Freckleton Band has a new GDPR policy which defines how we collect, manage and protect the personal data of its members and third parties. This document sets out the guidelines that need to be followed by all members when working with such data.

Definition

Personal Data is defined as in the General Data Protection Regulations, that is any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

For the purposes of this policy, this includes but is not limited to:

• Names
• Addresses
• Telephone numbers
• Email addresses
• Dates of birth
• Names of legal guardians
• Allergy or medical information

Statement of compliance

Freckleton Band shall gain consent from all individuals, or their legal guardians, before collecting and processing Personal Data. Such consent shall be recorded by the Chairman or appointed deputy.

How Personal Data may be used

Freckleton Band and its committee may use Personal Data for the following purposes:

• for the band committee to contact members of the senior and junior bands
• for the band committee to contact the legal guardians of players
• to allow the band Contest Secretary to register players for competitions
• for the band committee to provide contact details of members to other bands, where other bands ask for players who may be able to help at their engagements
• to ensure the band has the correct medical, first aid and fire safety training in place
• to contact members of the band’s Lotto scheme and those who have signed up to the band newsletter
• to contact third parties regarding potential concerts, contests or other engagements
• in minutes of committee meetings and band AGMs and EGMs

Protection of Personal Data

All Personal Data must be stored appropriately by the committee in either:

• hard copy format in a locked cabinet, with any keys controlled by the Chairman or appointed deputy
• electronic format, suitably encrypted and in a password protected document, except for email addresses, which may be stored in an email application

Personal Data must never be stored on an unprotected computer without a password.

Should a member of the committee store Personal Data and subsequently leave the committee, they must ensure a copy of such data is provided to the Chairman and then destroy their copy.

Any person may request deletion of their Personal Data. The Chairman shall ensure that all requests are enacted within 14 days of receiving the request.

All Personal Data shall be reviewed at least every six months and any data no longer required shall be destroyed.

Personal Data of any members under 18 shall never be provided to any external body or third party.

Ratified at committee meeting June 2018.