INTRODUCTION
The Ulster Youth Orchestra (UYO) values everyone who engages with us by whatever means, and we do all we can fully to protect your privacy and to make sure the personal data you provide us is kept safe.
This Privacy Notice is designed to comply with the General Data Protection Regulation (GDPR) and is issued in the interests of transparency over how we use (“Process”) the Personal Data we collect.
This Privacy Notice explains what personal information we collect, how we use it and how to contact us if you have any concerns.
YOUR INFORMATION
What information we collect and why:
Type of information | Purpose | Legal basis of processing |
Member’s name, address, telephone number and email address (es) whilst a current member and for as long afterwards as it is in the organisation’s legitimate interest to do so. | Managing the member’s membership of the organisation | For the purposes of our legitimate interests in operating the organisation. |
Tutors and volunteers’ name, addresses, email addresses, phone numbers, relevant qualifications and experience | Managing instruction and welfare at the organisation | For the purposes of our legitimate interests in ensuring that we can contact those offering instruction and providing welfare support. |
Names, addresses, telephone and email addresses of all staff and board members | Managing the staff and board’s involvement and direction of the organisation | For the purposes of our legitimate interests in operating the organisation |
Names and ages of members | Managing the member’s membership of the organisation | For the purposes of our legitimate interests in operating the organisation. |
Emergency contact details | Contacting the next of kin in case of emergency | Protecting the member’s vital interests and those of their dependants. |
Date of birth / age related information | Managing membership categories which are age related | For the purposes of our legitimate interests in operating the organisation. |
Gender | Provision of adequate facilities for members | For the purposes of our legitimate interests in making sure that we can provide sufficient and suitable residential, rehearsal and concert facilities including bedrooms, dressing rooms and toilets. |
Photos of members | Putting on the organisations website and social media pages and using in press releases and for use on residential course by the welfare team. | Consent. We will seek member’s consent and the member may withdraw their consent at any time by contacting us by email or letter. |
Bank account details of the member or other person making payment to the organisation | Managing the members’ membership of the organisation and provision of services and events. | For the purposes of our legitimate interests in operating the organisation. |
Suppliers’ information eg billing and contact details | Entering into and managing arrangements with suppliers | For the purposes of our legitimate interests in operating the organisation. |
We collect personal information each time you deal with us, for example when you submit an application, make a donation, request materials or information, sign up for an event, provide comments, complete surveys, fill in a form online or otherwise provide your personal details.
Children and GDPR
Only children aged 13 or over are able to provide their own consent when offering an online service. This is the age proposed in the Data Protection Bill and is subject to Parliamentary approval.
When you visit our websites:
We collect non-personal data such as IP addresses, details of pages visited and files downloaded. Website usage information is collected using cookies (see the section on Cookies below). If you provide us with any personal data while using our websites we may use it to provide you with any information or services you have requested.
Information from social media
We may collect information that you make available on social media, for example, Twitter, Facebook and YouTube. You may wish to check their privacy policies to find out more about how they will process your data.
Information from third parties
We collect information from third parties such as fundraising sites like VirginMoney Giving, where you have agreed to support UYO and have given your consent. You may wish to check their privacy policy to find out more information on how they will process your data.
Other publicly available information
We may collect information from Companies House, Charity Commission and information published in articles, newspapers or blogs.
Sensitive Personal Data
Where you provide the information, we may collect Sensitive Personal Data, which includes your religious beliefs, or your physical or mental health.
WHAT DO WE DO WITH YOUR PERSONAL DATA?
We may use the personal data we collect to:
- Keep you up to date on news and stories about our work.
- Ask for financial and non-financial support, such as volunteering or participation in events.
- Process donations you give us, or to support your fundraising for us, including Gift Aid.
- Provide information or resources.
- Provide a personalised service, such as customised website content or personalised emails.
- Keep records of your relationship with us e.g. questions you have asked or suggestions or complaints you have made.
- Classify supporters by location.
- Analyse the personal information we collect about you and use publicly available information to aid our understanding of our supporters, understand the level of potential donations, profile supporters into categories and to help provide the right information at the right time to the right supporters.
- Conduct market research to aid our understanding of our supporters and their views.
We may use publicly available information such as newspaper articles, or information you have given permission to other organisations to share, to identify supporters and non supporters, including trustees, who have expressed an interest in giving major gifts or having a public profile with charities like UYO.
If you make a major gift to our work, and where you agree to such a relationship with us, you will be given a UYO contact who will discuss and agree with you any sensitivities you may have about the personal data we hold and the methods of contact suitable for you. We will do this at the earliest convenient opportunity. Where you do not wish to pursue such a relationship with us, we will not retain any additional publicly sourced personal data about you we have used for this purpose.
OUR LEGAL BASIS FOR HOLDING AND PROCESSING YOUR PERSONAL DATA
Legitimate interest: Contacting you
We may contact you by post or telephone where we have a legitimate interest to do so. For example, where you have made a donation to UYO, we may send you information about the work your donation is making possible or as a member of our Alumni we may contact you to let you know of relevant events we feel you may be interested in. Where you have previously asked us not to contact you in this way we will respect your contact preferences. You can change your preferences at any time or stop us processing your data by contacting us by telephone, post or email as shown in the section ‘Your rights and telling us when things change’ below.
