www.sheringhamandcromerchoral.co.

uk
Registered Charity 281467

DATA PROTECTION POLICY

INTRODUCTION
This policy document is intended to demonstrate compliance with the Data Protection
Act 1988.
For the purposes of the Act, the Committee of Trustees is the Data Controller.
A record of Personal Data of all Members is maintained by the Trustees as required by
Clause 4 of the Constitution dated 28 January 2008. This data comprises a register of
names and addresses of Members. In addition, when volunteered by Members, a
record of telephone numbers and email addresses is maintained.
As a not-for-profit organisation which satisfies the published criteria for exemption
Sheringham and Cromer Choral Society is considered exempt from Notification to the
Information Commissioner.
DATA PROTECTION PRINCIPLES
a) All Personal data will be processed fairly and lawfully Members will be told who is
collecting the information, and the purposes for which the data is being collected.
b) All Personal data will be obtained for one or more specified and lawful purposes,
and will not be further processed in any manner incompatible with that/those
purpose(s).
c) Personal data recorded will be adequate, relevant and not excessive in relation to
the purpose for which it is processed.
d) Personal data will be accurate and, where necessary, kept up to date.
e) Personal data processed for any purpose(s) will not be kept for longer than is
necessary for that purpose.
f) Personal data will be processed in accordance with the rights of data subjects under
the Act, i.e.:
i) the right to have a copy of information held about them
ii) the right to take action for compensation
iii) the right to have inaccurate personal data corrected or erased

www.sheringhamandcromerchoral.co.uk
Registered Charity 281467

iv) the right to complain to the Information Commissioner

g) Appropriate technical and organisational measures will be taken against
unauthorised or unlawful processing of personal data, and against accidental loss or
destruction of, or damage to, personal data.
h) Without the express consent of the data subject, Personal data will not be
transferred to a country or territory outside the EuropeanEconomic Area (EEA) unless
that territory ensures an adequate level of protection for the rights and freedoms of
data subjects in relation to the processing of personal data.
COMPLIANCE / ACTIONS TO BE TAKEN BY THE TRUSTEES/MEMBERS
The Trustees will obtain permission to hold Members information wherever
possible
The Trustees will inform everyone about whom they hold information that they are
doing so, and the purposes for this, and to whom they might pass it, if anyone.
Members not wishing to receive information about the promotional activities of the
Society either by mail, email or telephone, must inform the Membership Secretary in
writing. The Trustees must make this change within 3 months of notification and
ideally within 28 days. Such notification will not prevent the Society from processing
data about such Members for legitimate purposes.
The Trustees will have in place systems to allow them to show the data they hold
for Members at their request. At their discretion the Trustees may levy an appropriate
charge to data subjects requesting a copy of all data held.
The Trustees will maintain systems which can be amended easily to comply with
requests of people whose records are held, and to be appropriately secure to store
sensitive data.
The Trustees will endeavour to have an appropriate understanding of data
protection issues and how they need to treat the data they may use for group activity
The Trustees will endeavour to keep up to date with changes in regulations and
advice around data protection compliancy.

The Trustees will take all reasonable steps to ensure information held is accurate
and up-to-date.

12 June 2013