Nottinghamshire Pipes and Drums (NP&D) Privacy Policy
December 2021
Nottinghamshire Pipes and Drums (NP&D) is a not for profit association committed to safeguarding the privacy of persons for whom we process personal data. In this policy we explain how we will treat personal data processed by us, in accordance with UK data protection legislation, and in accordance with the General Data Protection Regulation (‘GDPR’). This Policy is available to members, general members of the public and third parties on our website:
http://www.nottspipeband.co.uk/
What is personal data?
Personal data includes any information relating to an identified or identifiable natural person (‘data subject’) who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Processing, for the purpose of this Privacy Notice, means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaption or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
By consenting to this Privacy Notice you are giving us permission to process your personal data specifically for the purposes identified within this Privacy Notice. You have a right to withdraw your consent to our processing your personal data at any time. The process is outlined the process for such a withdrawal within this Privacy Notice.
Processing personal data.
We will only process such personal data which is adequate, relevant and limited to what is necessary for processing. NP&D collects personal data that is necessary for the purposes of its legitimate interests in organising and participating in the normal day to day activities of the association, membership records, subscriptions, uniform issue and return, tuition and NP&D engagements and ancillary purposes. For some data, such as that relating to financial matters, the basis for its collection and retention is to comply with our legal obligations. The data we routinely collect includes members’ names, addresses, telephone numbers, e-mail addresses, next of kin and email addresses. We collect this data directly from our members when they join the band. We may have additional information on some of our members such as committee memberships and discipline responsibilities. If you would like to see the basic membership data we hold about you, you should contact the Band Secretary. Please see the end of this document for contact information.
We may intentionally or unintentionally process the following kinds of personal data from your visit to our website:
• Information about your computer and about your visits to and use of our website including your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths;
• Information that you provide to us when using the services on our website, or that is generated in the course of the use of those services (including the timing, frequency and pattern of service use).
• Information contained in or relating to any communication that you send to us or send through our website, including the communication content and metadata associated with the communication;
• Information needed for the administration of our website and business;
• Information that enables your use of the services available on our website;
• Information necessary so as send you email notifications that you have specifically requested;
• Information necessary so as to send you our email newsletter, if we produce one and you have requested it;
• Information required so as deal with enquiries and complaints made by or about you relating to our website;
• Information required so as to keep our website secure and to prevent fraud;
• Information required so as to verify compliance with the terms and conditions governing the use of our website (including monitoring private messages sent through our ‘Contact Us’ page on our website); and any other personal information that you choose to send to us.
• Before you disclose to us the personal information of another person, you must obtain that person’s consent to both the disclosure and the processing of that personal information in accordance with this policy.
In the event that we need to obtain special personal data from you, we will always tell you why and how the information will be used.
We will process personal data for the following lawful purposes:
• The legitimate interests of our organisation. These include, but are not limited to the administration of our organisation, debt recovery and processing accounts;
• In the public interest or as a public authority;
• For the performance of a contract or to enter into pre-contractual negotiations;
• In order to ensure compliance with a legal obligation placed on us;
• In order to protect the vital interests of either yourself or another person; and/or for other reasons with your consent, which can be withdrawn at any time.
Disclosing personal data
We may disclose your personal data to any of our officers, insurers, professional advisers, agents, suppliers or subcontractors insofar as reasonably necessary for the purposes set out in this policy.
We may disclose your personal data obtained from you visiting our website to our agents, in so far as is reasonably necessary for the purposes set out in this policy.
We will not, without your express consent, supply your personal data to any third party for the purpose of their or any other third party’s marketing.
Any third party with whom we share your personal data are obliged to keep your details securely and when no longer needed, to dispose of them in accordance with our approved procedures.
In the unlikely event that we hold special personal data, we may wish to pass your special personal data on to a third party, we will only do so once we have obtained your explicit consent unless we are required to not obtain such consent by law.
We may disclose your personal data:
• To the extent that we are required to do so by law;
• In connection with any ongoing or prospective legal proceedings;
• In order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk);
• To the purchaser (or prospective purchaser) of any business, asset that we are (or are contemplating) selling.
Except as provided in this policy, we will not provide your personal data to third parties without first obtaining your consent.
Retention of personal data
Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes. Unless we advise you otherwise, we will retain your personal data for:
• No more than 28 days after your application for membership of the NP&D has been rejected or 28 days after you terminate your membership of the Band or no later than 28 days after all band property or monies owing to the band have been returned or paid as appropriate.
• For all other purposes we determine retention periods for personal data based on legal requirements and best practice and in any event will not exceed 6 years.
Security of Personal Information
We will take reasonable and proportionate technical and organisational precautions to prevent the loss, misuse or alteration of your personal information. Please bear in mind and acknowledge that the transmission of information over the internet is inherently insecure, and we cannot guarantee the security of data sent over the internet.
Amendments to this policy
We may update this policy from time to time and as required by law. The most up to date version will be published on our website. You should check this page occasionally to ensure you are happy with any changes to this policy. We may notify you of changes to this policy, by email, post or on our website.
Your rights as the data subject
You have the following rights regarding the personal data which we hold about you:
• Right of access – you have the right to request a copy of the information that we hold about you. This is known as a ‘Subject Access Request’. You can contact us with a “Subject Access Request” if you want to ask us to provide you with any other information we hold about you. If you are interested in any particular aspects, specifying them will help us to provide you with what you need quickly and efficiently. We are required to provide this to you within one month. There is not usually a fee for this, though we can charge a reasonable fee based on the administrative cost of providing the information if a request is manifestly unfounded or excessive, or for requests for further copies of the same information;
• Right of rectification – you have a right to correct personal data that we hold about you that you think is inaccurate or incomplete;
• Right to be forgotten – in certain circumstances you can ask for the personal data which we hold about you to be erased from our records;
• Right to restriction of processing – in certain circumstances you have a right to restrict the processing of personal data;
• Right of portability – you have a right to have the personal data we hold about you transferred to another organisation;
• Right to object – you have the right to object to certain types of processing, such as direct marketing; and
• Right to object to automated processing, including profiling – you have the right to be subject to the legal effects of automated processing or profiling.
• You have a right to object to the use of any image including video in which you are identifiable.
Complaints procedure and entitlement to redress
• In the event that we refuse your request under rights of access, we will provide you with written explanation where possible.
• If you wish to make a complaint about how your personal data is being processed by us, or any third party on our behalf, we would be grateful if you would in the first instance contact the band Secretary using the details provided on our website.
• You have the right to complain directly to the Information Commissioner’s Office or seek other legal remedies.
Third party websites
Our website may include hyperlinks to, and details of, third party websites. We have no control over, and are not responsible for, the privacy policies and practices of third parties’ websites.
Keeping personal data up to date
Please be aware that you are responsible for letting us know if the personal data that we hold about you needs to be corrected or updated.
About us:
Under the GDPR (General Data Protection Regulation) we do not have a statutory requirement to have a Data Protection Officer, and as such we have opted not to appoint one. The person who is responsible for ensuring NP&D discharges its obligations under the GDPR is the incumbent Chair, or, if that post is vacant the Band Secretary of the NP&D.
Contacting the band and its members
Our contact details are contained at the following website address:
