top of page

Crib Notes Choir Privacy Notice

Introduction

Crib Notes Choir is committed to respecting the privacy and confidentiality of all members, including both adults and children, and complies with the General Data Protection Regulation (GDPR). This policy outlines how the choir collects, stores, and shares personal information, ensuring that data is handled lawfully, fairly, and transparently.

​

Purpose of the Policy

The purpose of this policy is to:

  • Explain how personal information is shared within the choir and with external parties.

  • Ensure compliance with GDPR and other relevant data protection laws.

  • Outline the rights of choir members regarding their personal data.​

​

Scope

This policy applies to all choir members, staff, volunteers, and any third parties who may have access to personal information collected by the choir.

Crib Notes Choir will only collect personal data about you if you have contacted us via our email address cribnoteschoir@gmail.com, our website www.cribnoteschoir.co.uk, or booked tickets for taster sessions, workshops or events via our website or a 3rd party booking system.

​

Data Protection Principles

Crib Notes Choir adheres to the following GDPR principles:

  1. Lawfulness, fairness, and transparency: Data must be processed lawfully, fairly, and in a transparent manner.

  2. Purpose limitation: Data is collected for specified, explicit, and legitimate purposes.

  3. Data minimisation: Only the data that is necessary for the intended purposes is collected.

  4. Accuracy: Personal data must be accurate and, where necessary, kept up to date.

  5. Storage limitation: Data is retained only for as long as necessary.

  6. Integrity and confidentiality: Data must be processed securely to prevent unauthorised access, loss, or damage.

​

What Information Is Collected?

Crib Notes Choir may collect the following personal data:

  • Contact details: Name, address, phone number, email.

  • Medical information: Relevant health information for safety and safeguarding purposes.

  • Emergency contact details: For all members.

  • Performance-related data: Photos, videos, and recordings for choir promotion (subject to consent as outlined in the Choir Terms).

  • Payment information: For choir fees, subscriptions, merchandise, or event bookings.

  • Website user information: Including user journeys and cookie tracking. As a rule, cookies will make your browsing experience better. However, you may prefer to disable cookies on this site and on others. The most effective way to do this is to disable cookies in your browser. We suggest consulting the Help section of your browser or taking a look at the About Cookies website which offers guidance for all modern browsers. 

​​

Why Is Information Collected?

Personal data is collected for the following purposes:

  • Communication: To keep members informed about choir activities, events, and rehearsals.

  • Safeguarding: To ensure the safety and well-being of every member, especially children and vulnerable adults.

  • Legal compliance: To comply with health and safety regulations, child protection laws, and GDPR.

  • Marketing and promotion: With consent, as outlined in the Choir Terms and ticket information for any public workshops and events, to use photos, videos, or recordings for publicity materials.

  • Membership management: To keep accurate records of choir membership and subscriptions.

Lawful Bases for Processing

The lawful bases for processing personal data under GDPR include:

  • Consent: Where specific permission has been granted for particular uses of data (e.g., photos, videos).

  • Contractual necessity: Where processing is required for choir membership or event participation.

  • Legal obligation: To comply with laws (e.g., safeguarding and child protection).

  • Legitimate interest: Where processing is necessary for the operation of the choir and does not override individual rights.

  • Vital interest: Where someone’s physical or mental health or wellbeing is at urgent or serious risk. This includes an urgent need for life-sustaining food, water, clothing or shelter.

 

How Information Is Stored

  • Personal data is stored securely in physical or digital formats.

  • Digital data is protected using password-protected systems and encrypted storage where necessary.

  • Access to personal data is restricted to authorised personnel only, such as the Safeguarding Officer, choir administrators, and relevant staff.

​​

Information Sharing

Internal Sharing:

  • Personal information will only be shared with authorised choir staff and volunteers who require it to carry out their responsibilities.

  • Medical information will be shared with relevant staff members only for safeguarding purposes during rehearsals, performances, or choir trips.

​

External Sharing:

  • Personal information may be shared with third parties only when necessary, such as:

    • Emergency services in the event of an incident.

    • Regulatory authorities if legally required (e.g., in the case of safeguarding concerns).

