Privacy Policy for Lampeter Music Club/Clwb Cerdd Llambed


The event organiser, Lampeter Music Club/Clwb Cerdd Llambed, has the legal responsibility to tell ticket buyers and event attendees how their personal information will be collected and used. You can find their Privacy Policy below or contact them to request it.


LAMPETER MUSIC CLUB

Personal Data and Privacy Policy

Summary

This document explains how we handle data that we possess about individuals, in accordance with the Europe-wide General Data Protection Regulation (GDPR). It outlines the data we hold and how we use it. It explains how individuals may view the data we hold, should they wish, and how they may choose that it be deleted.

The GDPR has imposed a significant administrative burden for small voluntary charities. This is a work in progress. We have undertaken a validation exercise on our data in May 2018. When we are sure that our current data is clean and accurate, all previous data will be archived beyond use.

Introduction

Lampeter Music Club (LMC) is a charity that has been bringing live music to Lampeter and surrounding area since 1982. Activities of the club are organised around a subscription programme of six concerts of classical music by visiting professional musicians. Other events (concerts and social evenings) may be arranged at shorter notice throughout the year. All concerts are open both to club members and to the public.

Personal Data and Privacy

Personal data is any information relating to a living individual that may be directly or indirectly identifiable as applying to them.

To fulfil its function, LMC processes personal data which relates to our members, as well as non-members who have shown interest, and other business contacts.

LMC is committed to maintaining the appropriate confidentiality, integrity and security of the personal data that we process, by complying with both our legal and ethical obligations in respect of data protection and privacy.

This policy sets out the principles LMC applies when processing personal data, and outlines the operational aspects of our various data processing activities.

What Personal Data do we Collect?

We collect the following information that has been given us by individuals:

LMC Members

To enable LMC to serve and communicate with its members, LMC maintains a Members Database comprising the following information that has been provided by them, which may contain or imply personal data:

Personal/contact information: names, gender, contact and address details including landline and mobile phone numbers and email addresses

Payment information: such bank details as allow identification of electronic payments from or to members. When payments have been made, data will be held separately by our bankers.

The Members Database will include personal data of members who serve on the committee and are therefore trustees for the Charity Commission.

LMC Non-members

In some cases, individuals who have chosen not to become members have given contact details as above in order to receive notice of LMC activity.

Other contacts

In addition to the Members Database, LMC also maintains a separate database comprising information (including name, address, contact details and banking details) provided by individuals or from related organisations such as artists’ agents, and other contacts, whose details facilitate current or future possible activity.

Website visitors

When any user visits our website, we may also automatically collect certain limited information using cookies to distinguish that user from other users of our website. This helps us to provide a better experience when browsing our website and also allows us to improve our site. Information on the cookies we use and the purposes for which they are used as provided by Wix are detailed below.

Wix uses cookies for many important reasons, such as:

  • To provide a great experience for your visitors and customers.
  • To identify your registered members (users who registered to your site)
  • To monitor and analyse the performance, operation and effectiveness of Wix's platform.
  • To ensure our platform is secure and safe to use.

Types of Cookies

Cookies can be classified according to their type, duration and category.


Type:

  • First-party cookies: Cookies that Wix places on your site.
  • Third-party cookies: Cookies that are placed and used by third parties.


Duration:

  • Session (transient) cookies: These cookies are erased when site visitors close their browsers and are not used to collect information from their computers. They typically store information in the form of a session identification that does not personally identify the user.
  • Persistent (permanent or stored) cookies: These cookies are stored on a site visitor's hard drive until they expire (at a set expiration date) or until they are deleted. These cookies are used to collect identifying information about the user, such as web surfing behavior or user preferences for a specific site.


Category:

  • Strictly necessary cookies: These are the cookies that let your visitors browse through your site. They are also necessary for security reasons.
  • Functional cookies: These cookies "remember" registered visitors/customers in order to improve their user experience.

First-Party Cookies

Strictly Necessary

Cookie name

Duration

Purpose

ForceFlashSite

Session

When viewing a mobile site (old mobile under m.domain.com) it will force the server to display the non-mobile version and avoid redirecting to the mobile site

hs

Session

Security

smSession

Persistent (Two days or two weeks)

Identifies logged in site members

XSRF-TOKEN

Session

Security

Functionality

Cookie name

Duration

Purpose

svSession

Persistent (Two years)

Identifies unique visitors and tracks a visitor’s sessions on a site

SSR-caching

Session

Indicates how a site was rendered.

smSession

Persistent (Two weeks)

Identifies logged in site members

Third-Party Cookies

Functionality

Cookie name

Duration

Purpose

TS*

Session

Security

TS01*******

Session

Security

TSxxxxxxxx (where x is replaced with a random series of numbers and letters)

Session

Security

TSxxxxxxxx_d (where x is replaced with a random series of numbers and letters)

Session

Security

ALL DATA SUBJECTS

Correspondence: LMC will hold information relevant to any specific enquiries or business.

Other: LMC may keep any other information individuals may choose to provide to us and ask us to keep.

TICKETING AGENCY

Ticket orders are processed on our behalf by Ticket Tailor through our event ticket shop. Ticket Tailor has no direct relation with ticket buyers. They use similar essential cookies necessary for their function. If you have any questions about your tickets, our ticket shop, your order or otherwise relating to an event, please contact us, not Ticket Tailor. Likewise, if you would like us to amend or delete any of the personal data you have provided to us, please contact us, not Ticket Tailor.

What do we do with your Personal Data?

