The National Youth Brass Band of Great Britain Data Protection Privacy Notice (NYBBGB-001-3) Client Information

Our Privacy Notice: Keeping Your Personal Data Safe

The National Youth Brass Band of Great Britain (NYBBGB) is the UK’s leading brass band charity for children and young people. We exist to give the brightest young brass musicians and percussionists the opportunity to play together and inspire others. We currently run two brass bands – the Children’s Brass Band and the Youth Brass Band. We are a registered charity, number 1085724.

Our Privacy Policy: The National Youth Brass Band of Great Britain (NYBBGB) is committed to keeping an individual’s personal details safe. This policy explains what personal information we collect and how we use it.  We respect the privacy of everyone who interacts with the NYBBGB and ensure that all data is collected and processed lawfully. We will never sell your personal data.

1) Taking part in the National Youth Brass Band of Great Britain.

When you (or your child) becomes a member of the NYBBGB or participates in one of our events, we will use your information to provide you with services that you have requested, for example booking an audition, course or other activity. When you book a place to take part in an NYBBGB activity we will take information about the participant including name, contact information, date of birth, educational and musical background, in order to process the booking. We will also take contact and payment information for the person managing the booking, which may be the participant if they are over 18 or the parent or guardian for children.

We process this data to plan and deliver the activity you have booked and to undertake any follow up action required (e.g. confirming a place, issuing receipts etc). We also maintain these records for the duration of participation and update them as someone progresses through the organisation. This may include information about their education, musical history, attendance at our events, instrument and feedback from our staff about musical performance or pastoral issues. Funding requirements and financial regulations require that we keep information about participation and payments for seven years.

For bookings on courses or activities we may need to process other information, such as medical information (see Sensitive Information below), dietary requirements, or other information to ensure the smooth running of the activity. We also collect equal opportunities monitoring information which we share (anonymised) with our main funder, Arts Council England. This includes information about protected characteristics (e.g. disability, ethnicity, sex etc).

We also collect information about a member’s financial status / household income which we use to make decisions about awarding financial assistance to participants. This information is deleted at the end of the membership year it relates to.

From time to time, we may also receive data about you from third parties. This could include artistic venues where you have seen NYBBGB perform, Music Education Hubs, schools and other music education organisations.

We will use your personal information where we need to do so to comply with one of our legal or regulatory obligations. For example, in some cases we may need to share your information with our various regulators such as the Charity Commission, Fundraising Regulator, Information Commissioner, or to use information we collect about you for due diligence or ethical screening purposes. We will never share your data with any third party for their own marketing or fundraising purposes.

2) Managing alumni data and keeping in touch

When a member leaves NYBBGB and becomes an alumna / alumnus and a record of their contact details and band participation is kept. Alumni often wish to keep in touch, and we wish to secure their ongoing support.

We seek consent to keep in touch about alumni opportunities including attending events, volunteering and sharing marketing and fundraising communications. We retain basic information about participants in NYBBGB activities indefinitely for statistical and archival purposes. Sensitive information about individual participants (including health and welfare information and data relating to financial need) is only retained whilst the individual is actively involved in NYBBGB activities and for up to one year after their last interaction.

3) Children’s information and Safeguarding

We process information about participants who are under the age of 18 in order to conduct or supply the services for which you have registered. We only process this information with the consent of a parent or guardian, and require them to be the main contact for provision of services to their child.

When collecting personal information such as photographs and filmed recordings of participants, this is done by NYBBGB staff or external contractors who have been subject to appropriate safeguarding checks, for example DBS checks. Where we take photos and video recordings to be used for sharing, marketing and media purposes these recordings may then be subsequently released digitally for example via our YouTube channel and Facebook page. We will always secure media consents for participation in courses and activities (from the parents or guardians of members under the age of 18), and will never identify individual members participating in activities without consent.