Consent; Contacting you
We may contact you by email or text if you have given us your consent to do so. We will only communicate in accordance with your preferences and you are free to change your preferences at any time by contacting us by telephone, post or email as shown in the section ‘Your rights and telling us when things change’ below.
Applying for a job or volunteering with us
Where you provide personal data and sensitive personal data when applying for a job with us, such as the information on your CV we will process, store and disclose the personal data we collect to:
- Support the recruitment process.
- Enable you to submit your CV, apply online for jobs and to subscribe for alerts about job types of interest to you.
- Answer any questions you may have.
- Use third parties to provide services such as references, qualifications, criminal referencing, checking services, verification of information you have provided, health screening and psychometric evaluation or skills tests.
- Provide anonymised data to monitor compliance with our equal opportunities policy.
Where you provide personal or sensitive personal data, such as religious beliefs, dietary, mobility requirements or health information, to volunteer or travel on a trip with us we will store, process and disclose the personal information we collect to:
- Deliver the volunteering opportunity, including the disclosure of sensitive data, such as medical information, to our partner(s) where necessary to deliver a safe trip or event for all involved.
- Provide relevant information including fundraising materials and the volunteer role description.
- Provide the administration of these events or opportunities to serve.
- Monitor the quality of the volunteering opportunity or trip provided.
- Answer any questions or feedback you may have.
- Provide anonymised data to monitor compliance with our equal opportunities policy.
HOW AND WHERE WE STORE YOUR INFORMATION
How long?
We will keep your personal information only for as long as we consider it necessary to carry out each activity.
We have a data retention policy to implement this. We take account of legal obligations and accounting and tax considerations as well as considering what would be reasonable for the activity concerned.
For example, we will retain details of donations for 7 years to meet tax and accounting requirements, and we will retain any safeguarding records indefinitely. We will only hold sensitive medical personal information provided to participate on a course or trip until two years after the course or trip is completed.
Legacy income is an important source of income for our beneficiaries. We may keep data you provide indefinitely to carry out the administration of legacies and to communicate with the families of those leaving us legacies.
If you have any questions about our Data Retention Policy please contact our General Manager, Paula Klein, in writing at Ulster Youth Orchestra, Cathedral Quarter Managed Workspace, 109-113 Royal Avenue, Belfast BT1 1FF or by email at manager@uyo.org.uk
HOW SAFE IS THE PERSONAL INFORMATION WE HOLD?
We ensure that we have appropriate technical controls in place to protect all the personal data you provide. For example, we ensure that any online forms are encrypted to ensure they can only be read by people permitted to do so. Our network is robustly protected from unauthorized access and is routinely monitored.
We ensure that access to personal data is restricted only to those staff members or volunteers whose job roles require such access and that suitable training is provided for these staff members and volunteers.
We may make limited use from time to time of external companies to collect or process personal data on our behalf. When we do so, we carry out checks on these companies, put in place contracts to make sure our requirements are clear, and carry out periodic reviews. When we do use external companies, we remain responsible for the storing and processing of your personal data.
However, we need to remind you that despite all our efforts, the internet cannot be guaranteed to be 100% secure, and that you submit data at your own risk.
We will notify you promptly in the event of any breach of your personal data which might expose you to serious risk.
Credit / debit card security
We may use a third party to process donations or purchases using cards but will ask them to process your information in line with the GDPR and the Payment Card Industry Data Standard.
If you use your debit or credit to donate to us, purchase something or pay for audition or course fees, whether online, over the phone or by mail, we will process your information securely in accordance with the Payment Card Industry Standard. INSERT LINK
We do not store your debit or credit card details once your transaction has completed. All card details are securely destroyed once your donation or payment has completed.
We hold bank account details for the purpose of collecting direct debits in accordance with direct debit mandate rules.
Where we store your personal information
We use cloud-based systems to process data and therefore data may be processed outside of the European Economic Area (EEA). We adopt the Information Commissioners approved measures and therefore ensure that personal data is held in compliance with European data protection regulations. We take all reasonable steps to ensure that your data is stored and processed securely in accordance with this policy. By submitting your personal data you agree to this transfer, storing and processing of your information.
Should you travel overseas with us, we may share personal information with partners who deliver our work in overseas locations. For example, this may include sensitive personal data such as medical information. When we do so we will make you aware of the data being transferred and seek your consent to do so.
WHEN WE SHARE YOUR INFORMATION
We do not share or swap your information with any third person without your consent.We will never sell your personal data.
Legal duty
We may need to pass on information if required by law or by a regulatory body. For example, a Gift Aid audit by the HMRC, or if asked for details by a law enforcement agency.
Our service providers and third parties
Occasionally we may employ agents to carry out tasks on our behalf, such as fulfilling orders or processing donations. These agents are bound by contract to protect your data and we remain responsible for their actions.