LMC Members

LMC will use the contact details supplied by members to provide them with information on the club’s activities, and notice of the Annual General Meeting.

Contact details may also be used to provide news and information about other similar local activities that may be of interest.

Members’ banking details are used to confirm any monies paid or make any payments due.

LMC non-members

LMC will use the contact details supplied by members to provide them with information on the club’s activities.

Contact details may also be used to provide news and information about other similar local activities that may be of interest.

Other Contacts

We use the contact details of individuals from related organisations, and other contacts in the ordinary course of conducting our charitable function in accordance with applicable law and regulations.

From time to time, we may contact members, non-members and other contacts to invite them to specific events relating to our function. We take care to only invite individuals to events that are relevant to, and likely to be of interest to those individuals.

What is the Legal Basis for LMC Data Processing?

By law, LMC may only process personal data where it has a legal justification or requirement to do so.

LMC processes personal data as described above because it is necessary for the performance of our membership contracts with our members and LMC would not be able to fulfil its function without processing personal data as described in this policy.

Your Rights in Relation to Personal Data

LMC is committed to fair and transparent processing and any individual requiring information as to where LMC originated his/her personal data (including any public sources) may contact LMC at any time.

Individuals whose personal data we process have certain rights in respect of that data, including:

Right to information and access

You have the right to request access to the information that we hold about you. We will not charge you for this.

On request, LMC will provide members with copies of their personal data in a convenient format (via electronic means or otherwise). Where technically feasible, LMC will also meet any member’s request to transfer their data to a third party.

Rectification, erasure, and restriction

You have the right to ask us to limit or cease processing or erase information we hold about you in certain circumstances. In responding to such requests, LMC will communicate to the individual concerned the predicted impact of such restrictions or deletions, for example, on LMC’s ability to respond to future correspondence.

LMC takes reasonable steps to ensure that the personal data it holds about you is accurate and up-to-date and we will comply with any requests to rectify any inaccurate data we may hold about you.

LMC relies on the accuracy of information provided by its members and will rectify any notified inaccuracies following a request by the individual concerned. Requests for access to information regarding personal or financial information should be made in writing to the secretary or website contact.

Right to object

You have the right to object to LMC using your information on the basis of its legitimate interests and the right to ask us not to process your personal data for marketing purposes, where relevant.

LMC is committed to respecting individuals’ rights. You may exercise your rights by contacting us using the details provided above and we will comply with your requests unless we have a lawful reason not to do so. LMC will endeavour to handle any requests within a short period and, in any event, within a month of the original request.

WHO MAY ACCESS YOUR DATA?

Members of the Committee of LMC may access all or part of the data in order to fulfil their roles as laid out in the Operating Rules, and otherwise to undertake any task agreed and recorded in the minutes of the committee. Except as outlined below, other access would only follow your express permission.

Might LMC Share your Personal Data?

LMC will only share personal data with third parties in the following circumstances, and subject to this same protection:

Service Providers and Suppliers

LMC might employ external IT consultants to provide support and development services in relation to LMC systems and databases. These consultants may from time to time need to access information which may contain personal data for the purposes of systems testing and development only.

Financial Reporting

The LMC auditors may also be given access to LMC systems for the purpose of the audit only.

General

In some circumstance, LMC may need to share your personal data where necessary with other third parties (including legal or other advisors, regulatory authorities, courts and government agencies) to enable us to enforce our legal rights, or to protect the rights, property or safety of our personnel or where such disclosure may be permitted or required by law.

We will require third parties to maintain appropriate security to protect information from unauthorised access or processing.

Data Security

LMC will take appropriate technical and organisational measures to protect the personal data we transmit, store or otherwise process against accidental or unlawful destruction, loss, alteration or unauthorized disclosure or access.

Information on paper membership application forms is transferred into electronic format and stored on a database which is password and firewall protected. The paper copies are shredded.

If any data file were shared by LMC with a third party it would be encrypted and password protected.

If you have reason to believe that your interaction with us is not secure, please notify us of the problem immediately by contacting us using the details below.

How Long Does LMC Retain Personal Data?

LMC will retain personal data so as to continue notification to individuals about future seasons’ activity that may interest them, for as long as we reasonably require the information for our lawful business purposes, or to comply with a statutory or other legal requirement. We will remove data if asked in writing by that person to remove the data. In the event that LMC ceases to function, all data will be archived beyond use after an appropriate administrative interval.

In view of the known instances of apparently deleted data remaining at hidden or unknown places we propose putting obsolete data at an encrypted site, that is no longer in use by the club and accessible only to the LMC Chair by password. Ultimate absolute deletion at the data subject’s own risk will be done at that person’s personal request.

Data Breaches

In the event of any breach of LMC systems impacting on the security of a member’s or any other individual’s personal data, LMC will inform the affected member(s) or individuals at the earliest opportunity describing the nature of the breach, the possible consequences and the measures being taken to remedy the situation in accordance with our procedures and applicable law.

Contact Us

Please direct any comments or further information enquires relating to this policy to the LMC secretary or via the website.

Complaints

If you are unhappy with the way in which LMC processes your personal data, please contact us using the information provided below.

You also have the right to lodge a complaint before the Information Commissioner’s Office (ICO), the UK data protection authority. Their contact details as are follows: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF; Tel: 0303 123 1113 (local rate) or 01625 545 745; or see their website.

Updating This Policy

From time to time we may change our data processing activities.

We would welcome any suggestion for its improvement.

Date: September 2021.