We take our safeguarding responsibilities seriously. In the course of discharging these responsibilities we may collect and store personal information about children who are participants in our activities, where a child protection concern has been raised. In certain circumstances, we may be required to share this information with the relevant safeguarding authorities without the consent of the individual child or responsible adult. We will keep secure records of any child protection issues in accordance with our Child Protection policy.

4) Sensitive information

As part of our activity planning processes, we may ask participants for sensitive information about any medical needs they may have. This information is required to ensure that we can provide access to our activities, and to make sure that participants are safeguarded while in our care. By supplying us with this information you are giving your consent for us to process it for this purpose.

As with all personal information we hold, sensitive information is held securely and restricted to those who need to use it. We will delete sensitive information when we no longer need it. We will use your personal information where it is necessary for us to protect life or health. For instance if there were to be a safeguarding issue which required us to contact people unexpectedly or share their information with emergency services.

5) Sharing marketing materials with you

As a customer, member or former member (alumnus/alumna) of NYBBGB, we may wish to tell you about changes in our services, or new services, events, offers and opportunities to support us that we think you will find of interest. If you wish to opt-out of receiving such communications you may do so at any time by contacting us using the details in the ‘Contact Us’ section above.

6) Donors to and Friends of the National Youth Brass Band of Great Britain.

We collect personal data from you in order to administer your donation and/or Friends subscription, which may involve:

  • Sending you your Friends welcome pack when you first join us
  • Processing your Direct Debit subscription payments, if you have set this donation process up with us
  • Claiming gift aid if your donation is eligible
  • Sending you your Friends renewal letter
  • Getting in touch should there be any issues about administering your subscription or processing your donation
  • Acknowledging receipt and thanking you for your donation

The ICO define the lawful basis for processing your data for these purposes as ‘contractual’.

If your subscription has ended, unless we hear from you directly, we will continue to send you information about our work. We will also collect additional personal data about you in order to get to know you better and contact you about our work in a timely and relevant way, to suit you. We will use this personal data to send you further information about our work that we think you will be interested in including: sending you a regular newsletter, relevant project or campaign updates, fundraising appeals that we feel you would like to hear about, events, Friends information, products, e-newsletters, feedback and other activities. From time to time, we may also use your personal data to ask for your opinion about our work.

This is in addition to administering your donation or membership and is defined as ‘direct marketing’ by the ICO. We use two different lawful bases for processing your data for ‘direct marketing’ purposes:

Legitimate interest: This is where we have identified a genuine and legitimate reason for contacting you, which does not override your rights or interests. We use legitimate interest to send you the information listed above by post or telephone (if you are not registered with the Telephone Preference Service, and you have given us your telephone number).

Opt-in consent: This is where you have given us express permission to contact you by particular communication channels such as email, text message (SMS) or telephone (if you are registered with the Telephone Preference Service)

We respect your right to update the way we get in touch with you about our work at any time.

To administer your donation and/or subscription, we will collect personal data from you that includes your name, address, email, phone number and bank details. Most of the time, we collect this data from you directly. This may be online, in person, over the telephone, in writing or through an email. Occasionally we obtain information, such as your telephone number or other contact details, from external sources (only where you have given permission for such information to be shared).

We may also collect information about you that helps us to get to know you better, including:

  • records of donations you’ve made towards fundraising appeals
  • your preferences of how you would like us to contact you
  • ways you’ve helped us through volunteering your time
  • records of events you’ve attended, or activities that you’ve been involved in
  • your opinion on our work or future activity

Once again, most of the time we collect this data from you directly. Sometimes we may collect information about your gender, age or ethnicity to help us monitor how inclusive we are across our community. We will only do so with your specific consent. In these situations, we collect the data from you directly and will be very clear about why and how we intend to use this information.

