Scottish Sinfonia logo
"Scotland's most exciting orchestra"
Leader - Richard Gratwick Conductor - Neil Mantle, MBE

Scottish Sinfonia Privacy Policy

Version 1.00, 21 May 2018

Why do we need a privacy policy?

We have always had a privacy policy, which covered our general obligations under the Data Protection Act 1998 and the Privacy and Electronic Communications Regulations. However, new legislation — namely the General Data Protection Regulation (GDPR), which is applicable as of 25th May 2018 — requires us to provide much more detail than before, and places particular importance on consent to receive email communications.

In order to comply with the GDPR, we need to make a clear statement about what personal data we collect, how we store it, and how we use it. Even using a simple list of email addresses comes under the scope of the GDPR (unless it is for strictly domestic use, which running an orchestra obviously is not).

Who are we?

What exactly is Scottish Sinfonia anyway? We are an amateur orchestra, which is organised by the conductor, assisted by a team of volunteer helpers. Legally speaking, Scottish Sinfonia is not a "legal entity": it is not a company, nor a charity, nor any other kind of incorporated organisation.

That means that any personal data held by Scottish Sinfonia is actually held by one of our team of volunteer helpers. The good news is that — as private individuals — we all value our privacy and recognise the need to safeguard our own personal data. Likewise, we will always treat other people's personal data with the same respect and care.

The GDPR applies to individuals as well as to companies, and so all of our helpers are obliged to comply with its requirements, as explained below.

You can contact us via email:
webmaster@scottishsinfonia.org.uk

What personal data do we keep, and why?

We keep very little personal data. What we do keep is for two purposes: to enable the administration and organisation of the orchestra, and to publicise the orchestra's concerts. We do not hold any personal data which the GDPR would class as "sensitive", and we do not hold any personal financial information (e.g. bank account or credit card details). What data we do hold, and how we use it, is described in the following sections.

Data kept for administration and organisation

In order to organise the group of players required for each concert, we keep lists of names, email addresses and telephone numbers of players who have played with us previously, and of players who have written to us to express an interest in playing in the orchestra.

If you send us an email to enquire about playing in the orchestra, you should reasonably expect that we will circulate your email: for example, to the conductor, to the leader or a section principal, and to the wind or string section secretaries (who keep lists of players and potential players). Once your name is "on the list", you may expect to receive emails asking if you are available to play in particular concerts; we may also use telephone or text messages, particularly if we need to contact players urgently.

We organise the orchestra using email, phone calls and texts, so we assume that you are happy with this. If you don't want to receive emails, phone calls or texts from us, then the people who organise the players can't invite you to play! Under the terms of the GDPR, it is in our "legitimate interests" to keep lists of players, and to contact players as required in order to organise our concerts.

Data kept to publicise the orchestra's concerts

We run two mailing lists: one using email, and one using postal mail. Since the mailing list data is used for marketing our concerts, it clearly falls within the scope of the GPDR, and we can only send marketing information to individuals who can given their consent for this.

The Email Mailing List

One of the new provisions of the GDPR is that anyone on our email mailing list must give their consent to receive marketing emails, and we must keep a record of that consent. We have always complied with the first condition (since our mailing list uses an automated double opt-in system), but we didn't keep a record of who opted in, and when. As a consequence, we have had to renew our mailing list by sending out an invitation to re-subscribe. This enables us to keep the legally-required record of consent.

When you subscribe to our electronic mailing list, our mailing list service provider (MailChimp) creates and keeps a record containing the email address which you used when you subscribed, and the date when you subscribed; this enables us to produce "evidence of consent", if anyone ever asks. (You can read about MailChimps's GDPR Privacy Policy here). MailChimp's automated system records when newsletters have been read, and also records if emails cannot be delivered. This is useful, because sometimes people change their email address, and there is no point in sending to an address that no longer exists. (If you do change your email address, you can just resubscribe on our website.) We do not hold any other personal information, not even your name (because we don't ask you for it). This means that any risk arising from unauthorised disclosure of this email mailing list is very low.

We will never sell or pass on your email address to anyone else. We will never send or forward emails from other organisations to you via this mailing list.

The GDPR gives you the "right to be forgotten". If you unsubscribe from the electronic mailing list, then your email address will be automatically (and permanently) deleted, and we will then have no record that you were ever on that mailing list. If we ever stop running the mailing list, then all data will be deleted.

The Postal Mailing List

You can sign up to the postal mailing list by completing a form which is available at our concerts. That form becomes our record of consent, and we will hold it (securely) for as long as you remain subscribed.

We will never sell or pass on your name and postal address to anyone else. We will never send or forward mail from other organisations to you via this postal list.

If you decide to unsubscribe, or if we ever stop running the postal mailing list, then the form and any other records of your name and address will be destroyed.

If you no longer wish to receive the postal newsletter, please tick the appropriate box at the foot of the newsletter, and send it to the address printed on the newsletter.

Things that we don't do

We don't collect personal data from visitors who just browse this website (unless you choose to subscribe to our electronic newsletter), and we don't store cookies on your computer.

We sometimes receive emails saying something like: "We are running a music course in a lovely house in the country. Please send the enclosed leaflet to all your members." Well, we can't, and we won't. Our players have not given their consent to receive other people's marketing information, and so forwarding such emails would be a breach of the GDPR. Likewise, we won't forward any such emails to our mailing list subscribers.

We sometimes receive emails saying something like: "We are putting on a concert and we don't have enough string players - can you please ask all your members if they would be interested in playing?" This seems to be a grey area; however, our members have not given their consent to receive other people's emails via us, so I don't think we can do that either.

Things that our volunteer helpers have to do

As we said earlier, personal data held by Scottish Sinfonia is actually held by our team of helpers, who therefore have to abide by this privacy policy. That means that they must personally take care not to do any of the things which we have said that we won't do. They must also take reasonable care to protect the personal data which they hold: for example, by ensuring that personal devices such as computers, tablets and phones are password protected, and by ensuring that email accounts are password protected.


© copyright 2024 Scottish Sinfonia. We don't use cookies