    • Service providers (e.g., venues, insurance companies) for operational purposes, but only if appropriate data-sharing agreements are in place.

  • Personal data will not be shared with third parties for marketing or promotional purposes without explicit consent.

​

Special Categories of Data:

  • Sensitive personal data, such as health information, will only be shared if absolutely necessary for safeguarding purposes or legal compliance, and always in line with GDPR requirements.

​​

Consent

For specific uses of personal data (e.g., taking photos, videos, or promotional materials), the choir will seek explicit consent (as outlined in the Choir Terms) from:

  • Parents or guardians for children under the age of 18.

  • Adults for their own data, especially vulnerable adults.

  • Consent can be withdrawn at any time by contacting the choir’s Data Protection Officer.

​

Data Retention

  • Personal data will only be retained for as long as necessary to fulfil the purposes for which it was collected or as required by law. 

  • For choir members this will be as long as the individual remains a member and up to 3 months after, to allow membership to be wound up.

  • For individuals who join the mailing list this will be until/unless they choose to unsubscribe, which they can do at any time.

  • For individuals who contact us with questions or who book taster, workshop and event tickets, this will be until the event has passed or the questions has been answered, and up to one month after. 

​

Retention Periods:

  • Contact information: Kept for the duration of choir membership.

  • Medical information: Kept for the duration of participation in choir activities and deleted afterward.

  • Photos/videos: Retained for marketing purposes unless consent is withdrawn.

 

Breach Notification

In the event of a data breach that poses a risk to individual rights and freedoms, the choir will:

  • Notify the affected individuals without undue delay.

  • Report the breach to the relevant data protection authority (Information Commissioner’s Office in the UK) within 72 hours, if required.

 

Data Subject Rights

Under UK data protection law, we must have a “lawful basis” for collecting and using your personal information. There is a list of possible lawful bases in the UK GDPR. You can find out more about lawful bases on the ICO’s website https://ico.org.uk.

Which lawful basis we rely on may affect your data protection rights which are in brief set out below. You can find out more about your data protection rights and the exemptions which may apply on the ICO’s website:

If you make a request, we must respond to you without undue delay and in any event within one month, as required by GDPR.

​

How to Exercise Rights:

Members can exercise these rights by contacting the Crib Notes Choir Data Protection Officer:

​

How to complain

If you have any concerns about our use of your personal data, you can make a complaint to us using the contact details above..

If you remain unhappy with how we’ve used your data after raising a complaint with us, you can also complain to the ICO.

The ICO’s address:           

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline number: 0303 123 1113

Website: https://www.ico.org.uk/make-a-complaint

​

Review and Monitoring

This policy will be reviewed annually to ensure compliance with GDPR and any other relevant legislation. Any updates will be communicated to all choir members.

Last updated: November 2024

​

Contact Information

For any queries regarding this policy or data protection matters, please contact Crib Notes Choir at cribnoteschoir@gmail.com.

WHAT PEOPLE SAY

RS1_2544.jpg
RS1_2544.jpg

Júlia, Balham Club

Crib Notes was one of the highlights of my second maternity leave. It was quite impressive how we put together beautiful songs in such a short time. I felt cheery and refreshed after each session, even if the night before had been difficult… It was the perfect way to take care of myself; so important when you are taking care of a little one.

WhatsApp Image 2024-03-23 at 20.35.05.jpeg

Eve, Crystal Palace club

An absolute wellbeing boost. I can't think of a more wholesome, fulfilling, welcoming activity to do whilst on parental leave. What a fantastic environment to expose your babies to and I don't just mean the music. I'm sure they gain a lot from their parents doing something creative, physical and communal. I always feel welcome, and the songs stay with me for days, weeks and years in fact!

RS1_2321.jpg

Tali, Beckenham Club

It was so refreshing to find an activity that isn't your typical baby class, but that is as much for the mum as it is for the baby. Singing as part of a community in such an inclusive and supportive environment lifted me on the days that I felt totally depleted and sleep deprived - it has definitely been one of the highlights of my maternity leave!

Follow

  • Facebook
  • Twitter
  • LinkedIn

©2020 by My Site. Proudly created with Wix.com

bottom of page