CRSO Personal Data Protection Policy

To manage the running of the orchestra it is necessary to gather some types of personal data from the members, prospective members and playing extras of the orchestra. Only data that is needed is collected.

What data is collected and why is it needed?

The data collected from the members, prospective members and playing extras, comprises :

  • Name
  • Email address
  • Home and Mobile phone numbers
  • Home address
  • Parent/Guardian name, address and contact number if a student (under 18)

The data is necessary to enable communication with all players to facilitate the operation of the orchestra regarding rehearsals, concerts, music loan and return, and social events.

This data will be held for as long as a player remains associated with the orchestra as a member or an extra. It will be destroyed at the request of the player on ceasing their association with the orchestra, or destroyed after a player’s absence of 3 seasons from the orchestra.

Who stores the data, who has access to the data, and how is the data used?

The full set of personal data is collected via a ‘Contact Details’ form by the ‘CRSO Membership Secretary’ and will be securely stored and controlled by the ‘CRSO Membership Secretary’. Email addresses and phone numbers will be shared with those officers of the orchestra who have a need for carrying out their own roles within the orchestra e.g. orchestral manager, treasurer, secretary, librarian, conductor, ticket secretary, assistant treasurer, section leaders. Any request to share a person’s home address will not be granted without first seeking that person’s consent.

The primary method of communication within the orchestra will be by email and where global communication emails are sent to all players they should be sent using the Bcc (blind carbon copy) email addressing option so that email addresses remain private as far as is practical. It is the responsibility of everyone to keep email addresses and phone numbers within the boundaries of the orchestra, and to seek consent from any player concerned before responding to requests from other music societies for player contact details, unless a player has already given consent to this via the ‘Contact Details’ form.

All members, prospective members and playing extras give consent to their data being used as described above when they provide their data to the ‘CRSO Membership Secretary’. Consent may be withdrawn at any time by request to the ‘CRSO Membership Secretary’.

Is any other form of personal data recorded?

From time to time photographic and video images may be taken of the orchestra for inclusion in publicity material, e.g. the CRSO website, brochures, concert programmes etc. These images may include any player and it will be helpful for the orchestra to be able to use any images taken for the purposes stated.  A player needs to consent to this via the ‘Contact Details’ form used for collecting the player’s personal data. However, the taking of close up images of any children (under 16) in the orchestra will be avoided and if taken will not be used in any publicity material.

The treasurer and assistant treasurer maintain records of subscriptions received from the orchestral members.

What can be asked of the orchestra?

At any time a player may request the ‘CRSO Membership Secretary’ to update or correct the personal data that is held for them, change the level of consent already given for use of any items of their personal data, or to destroy the personal data that is held for them. They may also ask to view the personal data that is held for them.

Change of ‘CRSO Membership Secretary’?

If the role of ‘CRSO Membership Secretary’ moves to a new person, then all records of player personal data will be passed for safe and secure storage to the new person, and all players will be notified of the new person holding their personal data.

What happens if there is a data breach?

If any personal data records are lost or any personal data is misused according to the guidelines given above, then the breach should be reported to the CRSO Committee. The committee shall assess the impact to any individuals and the orchestra as a whole, shall notify any individuals affected and modify the Personal Data Protection Policy to prevent similar data breaches occurring in the future.