Data Privacy Statement
Introduction
The English Arts Chorale Association (EACA) is the Charitable Incorporated Organisation that operates the English Arts Chorale. The EACA may also operate other organisations to fulfil its Objects; "to advance, improve, develop and maintain public education in, and appreciation of, the art of music in all its aspects".
The EACA is committed to protecting the privacy and confidentiality of personal data entrusted to us by our members, supporters, donors, volunteers and any other individuals with whom we interact. This Data Protection Policy outlines our approach to data protection, ensuring compliance with applicable data protection laws and regulations, including but not limited to the UK General Data Protection Regulation (GDPR).
Our data protection practices are guided by the following principles:
a. Lawfulness, fairness, and transparency: We will process personal data lawfully, fairly, and in a transparent manner, ensuring individuals are aware of how their data is used.
b. Purpose limitation: We will only collect and process personal data for specified, explicit, and legitimate purposes, and we will not use it in a manner that is incompatible with those purposes.
c. Data minimization: We will only collect and retain personal data that is necessary for the purposes we have identified.
d. Accuracy: We will ensure that personal data is accurate, complete, and kept up-to-date, taking reasonable steps to rectify or erase inaccurate or outdated data.
e. Storage limitation: We will retain personal data for no longer than necessary to fulfill the purposes for which it was collected, considering legal and operational requirements.
f. Security and confidentiality: We will implement appropriate technical and organizational measures to protect personal data from unauthorized access, loss, disclosure, alteration, or destruction.
g. Accountability: We will demonstrate our compliance with data protection principles by implementing appropriate policies, procedures, and records of processing activities.
Why we store your data, and what we do with it
This policy applies to all personal data collected and processed by EACA, regardless of the format or medium in which it is collected or stored.
We store contact information about our members, our customers and other people interested in or instrumental in performing our activities in databases for the purpose of informing them of future events, for the fulfilment of ticket orders and to undertake our charitable activities. We only retain contact details in line with the lawful bases as described in the General Data Protection Regulation (GDPR).
We may pass your details on to a third party for purposes directly linked to the conduct of our operations, for example to process or confirm the validity of a transaction, to facilitate banking arrangements or to handle postal or electronic mailing. We do not sell or otherwise transfer your details to third parties who wish to use them to promote non-EACA activities. Where we engage third-party processors, we will ensure appropriate safeguards are in place to protect personal data.
If you have bought tickets or other products from us, we will add your details to our database so that we can send you information about future activities. You can use the form at the bottom of each page on this website to add your details to our mailing list. Before you can be added, you will be emailed to confirm your intention and consent. You can use the links on our emails to unsubscribe or to change your preferences. If you Unsubscribe, your email address will remain on our system purely to prevent your being accidentally subscribed again. This list is only used by us or our agents to promote our own activities. Our email system is handled by MailChimp, whose servers are located outside the EU. MailChimp is certified as conforming to the UK GDPR under the EU/U.S. Privacy Shield Framework. You can view the relevant part of MailChimp's privacy policy here.
The EACA does not store the credit card or banking details of its customers, but we retain contact details. All on-line transactions are handled on our behalf by PayPal using their own secure servers. PayPal's Privacy Statement can found by clicking here.
When you visit this website, we collect information such as the unique (IP) address of your computer, the time of the visit, and the pages you viewed. We analyse this data in summary form, using Google Analytics, in order to help us decide how we can improve the way our website works. Your identity cannot be deduced from this summarised data.
Photographs
From time to time, photographs and videos may be taken of the Chorale at concerts or at other events such as singing days, for use in publicity material including but not limited to social media, newspaper articles, concert programmes and the EAC website. This is an essential part of communicating with our audience and potential recruits. These images may include members of the audience and/or visiting singers. In the view of the EACA Trustees the use of such images is a legitimate business interest and as such is permitted under the UK GDPR and does not need the consent of the subjects. People who appear in publicity material will not be named unless it is central to the publicity, and in that case the subject will be asked for consent. Examples of this could be an acknowledgement of the presence of a composer from whom the EACA has commissioned a work, or a local dignatory. In general, photographs will be far views rather than individuals in close-up. This clause also applies to images already in the possession of the EACA.
Photographs stored in the Chorale's website or elsewhere will be stored safely, securely and anonymously.
If you have a complaint or query
If you have a complaint or query about this policy or about the way we handle your data, in the first instance contact our Data Protection Officer dpo@englisharts.org
Further information about our obligations and your rights can be found on the website of the Information Commissioner's Office.
Approved 20 October 2023