We may provide third parties with general information about users of our site, but this information is both aggregate and anonymous. However, we may use IP address information to identify a user if we feel that there are or may be safety and/or security issues or to comply with legal requirements.
COOKIES
What are Cookies?
We collect data using cookies. A cookie is a text file that is sent from our website as soon as you visit the site. It is stored on your computer’s hard drive and helps us to identify your computer (not you) and collects information in an aggregate, anonymous way.
Cookies may be used to collect information about your visit to our website, for example, traffic data, location data, device information, the date and time of your visit and the pages that you visit.
The use of cookies is an industry standard for most major websites. You can find more information about cookies by following this link.
Ulster Youth Orchestra’s use of cookies on our websites
To enjoy our websites to the full, we recommend that you leave cookies turned on. If you turn off cookies then you may not be able to enter parts of the sites.
The cookie data that we collect we may use to:
- Customise the content on our website and to help to understand visitor’s current and future needs.
- Process any requests, applications or transactions you may make.
- Aid internal administration and analysis.
Managing cookies
Most browsers allow you to turn off the cookie function. To do this you can look at the help function on your browser.
Third party cookies
We use websites such as YouTube and Vimeo to embed videos and you may be sent cookies from these websites. We do not control the setting of these cookies, so we suggest you check the third party website for more information about their cookies and how to manage them.
The Ulster Youth Orchestra also uses third party suppliers such as Facebook, Twitter, and Google Analytics and these providers may use cookies. They may also use tracking pixels, which are commonly found in advertising to track the effectiveness of adverts. As some of these services may be based outside of the UK and the European Union, they may not fall under the jurisdiction of UK courts. If you are concerned about this you can change your cookie settings (see above) and can find more information about this here.
HOW WE TREAT CHILDREN AND VULNERABLE PERSONS
Aged under 13 years
We do not actively seek to collect children’s data. If at any time we create any materials which may lead to someone aged under 13 years providing their details, we make it clear that we will need their parent’s /guardian’s permission before giving us their personal information.
Supporters in vulnerable circumstances
We recognise the importance of identifying and supporting supporters in vulnerable circumstances. Staff who send or respond to supporter emails, mailings or calls are trained to be aware of, to identify signs of vulnerable circumstances and to deal with the supporter appropriately in accordance with our supporters in vulnerable circumstances policy.
Personal information will be recorded so that we may respond appropriately in future, for example by ceasing fundraising requests or no longer making calls.
YOUR RIGHTS AND TELLING US WHEN THINGS CHANGE
We fully recognise your right to have your data removed, to be forgotten, to opt out of communications or withdraw consent and to have a copy of your personal data. You also have the right to lodge a complaint with the Information Commissioner’s Office at https://ico.org.uk INSERT LINK
Preferences
You can change your preferences at any time about what you receive from us, including marketing and fundraising materials, or how we contact you, by mail, phone or email.
You can do so by:
Calling us on: 028 90278287
Email us on: manager@uyo.org.uk
Write to us at: Ulster Youth Orchestra, Cathedral Quarter Managed Workspace, 109-113 Royal Avenue, Belfast BT1 1FF
Updating your details
We do appreciate it if you keep your details up to date. You can do so in the same way as updating your preferences (above).
We may use Royal Mail’s Postcode Address File or other available sources to confirm data that you provide us with, where, for example, we are unsure of what you have completed on a form.
We will not use these sources to create data that you have chosen not to provide, for example, if you have left a telephone number blank; nor will we automatically update changes of address, we will normally only update your address when you tell us it’s changed. However, if you are a regular giver, continuing to give regularly, and items such as Ulster Youth Orchestra newsletters are returned to us, we may use external sources to update your address details so that we may update you on how you money has been spent through our news and stories.
Telling us to stop processing
You have the right to ask us to erase your personal data, to ask us to restrict our processing or to object to our processing of your personal data. You can do so at any time by writing to us at:
Ulster Youth Orchestra, Cathedral Quarter Managed Workspace, 109-113 Royal Avenue, Belfast BT1 1FF
ACCESS TO YOUR INFORMATION
You have the right to request details of the information we hold about you. To receive a copy of the personal information we hold please write to our General Manager at the address given below. We will respond within one month of receiving your letter.
For more information about your rights please visit the website of the Information Commissioner’s Office(https://ico.org.uk/for-the-public/personal-information/)
CHANGES TO ULSTER YOUTH ORCHESTRA’S PRIVACY & SECURITY POLICY
Changes to this Policy
This policy was last updated in May 2018. We may amend this policy from time to time to take account of changes to our processes or changes to data protection or other legislation. If we make any significant changes to this policy we will show this clearly on our website, in our publications or by writing to you directly. By continuing to use our website you will be deemed to have accepted these changes.
Feedback
We welcome feedback or questions on this policy or on any of our actions by
Calling us on: 028 9027 8287
Emailing us on: manager@uyo.org.uk
Writing to us at: Ulster Youth Orchestra, Cathedral Quarter Managed Workspace, 109-113 Royal Avenue, Belfast BT1 1FF