What is a privacy notice?
A Privacy Notice lets you know about how we use your data and your rights in accordance with it. This privacy notice explains how and why Music Beyond Mainstream collects your information, how it may be used and is managed.
Who are we?
Music Beyond Mainstream Ltd produces and promotes UK music tours and is a registered as an arts and culture charity (number 1141227). We are a registered company (number 5432853). All management and administration is currently delivered by our General Manager at Westbourne House, Station Road, Thirsk, YO7 1PZ. Our registered office is The Anvil, Churchill Way, Basingstoke, Hampshire, RG21 7QR.
If you have any questions about this notice or would like further information on the data we hold, please email firstname.lastname@example.org
What Personal Data do we process and what do we do with it?
Personal data is any data which may identify you, or be identified as relating to you such as your name, address, phone number and email address. You may provide personal data to us when you:
- Submit a contact form on our website.
- Contact us by phone or email.
- Work with us or partner with us to deliver a project or event.
- Attend one of our events.
We will only collect personal data that we need to allow us to conduct our activities , maintain our records and accounts and deliver the events and projects we undertake to deliver our charitable purposes.
If sign up to our mailing lists, make a donation, register for an event or use any of our services we will ask for your information where it is required and appropriate for the delivery of the service.
When we ask for your information, we will ask for your consent to use your information for other purposes, such as to help improve our products and services, send you marketing information or to provide your information to third parties. As a registered charity that is in receipt of funding, we may ask for other information that funders have asked us to collect. When we ask for your consent, you will always be informed about:
- What your information will be used for.
- How you can withdraw your consent.
- Any third parties your information may be shared with.
This is voluntary, and you are not obliged to provide any further information beyond what is appropriate and required for the delivery of a service.
Personal data may include names, postal or email addresses, phone numbers, photographs, project documentation, usernames, passwords, databases, financial information (i.e. bank account details for billing or integration of third party payment services), or other potentially sensitive information. In addition, we may record information about your visit to our website, such as pages viewed, length of visit and any search terms you use, in order to improve our website and offer a better user experience.
If you are contracted or employed to work with us, we will ask you for personal data, perhaps including ‘sensitive personal data’. Such data may include contact information, health information or information relating to criminal convictions. We have responsibilities which arise from our contract of employment with staff members, outlining data relating to payroll, bank details, addresses, sickness and absence. We also have statutory responsibilities imposed upon us by law relating to tax, national insurance, work permits and equal opportunities monitoring. When you work with us, you may be added to our accounting system. Directors of the Company and Trustees of the charity will also be required to provide information in line with current legislation.
How do we maintain confidentiality?
We will only use your personal data on relevant lawful grounds, as permitted by:
- EU General Data Protection Regulations (GDPR 2018)
- UK Data Protection Act (1998) and Privacy of Electronic Communication Regulations.
We will only request and require the minimum personal data provided needed to carry out our core activities. We do not use any system with uses automated decision making or profiling in respect of your personal data.
Everyone who works at or on behalf of Music Beyond Mainstream has a legal obligation to keep information about you confidential.
Sharing Personal Data
We don’t share your personal data without your explicit consent.
In order to carry out the running of our business day to day and fulfill the requirements of the projects we work on, we may sometimes need to disclose your data to other bodies or third party suppliers. These other bodies may include sub-contractors, partners, online service/systems suppliers, etc.
To the best of our abilities we assess our suppliers and partners to ensure they are GDPR compliant.
Your Rights Under GDPR
Where we are using your data under consent, you have the right to withdraw that consent at any time. You also have the right to ask us to stop using your personal data for marketing purposes. If you would like us to provide details of the information we hold for you, you can make a Subject Access Request by contacting us. There is no charge for making this request, although you will be asked to verify your identity. We will respond within 30 days of receiving your request and verifying your identity. Please contact our General Manager the first instance if you feel unhappy regarding any issues around the use of your personal data. Our contact information is:
Westbourne House, Station Road, Thirsk, Yo7 1PZ.
Retaining Personal Data
Marketing: Contact information.
Where you have given us consent to do so we will retain the information you have given us because you have expressed an interest in our events and activities. When we tell you about our events and activities we will always offer you the option to opt out and remove the information you have given to us. You can also contact us as described above at any time you would not like us to retain your information.
Administration: Emails, Correspondence, Project/Event Files, Financial Information, Employee and Contractor Information.
HMRC require email data and project files to be retained for 7 years. We may need to produce evidence or our work and activities.
Corporate Records: Information Required by Companies House.
Legislation requires this information to be retained permanently.
Should your data that we control be lost, stolen or otherwise breached, where this constitutes a high risk to your rights and freedoms, we will contact you without delay. We will give you the contact details of the person who is dealing with the breach, explain to you the nature of the breach and the steps we are taking to deal with it.
Should you wish to complain
Should you have any concerns regarding how we process your data, please first contact the General Manager email@example.com . If you are still unhappy following a review by a Director of Music Beyond Mainstream, you can contact the Information Commissioner’s Office (ICO) via their website (www.ico.org.uk).