Whitstable Choral Society – Combined GDPR, Privacy, Safeguarding, Cookie & Website Use Policy

Last updated: May 2025
Approved by Trustees: May 2025
Next Review Date: May 2026

  1. Introduction

Whitstable Choral Society (WCS) is committed to protecting your personal information and being transparent about what we do with it, in accordance with the UK General Data Protection Regulation (GDPR), Data Protection Act 2018, and associated laws.

This policy sets out how we collect, use, store, and protect your personal data, including the use of cookies, safeguarding measures, and terms of website use.

  1. Scope of Policy

This policy applies to:

  • Members
  • Patrons
  • Volunteers and staff
  • Contractors and suppliers
  • Audience members and event attendees
  • Website users
  • Emergency contacts (as provided)
  1. Data We Collect and Why

We collect the minimum necessary data to operate effectively, lawfully and transparently. This includes:

Category

Type of Data

Purpose

Membership

Full name, contact info, voice part, emergency contact

To manage choir membership, communications, and rehearsal planning

Events

Name and contact details

To manage bookings and inform you about performances

Marketing

Name, email

With consent, to send updates about events and fundraising

Safeguarding

Relevant health/disability info (if disclosed)

To ensure appropriate duty of care during rehearsals and events

Photography/Video

Image, voice

With consent, for promotional and archive purposes

Website Users

IP address, cookies

To analyse and improve our website and digital services
  1. Lawful Basis for Processing

We only process your data under one of the following lawful bases:

  • Consent (e.g. email newsletters, photography use)
  • Contract (e.g. ticket bookings)
  • Legal obligation (e.g. safeguarding duties)
  • Legitimate interests (e.g. member administration, group communications)
  1. Consent

We will always ask for your active, informed consent where required (e.g. newsletters, photos). You may withdraw consent at any time by contacting the Data Controller.

  1. Your Rights

Under UK GDPR, you have the right to:

  • Access your data
  • Rectify inaccuracies
  • Request erasure ("right to be forgotten")
  • Restrict processing
  • Object to processing
  • Data portability (if applicable)
  • Withdraw consent at any time

Requests should be made in writing to the Data Controller and will be addressed within 30 days.

  1. Data Storage & Security

We take data security seriously.

  • Electronic data is stored in a secure, password-protected system
  • Paper records are stored in locked storage
  • Access is limited to those who need it (trustees, membership secretary, relevant volunteers)
  • Passwords are updated when roles change

Data is only retained as long as necessary. Membership data is typically removed within 12 months after leaving the society unless a legal obligation requires otherwise.

  1. Transfers Outside the UK or EEA

We do not transfer personal data outside the UK or EEA unless the destination has adequate protections in place (e.g. UK–US Data Bridge frameworks).

  1. Photography, Video, and Publicity

With your consent, WCS may use photos and video for:

  • Social media and website
  • Printed marketing materials
  • Historical records

You can opt in or out at any time. Consent is requested during member registration.

  1. Cookies & Website Tracking

Our website uses cookies to:

  • Improve functionality and user experience
  • Track anonymous usage analytics
  • Enable social media integration

You will be prompted to accept cookies when visiting our site. You can also disable cookies via your browser settings.

Types of Cookies We Use:

Cookie Type

Purpose

Necessary

Enables core website functionality

Performance

Tracks site performance (e.g. Google Analytics)

Functionality

Stores user preferences

Marketing

Only with explicit consent (e.g. Facebook Pixel)
  1. Safeguarding Policy (Summary)

WCS is committed to the safety and wellbeing of all members, including children and vulnerable adults.

  • All activities are designed to be inclusive and safe.
  • Relevant volunteers may be DBS checked as required.
  • We will report any safeguarding concerns to the appropriate authorities.

A full safeguarding policy is available upon request.

  1. Member-to-Member Contact

WCS facilitates communication between members with prior consent.

  • If a member requests another's contact details, the Membership Secretary will confirm consent before sharing.
  • We will never share sensitive information (e.g. health or financial data) between members.
  1. Direct Marketing

Marketing communications will only be sent to individuals who have opted in.

  • Every email includes an "unsubscribe" option.
  • We do not sell or share your data with third parties.
  1. Data Review & Updates

Members are expected to keep their information up to date by notifying the Membership Secretary of any changes.

We will conduct an annual data review to ensure accuracy.

  1. Terms of Website Use

By using our website, you agree to:

  • Use the site for lawful purposes
  • Not misuse, hack, or compromise site integrity
  • Respect intellectual property rights (all content belongs to WCS unless stated otherwise)
  • Accept cookies (where permitted)

WCS is not liable for the content of external websites linked to from our site.

  1. Data Controller Contact

Brenda Feast – Data Controller
Whitstable Choral Society

  1. Breach Reporting

Any suspected data breaches must be reported to the Data Controller immediately. WCS will follow the ICO’s guidelines and report serious breaches within 72 hours.

  1. Policy Review

This policy is reviewed annually by the Trustees. Significant changes will be communicated to members.