Privacy and Data Protection Notice
Armagh Pipers Club complies with all statutory obligations including those arising from the General Data Protection Regulation (GDPR). We are very careful about personal data, and especially about sensitive personal data. We do not ask for any information that we do not need, we keep your data secure, we don’t share it unless we have to, and we destroy it when we no longer need it. The data controller is the company secretary of the Club.
WHY AND HOW WE COLLECT, KEEP AND USE YOUR DATA
The Club uses its website and forms to collect from adult students, and from the parents/ guardians of minor students, some personal data that we need for the delivery of our education programme. This includes name, address, date of birth (of students under 18), email address (of parent/guardian, or adult student), phone number, and school attended. It may include some sensitive information that the Club needs to be aware of for health and safety reasons (e.g. allergies). The Club never asks for and does not knowingly hold any email addresses, phone numbers or other direct contact details for students under 18. Outside of classes, we will only communicate with minors through a parent or guardian.
We also collect limited personal data provided by customers and donors through our internet shop, or third-party payment services such as PayPal and Stripe, in order to process orders, payments, membership of the Club as a company limited by guarantee, and GiftAid claims. We do not keep, or have access to, your payment card or banking details.
We obtain CVs and contact information from our sessional tutors, and such other data on them and on other workers, visiting artists and volunteers as may be required for legal or administrative reasons. We record their banking details on our own banking service in order to make payments. When we do not expect to make future payments to anyone, their details will be deleted from our bank’s site.
Additionally, if you email us, write to us or contact us by social media or text message your name, address and contact information may be recorded by us.
If you use the contact form on our website, this arrives as an email in a password-protected inbox. Our website has an SSL certificate, so any personal information entered via the website is secure and private. Our emails arrive on a secure server maintained by a GDPR-compliant service, and are usually downloaded within a few days to local folders and deleted from the server.
Most personal data, such as student, tutor, customer and donor contact details, are held on a contacts database on a single password-protected computer in the Club office, with one password-protected weekly backup for key files, and one password-protected monthly backup copy of the full system on a portable drive, held off-site. The data is cleaned periodically, for example to remove dates of birth when a student turns 18; to remove email addresses that bounce; or to remove contact details of students who have left the Club.
There are other data files for specific purposes, for example recording payments to tutors, class attendance by students, and examination entries; these are also held on one computer and two backup drives, all password-protected. Personal data that is provided in writing (for example, student registration forms) is usually kept in paper files in a locked filing cabinet at least until the data has been transferred to the computer system. These paper files are shredded or burnt when no longer needed.
Very little personal data is published on the Club’s website or social media – this may include the names of concert performers, or first names of children appearing in photos.
Email addresses, but no other personal data, are uploaded to the Club’s password-protected account in a mass-email service called MailChimp, to allow the Club to send out general newsletters or specific information for groups, such as members of a particular class, tutors, or volunteers.
Within the Club, the company secretary (Ciarán Ó Maoláin) as controller of the data is the only person with routine daily access to it. The Director (Brian Vallely) and Director of Music (Eithne Vallely), and the Safeguarding Officers (Siobhan Scowcroft and Mary McCabe), have full access to student information. Tutors and other personnel have access only to information necessary to their specific areas of work. Contact between tutors and students will normally be through the Club’s office. Where Zoom classes or meetings are held, or groups created on WhatsApp or other technologies, this will as far as possible be managed through the office and with as much security as can be provided.
The Club does not sell, give away, or allow the use of your data by anyone else. If it is ever necessary to share any of your data with a third party, this will be done with your informed consent (e.g., in connection with routine Access NI safeguarding procedures for tutors).
Photographic and video images can be seen as personal data. All students (or parents of minor students) are asked to consent to the use for promotional purposes of images from Pipers Club events. If anyone does not want this, they can say so on signing up, or at the event in question.
RIGHT OF CONFIRMATION, ACCESS, RECTIFICATION AND DELETION
If you have questions about how your personal data is handled, or want to know what information we have about you, please contact the Club. There is no charge for this, and we will try to deal with any request quickly. If any of the information is wrong, you have the right to correct it, and if you don’t want us to remain in touch, you can ask us to delete your details. We will do this unless there is a legitimate reason for keeping the information.
If you have questions or comments about this policy, or any complaint or query relating to data, please contact us at firstname.lastname@example.org.