What’s this about?

Personal data is information that relates to a living individual who can be identified from that data, either on its own or also using other information that the Data Controller holds.

A Data Controller holds personal data and makes decisions about everything that happens to it, including how it is stored, who it is shared with and when it is deleted. Any action like this is referred to as “processing”. The processing of personal data is governed by the General Data Protection Regulation (“GDPR”). GDPR requires us to explain to you what personal data we hold about you, what we do with it and why.

Who are we?

Sing Out Cambridge is a LGBT+ community choir. We’re entirely run by volunteers. Our communications and activities are intended to help organise rehearsals, keep us up to date with future performances and organise social events.

We are an unincorporated association – this means that we are a group of people who act together.

We’re not a company or a group with any separate legal status. We have a committee who meets several times a year and who deals with the administration of the choir.

Data Controller

The Membership committee member acts as the Data Controller for your personal data.

In practice, personal data will be handled in accordance with this notice. If we need to make any changes, we will agree those changes at a committee meeting and we will tell you before we take any action.

If you need to contact anyone about your personal data, you should email: cambslgbtchoir@gmail.com

What personal data do we collect?

We have a mailing list which includes any contact details which you have provided (usually email address).

We have a record of who has signed up to the Facebook group page.

We will receive personal data from you if you email us. We regularly delete old emails that are no longer needed.

We take photos at our performances and rehearsals with consent.

Why do we process your personal data?

We process your personal data so that we can:

• Respond to emails about membership, including providing information about the choir. We also send out emails about rehearsals and events.

• Deal with your requests to be added to the Facebook page and other social media groups

• Keep our Facebook page up to date with news about what we’ve been doing.

What is the legal basis for processing your personal data?

GDPR defines data concerning someone’s “sexual orientation” as “special category personal data” – this is given extra protection.

This is the specific term which is set out in the Regulation but it covers a wide range of aspects such as gender identity.

We treat all of your personal data as though it was this special category data, as we believe that’s the right thing to do.

GDPR sets out various ways in which Data Controllers have a legal basis for processing this data. In our case, we process your data because :

• we have explicit consent from you – for example, we always check before using photographs on our Facebook page. We add you to the Facebook group because you have asked us to do so;

• we are a not-for-profit making body with a philosophical aim. The processing relates only to members or former members (or those who have regular contact) and there is no disclosure to any third party without consent; or

• it is necessary for the purpose of our legitimate interest in running the choir, for example in keeping a list of membership details.

We have to meet a legal test to do this. We meet that test because:

• Purpose - we process your data for the purpose of running the choir, enabling us to co-ordinate rehearsals and performances and to communicate with you

• Necessity - processing your contact details is necessary to enable us to send information; processing your details is necessary for us to maintain accurate membership lists and to add you to our Facebook groups

• Balance - our interests in using your personal data do not override your rights and freedoms, you can unsubscribe or object to processing at any time.

Sharing your personal data

We treat your personal data as strictly confidential. We only share it within the committee for the purposes of setting up services, such as adding you to the Facebook group. We do not share your personal data outside the choir without your consent.

Transfer to third countries

We use email and website hosts which may be based outside the UK. We make sure that we use companies with appropriate privacy safeguards in place.

How long do we keep your personal data?

We keep your data for as long as you are a member.

Your rights

You have the right to:

• request a copy of any personal data which we hold about you

• request that we correct any personal data about you if it’s not right or out of date

• request that personal data about you is erased

• withdraw your consent to processing at any time

• request that we provide you with your personal data and, where possible, transmit it directly to another Data Controller - this is known as data portability

• if there is any dispute over your data, to request that a restriction is placed on your data

• object to the processing of your data

If you’re not happy with how we’re processing your personal data, please contact cambslgbtchoir@gmail.com

If we can’t resolve things with you, then you can complain to the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF: www. ico.org.uk