DATA PROTECTION POLICY
This Data Protection policy will lay out the procedures undertaken by MicWireUK to ensure that MicWireUK is compliant with relevant data protection legislation. It has been written in accordance with the information provided by the Information Commissioner’s office prior to the release of the GDPR.
- Establishing a lawful basis for handling data
- In accordance with Article 5 (2), This policy will document the ‘lawful basis’ by MicWireUK to handle data. This ‘lawful basis’ is set out in Article 6 of GDPR. The lawful basis may be any as follows:
- Where express consent has been given.
MicWireUK utilises a mailing list in order to communicate updates for courses. Express consent must be provided in order to be added.
- Where data is required to enable contractual obligations to be fulfilled.
MicWireUK will require personal data in order to enter into a contract such as the purchase of a singing lesson or course.
- Legitimate Interests
Data may be collected for legitimate interests such as marketing purposes. This may include the marketing of events, opportunities and other relevant news.
- Legal Obligations
Information will be collected to enable legal obligations to be fulfilled
- Data processing must be necessary
This policy will ensure that data processing only occurs where necessary and will only be used for achieving a specific purpose. The legal basis of the data collection is determined by the specific purpose and data collection will only occur in a ‘targeted and proportionate’ manner to achieve the purpose of data collection.
- Procedures for ensuring valid consent
- MicWireUK stores relevant email addresses to enable mailing list communication relating to news and events. Procedures have been adopted to ensure valid consent has been granted. This includes a direct request to be included onto the mailing list using unambiguous and clear language. The request requires a positive email response to ‘opt in’. This is then followed by a subsequent ‘welcome email’ which documents clearly the right to withdraw consent. All further email communication contains an ‘unsubscribe’ welcome email which documents clearly the right to withdraw consent.
- Consent Reviews
- Consent Reviews will take place every twelve months whereby people will be asked if they wish to withdraw from the mailing list.
- Gathering data for contractual purposes
In accordance with S6 s(1) b attending a choir rehearsal, course or workshop will require the collection of data to enable contractual obligations to be fulfilled. This is a necessary procedure and only minimal data will be collected to enable this to take place appropriately. Such data will include:
- Email addresses
- Home/business address
- Telephone number
The above specified information enables appropriate invoicing to take place. Data will be stored for accountancy purposes only GDPR compliant software. At no point, will data be passed on to any other organisation without explicit prior consent.
- Legal Obligations and the collection of data
This section applies to the collection of data from prospective employees and contractors to enable HMRC obligations to be fulfilled appropriately.
- Safeguarding Privacy
MicWireUK will ensure privacy by engaging fully with the right to be informed. Privacy notices will include the following:
- The purpose of processing the data
- How long the data will be held for
- Who it will be shared with
This privacy information will be served at the time of data collection in the following foreseeable situations
- Purchasing tickets for an event via the website
- Applying for a rehearsal or event via email or telephone
Privacy notices will be tailored for to suit the purposes of collection but will include in accordance with the guidelines provided by the Information Commissioner’s Office
- The contact details of MicWireUK
- The name and contact details of the relevant representative
- The purpose of the processing
- The lawful basis of the processing
- The legitimate interests for the processing
- The categories of personal data obtained
- The retention period of the personal data
- Details of the contractual obligations
- Details of transfers of the personal data to any third countries or international organisations
- The right to withdraw consent
- The right to lodge a complaint with a supervisory authority
This content will be contained in ‘just in time notices’ prior to online website purchases or telephone/email purchases.
- Ensuring right of access to personal data
- MicWireUK will allow a right of access to both personal data and supplementary information free of charge. Any requests for information will be provided within one month of receiving the request.
- Where requests are complex and numerous the provision of data will be provided within a two-month period.
- Where requests are excessive and repetitive and administration fee of £50 will be charged to cover the administrative costs involved.
- Responses will be provided in an electronic format
- Ensuring right to rectification
MicWireUK recognises that an individual has the right to have inaccurate personal data rectified or completed if incomplete.
- Requests for rectification can be made either verbally or in writing
- MicWireUK will ensure that rectification will occur within one month of the request being made
- Ensuring right to erasure
- MicWireUK recognises the rights of individuals to have their personal data erased.
- A request for erasure may be made either verbally or in writing
- MicWireUK will respond to the request within one month of it being erased, this time will be extended to two months where the request is complex
- Where data is being processed by MicWireUK and a request for erasure is made, the processing of the data will cease
- Rights related to automated decision making including profiling
- Online purchasing is a form of automated decision making as acceptance onto a course occurs at the point of the online purchase. Data will be gathered as a result of this process to enable the fulfilment of the contractual obligation. The extent of information collected will be communicated in an appropriate privacy statement.
- MicWireUK does not engage in automated profiling marketing systems. Automated decision-making systems are only used to enable a sale of a lesson, course or event
- Ensuring accountability and governance
In accordance with Article 5 (2) MicWireUK ensures accountability and governance through the following procedures:
- Regular internal audits
- Appropriate staff training
- Maintenance of relevant processing documentation
- Appointment of a Data Protection Officer: Mrs Kate Cubley
- Data Protection Impact Assessments
A data protection impact assessment will be carried out where processing is likely to result in a high risk to individual’s interests. This is likely to be where special category information is collected.
MicWireUK ensures that all data will be processed and stored securely to meet with GDPR requirements
- Personal data breaches
MicWireUK will report any personal data breaches that risk rights and freedoms of a data subject to the relevant parties involved. All breaches of data will be recorded.