The majority of the personal data processing we undertake is carried out by our staff. For the purposes of IT hosting and maintenance this information is located on Gmail and GDrive which is hosted by Google worldwide. We do, however, transfer some data to third parties eg financial data to our bank for processing. We have data protection procedures in place to oversee the effective and secure processing of your personal data. Personal electronic data is held in databases stored on secure cloud-based systems and we control who has access to information (using both physical and electronic means). Our staff receive data protection training and we have a set of detailed data protection procedures which personnel are required to follow when handling personal data.

Payment security: All electronic NYBBGB forms that request financial data will use the Secure Sockets Layer (SSL) protocol to encrypt the data between your browser and our servers. If you use a credit card to purchase a membership or make a donation we do not see or have access to your card details. Instead, your details are passed (encrypted) directly for processing to one of our secure payment providers, PayPal or Stripe.

We will use your personal information where we need to do so to comply with one of our legal or regulatory obligations. For example, in some cases we may need to share your information with our various regulators such as the Charity Commission, Fundraising Regulator, Information Commissioner, or to use information we collect about you for due diligence or ethical screening purposes.

We will only use and store information for as long as it required for the purposes it was collected for. We continually review what information we hold, and delete what is no longer required. Please contact us if you wish us to delete the personal data we hold about you. We will never share your data with any third party for their own marketing or fundraising purposes.

7) Subscribing to our mailing list

If you have expressed an interest in finding out more about our work then we will collect personal data from you in order to regularly communicate with you about our work.  We may also collect personal data about you in order to get to know you better and contact you in a more timely and relevant way, to suit you.

We will use this personal data to send you further information about our work that we think you will be interested in including emailing you about: projects, fundraising appeals, events, Friends of the NYBBGB, products, feedback, and other activities.  This will often be in the form of our regular e-news updates.  From time to time, we may also use your personal data to ask for your opinion about our work.

This is defined as ‘direct marketing’ by the ICO. We use two different lawful bases for processing your data for ‘direct marketing’ purposes:

Legitimate interest: This is where we have identified a genuine and legitimate reason for contacting you, which does not override your rights or interests. We use legitimate interest to send you the information listed above by post or telephone (if you are not registered with the Telephone Preference Service, and you have given us your telephone number).

Opt-in consent: This is where you have given us express permission to contact you by particular communication channels such as email, text message (SMS) or telephone (if you are registered with the Telephone Preference Service)

We respect your right to update the way we get in touch with you about our work at any time.

To communicate with you, we will collect personal data from you that includes your name, address, email and phone number. Most of the time, we collect this data from you directly. This may be online, in person, over the telephone, in writing or through an email. Occasionally we obtain information, such as your telephone number or other contact details, from external sources (only where you have given permission for such information to be shared).

We may also collect information about you that helps us to get to know you better, including:

  • records of donations you’ve made towards fundraising appeals
  • your preferences of how you would like us to contact you
  • ways you’ve helped us through volunteering your time
  • records of events you’ve attended, or activities that you’ve been involved in
  • your opinion on our work or future activity

Once again, most of the time we collect this data from you directly. Sometimes we may collect information about your gender, age or ethnicity to help us monitor how inclusive we are across our community. We will only do so with your specific consent. In these situations, we collect the data from you directly and will be very clear about why and how we intend to use this information.

The majority of the personal data processing we undertake is carried out by our staff. For the purposes of IT hosting and maintenance this information is securely located on our GoogleDrive  which is hosted by Google worldwide. We do, however, transfer some data to third parties eg financial data to our bank for processing. We have data protection procedures in place to oversee the effective and secure processing of your personal data. Personal electronic data is held in databases stored on secure cloud-based systems and we control who has access to information (using both physical and electronic means). Our staff receive data protection training and we have a set of detailed data protection procedures which personnel are required to follow when handling personal data.

We will only use and store information for as long as it required for the purposes it was collected for. We continually review what information we hold, and delete what is no longer required. Please contact us if you wish us to delete the personal data we hold about you. We will never share your data with any third party for their own marketing or fundraising purposes.

