Contents

Who We Are
Your personal data – what is it?
What personal data we collect, why we collect it and how we use it
Data Collected to Manage Your Membership
Contact Forms
Event Registration
Cookies
Embedded content from other websites
Comments
Media
Analytics

Who we share your data with
How long we retain your data
What rights you have over your data
Where we send your data
Paypal
Google
Mailchimp
Web hosting

Our contact information
Additional information
How we protect your data
What data breach procedures we have in place
What third parties we receive data from
What automated decision making and/or profiling we do with user data
Industry regulatory disclosure requirements

Who we are

We are the Nonsuch Dulcimer Club, a charity registered in England and Wales, Registration Number 1184249.

Our website address is: https://www.dulcimer.org.uk.

Nonsuch Dulcimer Club is the data controller (contact details below). This means it decides how your personal data is processed and for what purposes.

Your personal data – what is it?

Personal data relates to a living individual who can be identified from that data.  Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulation (the “GDPR”).

Go to Top of Privacy Policy Page

What personal data we collect, why we collect it and how we use it

Data Collected to Manage Your Membership

At checkout, or when you send us a completed membership form, we will collect your name, email address, (together with username and password if you registered online) and additional information needed to provide your membership service. This information is used to setup your account and to provide our services to you as a member.

If you are redirected to an offsite payment gateway to complete your payment, we may store this information in a temporary session variable to setup your account when you return to our website. Whether you pay via paypal or offline, we record the payment information against your membership account and also in our financial records.

When logged in, we use cookies to track some of your activity on our website including logins, visits, and page views. See Cookies.

If you borrow an instrument or items from the club library, we keep a record of the loan.

If you are the holder of any club assets, we record your name against the asset.

We use the member information we collect to

  • Send you our quarterly newsletter; our annual members directory; and, occasionally, other important information about the club by post or email.
  • Generate the members directory according to your instructions as to how you want your data used.
  • Keep a record of your payments to us for use in the club financial records, and to send you subscription reminders and renewal information.
  • Keep a record of any instrument or club library loan and associated details, and manage any rental payments.
  • Manage club assets
  • Enable us to provide a voluntary service for the benefit of the public as specified in our constitution; for example we might look for members in an area, or write to members in an area. We don’t pass your details on to members of the public, and will always ask your permission if we think it would be helpful to put them in touch with you.
  • Keep summary information of the club membership to help us better manage the club

All online registered users can see, edit, or delete their personal user account information at any time (except they cannot change their username). Our website administrators can also see and edit that information. They will change it on your behalf if you request it.

Our legal basis for processing members data is our contract with you to provide the member services. Where processing is optional, we seek your explicit permission.

Go to Top of Privacy Policy Page

Contact Forms

When visitors or users submit a form, we capture the IP Address for spam protection. We also capture the email address and other personal data included in the form fields, such as phone number. We use this information to respond to your query.

We send the information to the person to whom your directed the contact form. They may pass it on to the best person to deal with your query. We request and record your explicit consent to do this, before you submit the form.

Our legal basis for processing contact form data is the GDPR permission you give when completing the form.

Go to Top of Privacy Policy Page

Event Registration

We collect the information on your event registration form and your payment details in order to manage that event. We use this information to:

  • book accommodation and food.
  • plan the classes at the event in conjunction with tutors.
  • manage your payments and keep our financial records.
  • to send your email address to other attendees in advance, if you have consented to it on the form

Bookings data is retained for up to 3 months following the event. After that we retain only financial records of your payments and summary information used for planning future events.

Our legal basis for processing event registration data is our contract with you to provide the service.

Go to Top of Privacy Policy Page

Cookies

A cookie is a small simple file that is sent along with pages of this website and stored by your browser on the hard drive of your computer or another device. The information stored therein may be returned to our servers or to the servers of the relevant third parties during a subsequent visit.\

Technical or functional cookies. Some cookies ensure that certain parts of the website work properly and that your user preferences remain known. By placing functional cookies, we make it easier for you to visit our website. This way, you do not need to repeatedly enter the same information when visiting our website. We may place these cookies without your consent.

If you have an account and you log in to this website, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

If you leave a comment on our website you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

We do not use any advertising cookies on this website.

As a rule, cookies will make your browsing experience better. However, you may prefer to disable cookies on this site and on others. The most effective way to do this is to disable cookies in your browser. However, if you do this, certain aspects of this website may not work. We suggest consulting the Help section of your browser or taking a look at the https://www.aboutcookies.org website which offers guidance for all modern browsers.

