USER PRIVACY AND DATA PROTECTION
OUR DATA PROTECTION PRINCIPLES
Any information we hold about you will be:
used fairly, lawfully and transparently
used for specified purposes
used in a way that is relevant and limited to what is necessary
accurate and, where necessary, kept up to date
kept for no longer than is necessary
handled in a way that ensures appropriate security, including protection against unlawful or unauthorised processing, access, loss, destruction or damage
LEGISLATION
Our business computer database, administration systems and website are designed to comply with the following national and international legislation with regards to data protection and user privacy:
UK Data Protection Act 1988 (DPA)
EU Data Protection Directive 1995 (DPD)
EU General Data Protection Regulation 2018 (GDPR)
HOW WE USE YOUR DATA
We keep your personal data for up to 6 years and 1 month after you last attended a course, unless requested to keep it for longer, to operate the service in accordance with legal requirements and tax and accounting rules. Where your information is no longer required or is no longer relevant, we will ensure it is disposed of in a secure manner.
When you apply for membership of a Grittleton chamber music course, we use the data you provide on the booking form to administer your attendance on the course. This enables GCMS to fulfil its contract with you.
We will hold your contact details and the information you provide on your booking form so that we can provide you with information about your course booking, send you details of the course arrangements, make accommodation arrangements with the course venue (currently St Mary’s School, Calne), and send you invoices related to your booking.
When you pay your deposit or balance of fees online using a credit or debit card via the Grittleton website, the transaction is processed by Stripe, and GCMS does not receive or store any of your card details. Stripe also holds the data provided in your booking form. See below for Stripe’s own Privacy Policy.
We produce a course address list for use by members to fix their playing groups in advance of the course. As part of the application for the course we will ask you to consent to your name, instrument details and contact details (which may include telephone numbers, email addresses and postal addresses) being included on this list. The list may be circulated by GCMS to members of both courses via email or post. We do not supply this list to third parties and will ask course members not to share the information outside the course membership.
We produce printed lists of players and groups for you to use on the course, and these are kept strictly within the course membership.
Coaches’ reports, written at the end of each course, are kept securely by the Course Organiser for reference when fixing future groups, and destroyed after 6 years and 1 month.
When you are accepted to attend a Grittleton course, you become a company member of either GCMS Wind and Strings Ltd or GCMS Strings Ltd, and your contact details are retained for the period of your membership and a limited period after your attendance at the course as required by company law.
We will supply relevant information to HMRC if you make any donations which attract Gift Aid. This information comprises your name, address and the amount and date of any donation.
GCMS does not share your personal data with any organisation for marketing purposes. We do not use your data for marketing except to send you information about forthcoming Grittleton courses or related events, and very occasionally news of members.
Please address all requests to admin@younggrittleton.org
YOUR RIGHTS
Under the Data Protection Act 2018, you have the right to find out what information we store about you.
The right to access your personal data
You have a right to obtain confirmation that your personal data is being processed. You also have the right to request a copy of your personal data we hold.
The right to rectify and update your personal data
You can rectify/update your personal data, including your address and contact details at any time.
The right to request to have your personal data erased
You have the right to request your personal data be erased. This is not an absolute right and we will review these on a case by case basis.
The right to restrict processing of your personal data
You have the right to ‘block’ or suppress processing of your personal data. However, we will retain just enough of your personal data to ensure that the restriction is respected in the future.
The right to object
You have the right to object to your personal data being processed, for marketing and for research purposes.
Your right to lodge a complaint with a supervisory authority
If you wish to lodge a complaint or seek advice from a supervisory authority please contact the Information Commissioner’s Office (ICO).
The ICO is the UK’s independent body set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
The ICO can be contacted at:
The Office of the Information Commissioner
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Tel: +44 (0) 01625 545 745
Website: www.ico.org.uk
SAFEGUARDING YOUR ONLINE DATA
Your personal data is held securely and either encrypted or password protected.
The Grittleton.co.uk website uses cookies to track visits and stores no personal details.
We suggest that you always consider email as an insecure medium and do not include personal, confidential or otherwise sensitive information within an email.
Some data is held by third party data processors Mailchimp (for our email communications) and Stripe (card payments platform). No information is stored in our website (check with PD about Member Account area).
Please find below the privacy policies for Krystal (our WordPress website host), WordPress, Mailchimp and Stripe.
Terms and Conditions (krystal.uk)
Privacy Policy | Stripe Communications
Privacy Policy | WordPress.org
These third parties have been carefully chosen and all of them comply with the legislation set out above.
DATA BREACHES
We will report any unlawful data breach of our database or the database(s) of any of our third party data processors to any and all relevant persons and authorities within 72 hours of the breach if it is apparent that personal data stored in an identifiable manner has been stolen.
DATA CONTROLLER
The data controller is Philip Aird, Young Grittleton Course Organiser.
DATA PROTECTION OFFICER
Philip Aird
61 Worlds End Lane
Weston Turville
Buckinghamshire
HP22 5RX
Email: admin@younggrittelton.org
CHANGES TO OUR PRIVACY POLICY
This privacy policy may change from time to time in line with legislation or industry developments. We will not explicitly inform our clients or website users of these changes. Instead, we recommend that you check this page occasionally for any policy changes.
Updated 5.2.21