8) Booking an event and buying online

We will collect your personal data to send you:

  • Items you have purchased from our online shop, including a payment for an activity
  • Information about events you have booked onto

The ICO define the lawful basis for processing your data for these purposes as ‘contractual’.

We will use this personal data to send you further information about our work that we think you will be interested in including emailing you about: projects, fundraising appeals, events, Friends of the NYBBGB, products, feedback, and other activities.  This will often be in the form of our regular e-news updates.  From time to time, we may also use your personal data to ask for your opinion about our work.

This is defined as ‘direct marketing’ by the ICO. We use two different lawful bases for processing your data for ‘direct marketing’ purposes:

Legitimate interest: This is where we have identified a genuine and legitimate reason for contacting you, which does not override your rights or interests. We use legitimate interest to send you the information listed above by post or telephone (if you are not registered with the Telephone Preference Service, and you have given us your telephone number).

Opt-in consent: This is where you have given us express permission to contact you by particular communication channels such as email, text message (SMS) or telephone (if you are registered with the Telephone Preference Service)

We respect your right to update the way we get in touch with you about our work at any time.

To administer your booking, we will collect personal data from you that includes your name, address, email, phone number and bank details. Most of the time, we collect this data from you directly. This may be online, in person, over the telephone, in writing or through an email. Occasionally we obtain information, such as your telephone number or other contact details, from external sources (only where you have given permission for such information to be shared). Your payment details for events and purchases will be collected using Stripe.

Payment security: All electronic NYBBGB forms that request financial data will use the Secure Sockets Layer (SSL) protocol to encrypt the data between your browser and our servers. If you use a credit card to purchase a membership or make a donation we do not see or have access to your card details. Instead, your details are passed (encrypted) directly for processing to one of our secure payment providers, PayPal or Stripe.

We may also collect information about you that helps us to get to know you better, including:

  • records of donations you’ve made towards fundraising appeals
  • your preferences of how you would like us to contact you
  • ways you’ve helped us through volunteering your time
  • records of events you’ve attended, or activities that you’ve been involved in
  • your opinion on our work or future activity

Once again, most of the time we collect this data from you directly. Sometimes we may collect information about your gender, age or ethnicity to help us monitor how inclusive we are across our community. We will only do so with your specific consent. In these situations, we collect the data from you directly and will be very clear about why and how we intend to use this information.

The majority of the personal data processing we undertake is carried out by our staff. For the purposes of IT hosting and maintenance this information is located on Gmail and GDrive which is hosted by Google worldwide. We do, however, transfer some data to third parties eg financial data to our bank for processing. We have data protection procedures in place to oversee the effective and secure processing of your personal data. Personal electronic data is held in databases stored on secure cloud-based systems and we control who has access to information (using both physical and electronic means). Our staff receive data protection training and we have a set of detailed data protection procedures which personnel are required to follow when handling personal data.

We will only use and store information for as long as it required for the purposes it was collected for. We continually review what information we hold, and delete what is no longer required. Please contact us if you wish us to delete the personal data we hold about you. We will never share your data with any third party for their own marketing or fundraising purposes.

What are your rights? Making a complaint

We respect your right to control your data: to be informed, access, correct, delete, restrict and use your own data.

If you wish to raise a complaint on how we have handled your personal data, you can contact our Data Protection Officer, Richard Milton  (using the contact details below) who will investigate further.

Telephone: 01223 737816
Email: richard.milton@nybbgb.org.uk

You also have the right to request a copy of the information we hold about you at any time. If at any point you believe the personal data we hold about you is incorrect, you can request to see this information and have it corrected or deleted.

If you would like a copy of some or all of your personal data then please contact us using the above detail. We will respond to your request within 28 days of receipt.

For further assistance with complaints regarding your data, please contact the Information Commissioner’s Office, whose remit covers the UK.
Telephone: 0303 123 1113
Email: casework@ico.org.uk