We inform you of the use of cookies on this website the first time you visit it.

Go to Top of Privacy Policy Page

Embedded content from other websites

Articles on this website may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Comments

When visitors leave comments on the website we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Analytics

We don’t collect analytics.

Go to Top of Privacy Policy Page

Who we share your data with

Your personal data will be treated as strictly confidential and will only be shared with others as consented by you or as necessary in order to carry out a service and for purposes connected with the club.

We share the information you agreed could be shared by publishing it in the members directory which is provided to all members. You can elect to omit your whole entry, your address, phone number or email.

If you have booked to attend one of our residential events, we send your name, room allocation information and food preferences to the event venue in order to arrange accommodation and food at the event. We also send summary information to tutors of the numbers and levels of those attending. We may also send all course attendees a list of participants with email addresses where the attendee has agreed to their information being shared.

Under charity law, our financial records are subject to scrutiny by an independent examiner. This includes a record of any payments made to or from you.

We may also process and share your data in order to carry out our obligations under charity, employment, social security or social protection law.

Go to Top of Privacy Policy Page

How long we retain your data

If you register as a member on our website or via offline application, we will retain your personal information while you remain a member. We will retain your registration data for up a year after you cease paying your subscription, after which it will be deleted.

If you use our services to borrow an instrument or something from our members library, the record of your loan will be retained for up to a year after the loan ceases.

if you attend one of our events, we will keep your registration data for 3 months after the event has finished.

If you upload images or create content on the website, this is retained indefinitely.

When visitors or users submit a form we retain the data for 6 weeks.

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

As a registered charity, we retain financial records for 6 years. This includes a record of any payments made to or from you as well as gift aid declarations.

Go to Top of Privacy Policy Page

What rights you have over your data

Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data:

  • The right to request a copy of your personal data which Nonsuch Dulcimer Club holds about you;
  • The right to request that Nonsuch Dulcimer Club corrects any personal data if it is found to be inaccurate or out of date;
  • The right to request your personal data is erased where it is no longer necessary for Nonsuch Dulcimer Club to retain such data;
  • The right to withdraw your consent to the processing at any time. This may mean we can no longer fully provide our services to you.
  • The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
  • The right to object to the processing of personal data, (where applicable) [Only applies where processing is based on legitimate interests (or the performance of a task in the public interest/exercise of official authority); direct marketing and processing for the purposes of scientific/historical research and statistics]
  • The right to lodge a complaint with the Information Commissioners Office.

This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Go to Top of Privacy Policy Page

Where we send your data

Paypal

We may use paypal to collect your membership subscription. Their privacy policy can be found here: https://www.paypal.com/uk/webapps/mpp/ua/privacy-full

Google

We use the following services from google:

  • Form Submissions are checked through an automated spam detection service. We use Google reCAPTCHA for spam protection.
  • The Google fonts API is used to display fonts on the website,
  • We also use Google Drive to store some of our data.

Our website connects to the Google APIs for Google reCAPTCHA and Google Fonts. The Google APIs request your IP address.

Google’s privacy policy can be found here : https://policies.google.com/privacy?hl=en.

Mailchimp

We use MailChimp to manage our subscriber list. Their privacy policy can be found here : https://mailchimp.com/legal/privacy/.

Web hosting

We use encode.host to host our website. Their privacy policy can be viewed here. https://encode.host/knowledgebase/4232/GDPR—Data-Processing-Agreement.html

Go to Top of Privacy Policy Page

Our contact information

You can contact us here
In writing:
Nonsuch Dulcimer Club, Flat 10 Holmwood House, 6 Purshall Close, Redditch, B97 4PD.
By email through our Contact Form.
By phone to Sally Whytehead, 01527 64229.
You can contact the Information Commissioners Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.

Go to Top of Privacy Policy Page

Additional information

How we protect your data

Nonsuch Dulcimer Club complies with its obligations under the “GDPR” by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.

What data breach procedures we have in place

In the unlikely event of a data breach all necessary procedures will be followed to deal with the breach. We will promptly inform you if your data is compromised, what steps we are taking to mitigate the effects of the breach and what you need to do yourselves, which could include, for example, changing your passwords.

What third parties we receive data from

None.

What automated decision making and/or profiling we do with user data

None.

Industry regulatory disclosure requirements

None.

Go to Top of Privacy Policy Page

Last Updated on by Sally Whytehead