What is this guide for?
Whenever we need to collect any of your data, we will let you know at that point why we need to do so and what it will be used for, but this guide provides a useful overview of all those situations and provides more detail on how we keep your data secure and up to date, how long we might hold it for, and what your rights are in relation to it.
YMSO is committed to protecting your personal data and will use any personal or sensitive data we collect from you in line with the General Data Protection Regulations (GDPR).
Who’s responsible for data the group collects?
YMSO has a Data Controller under the GDPR. YMSO’s Data Protection Officer is Charlie Jones who can be contacted at email@example.com
What data do we collect and what do we use it for?
YMSO collects data from individuals to help us plan, organise and run the day-to-day operations of the group (e.g. co-ordinating rehearsals or collecting subscription payments) and to promote and market the group’s activities (e.g. marketing mailing lists and photography/video capture).
Members: for administering membership
When you join YMSO as a member, or during your membership with us, we may need to collect some of the following information on you:
Emergency contact details
This data will be used by committee members to manage your membership with YMSO and to organise and run our activities.
If you give us your consent to do so, we may also use your contact details to send you marketing/promotional communications from the group.
Any marketing/promotional communication we send you will include a clear option to withdraw your consent (e.g. to ‘opt out’ of future emails) and you can also withdraw consent at any point by contacting the Data Protection Officer – Charlie Jones.
Event attendees: for processing and managing tickets for events
Where our events are ticketed, we need to collect data on the person booking (name and email) to allow you access to the event and to send you a confirmation of your reservation/purchase. This data will only be used for administering your access to the event/s for which you have booked and will not be used to send you marketing/promotional messages from the group unless you have also provided your consent to receive these (see below).
Mailing list subscribers: for marketing and promotion
We offer everybody the opportunity to sign up (consent) to receive marketing and promotional information on the group’s activities (e.g. emails about forthcoming events).
We will only send you information that is related to the group (e.g. we will not use your data to send you marketing messages from 3rd parties).
Anything we send you will include a clear option to withdraw your consent (e.g. to ‘opt out’ of future emails) and you can also do so at any time by contacting the Data Protection Officer – Charlie Jones.
Do we share your data with anyone else?
We will never pass your details on to third parties for marketing purposes.
How can you update your data?
You can contact us at any time at firstname.lastname@example.org to update or correct the data we hold on you.
How long we will hold your data?
YMSO’s data retention policy is to review all data held on individuals at least every two years and remove data where we no longer have a legitimate reason to keep it.
Where you have withdrawn your consent for us to use your data for a particular purpose (e.g. unsubscribed from a mailing list) we may retain some of your data for up to two years in order to preserve a record of your consent having been withdrawn.