in order to be able to:
Maintain regular contact and communicate effectively with members about day-to-day matters of choir organisation
Correspond with soloists, accompanists, venues and extras about specific concerts or events as appropriate
Promote upcoming concerts and events
Stay in touch with Nonsuch Singers alumni
Maintain an archive of Nonsuch Singers concert and event information
We only collect personal data for specific purposes (for example membership of Nonsuch Singers, or for circulation of information about the Nonsuch Singers’ activities) and only such data as is necessary for the purpose for which it is collected. We do not hold any special category personal data. We keep data only for so long as is necessary for that purpose, unless there is a legal or regulatory requirement for us to retain the data for a longer period or we need to do so for audit or accounting purposes.
Where we receive a communication by email, we will use the return email address only:
to answer the email we have received, or
where we have a legitimate interest in using the email address or
if necessary for us to use the email address in order to meet our contractual obligations
… and not for any other purpose, unless the person sending the email has registered or otherwise consented to receive communications from us.
To prevent unauthorised access, maintain data accuracy, and ensure the correct use of information, we have put in place appropriate physical, electronic, and managerial procedures to safeguard and secure the information we collect online.
Use of Third Parties/Third Party software
We presently use the services of the following third party software providers to manage our data processing needs. We do not authorise these organisations to use your personal information in any other way and require them to protect your information to the same degree that we do:
1. PayPal– a payment processor used to handle event fees and CD sales. PayPal is not UK based and therefore not subject to FCA jurisdiction. However, it is signed up to the Financial Ombudsman Service’s voluntary jurisdiction (see here). This means that PayPal allows the Financial Ombudsman Service to handle complaints and agrees to be bound by their decisions, as it would do under compulsory jurisdiction.
2. MailChimp- an off-the-shelf proprietary software product used to manage our audience email database and create and send you our concert publicity. MailChimp is fully GDPR compliant and has been proactive in meeting the terms of the new regulatory regime. See here for details. Emails sent to you via Mailchimp will always include an ‘Unsubscribe’ option (and ‘review preferences’ option) and changes are usually updated immediately.
3. Eventbrite and TryBooking– These are ticketing services used by us when we are hosting our own concerts. They allow us to manage card payments safely and securely in accordance with current best practice/legal guidelines. Both companies are fully GDPR compliant and have published their privacy policies here: Eventbrite/ TryBooking
We also use Google Analytics to help us understand how our website is being found and how our visitors are interacting with it. This data is entirely anonymised and will not identify individual visitors to the site.
Nonsuch Singers has both a Twitter and Facebook presence. Both companies are GDPR compliant and have published extensive statements relating to the use of your data; see https://gdpr.twitter.com/en.html and https://www.facebook.com/business/gdpr. On occasion, Nonsuch Singers will pay for targeted Facebook adverts to publicise our concert offerings. In order to facilitate this, we have made use of Facebook Pixel technology on our website to help us understand if we are reaching the people we want to reach. An explanation of this technology can be found here.
Updated 02JUN19 - Social Media use included
Effective 25th May 2018, the General Data Protection Regulation (GDPR) requires us to state the lawful purpose under which we collect and use your personal information. We process data for the purposes stated above on the basis of LEGITIMATE INTEREST. Responsibility for data protection sits with the Chair of Nonsuch Singers. If you have any queries or concerns about this Privacy Notice or would like more information about the data we hold, or would like to request that data is updated or deleted, please contact the Chair using the email address given in our Contact Us page above. To protect your privacy and security we will take reasonable steps to verify your identity before granting access, making corrections or deleting information. We will respond to you within one month.
If you have concerns that Nonsuch Singers has not handled your personal information in accordance with the new regulation you are entitled to complain to the Information Commissioner’s Office (https://ico.org.uk/concerns/handling/).