The Friends of St Mary's Perivale
Privacy Policy Statement (page 5 of 5)

B. Means of storage  

27. We store Personal Data:  
•  on the Mailchimp software for the purpose of sending e-mails to our potential audience. The system is accessible only by our Chairman and is password protected;
•  on the ‘text local' text Messaging Service, which is password protected. Once entered on that system, we retain no information in either hardcopy or electronic form, then only having access to a list of unattributed telephone numbers;
•  in Word and Excel documents on the computer hard drives of our Data Controller and Data Processors, accessible only through a password. (Our Membership Secretary, who holds much of the information, is instituting a double password access);
•  certain data (mainly of a concert reporting nature or at a more aggregate/analytical nature) in Word and Excel documents on the computer hard drives of other members of our ExCom, accessible only through a password;
•  certain paper data (including Bank statement copies) in card files, box files, cash books;
•  Gift Aid information (name, address, Membership reference and GA numbers, amount donated and GA claimed per concert and for the FY) on a ‘Donations Co-Ordinator' software package that is password protected and encrypted;
•  in the data systems of the CAF Bank and Lloyds Bank;
•  concert video recordings and non-concert recordings, on Dropbox (under three folders in the name of Dr Hugh Mather, each password protected and encrypted with a strong cipher, and with access rights given to only four ExCom members involved in the recording process);
•  concert video recordings approved by the respective musician, on our YouTube channel (accessible by anyone worldwide);
•  concert photos and a very brief commentary, on our Facebook and Twitter pages (accessible by anyone worldwide) ;  
•  other information we have placed in the public domain on our website, on the servers of our website host (Tsohost, based in the UK). We do not use cookies.

28. Where the above Personal Data is stored on the personal home computers/laptops of the ExCom members and Trustees of ‘The Friends of St Mary's Perivale', sensible practical arrangements are in place to safeguard such equipment and data (as for all our other personal domestic possessions and information).

29. Where the above are Third Party organisations, ‘The Friends of St Mary's Perivale' does not have detailed information on where or how the data is held and those Third Party organisations are themselves responsible for meeting the relevant regulatory requirements.  

C. Period of Storage  

30. Contact details stored for the purpose of sending out information on our concerts will be stored as long as ‘The Friends of St Mary's Perivale' continues, or as long as it appears to be useful, or until the contact requests its erasure, whichever is the sooner.   

31. Information relating to financial transactions and Gift Aid will be stored by us for as long as is required by the relevant regulations. For example, our annotated Gift Aid envelopes are stored in boxes for six years, whereas the names of those who have ever signed up for GA are stored indefinitely and cannot be erased.

32. Information of a more general nature - such as that about individual concert programmes and attendance numbers, annual Membership lists, our summaries of the anonymised biennial Questionnaire Surveys, technical reports and other items of historic interest - will be stored indefinitely, or until such time as they are deemed by us to be of no further interest.

33. Video recordings are being held indefinitely since they may be of long-term interest to our musicians and, if published on our YouTube channel, to our Members and the general public worldwide.

34. Photographs of concerts are usually deleted from our cameras and mobile phones as soon as the relevant Facebook and Twitter post has been made.

35. Ad hoc written information (such as letters of appreciation received) is kept for a short period and usually shredded once the content has been noted by our ExCom.

D. Backups and Deletions  

36. In order to protect the integrity of our stored electronic data, we make periodic back-ups and we retain sets of backed-up data in case the data is corrupted by a virus that lies dormant for months or years before spreading. Such a virus could cause us very considerable problems. In practice back-ups are hardly ever used but are a wise precaution. Data held on-line by the Third Party Data Processors will also probably be held as many separate successive backups.  Dropbox, for example, saves the history of all deleted and previous file versions and allows a period of up to 120 days for that data to be recovered.

37. If we receive a request for erasure, it will not be practicable for us to work through all the back-ups erasing data but we will erase the data from the current record and record that erasure so that if we need to use backed-up data we can erase the relevant items from the backed-up data when we start to use it.  

Complaints  

38. If you have any concerns about the way in which we process personal information, please address your concerns to our Data Controller, Dr Hugh Mather (see para 5 above), who will do his best to resolve your concern.  

39. You are also entitled to make a complaint to the Office of the Information Commissioner (https://www.ico.org.uk/concerns/), but we hope that you will contact us first about any concerns and we will do our best to resolve them. We will send you copies of the information that we hold about you if you request it and we will correct and update that information as necessary. We aim to treat you with courtesy and respect.

PREVIOUS PAGE.......................................................................................................................NEXT PAGE

Events