We are North London Chorus

A friendly North London choir

We are North London Chorus

Data Protection Policy

North London Chorus – Privacy and data protection

Prepared by Tim Lutton

Approved by the North London Chorus committee 2025-12-03

To be reviewed by end 2027

This policy sets out how North London Chorus (NLC) uses and protects any information that you give NLC when you use our website or fill in a form. NLC is committed to ensuring that your privacy and the data you provide us is protected. Should we ask you to provide certain information by which you can be identified, then you can be assured that it will only be used in accordance with this policy. NLC may change this policy from time to time by updating this page. 

North London Chorus (NLC) is committed to protecting your personal data. NLC adheres to the UK General Data Protection Regulation and the 2018 Data Protection Act:

  • We only collect personal data for specified and lawful purposes;
  • We collect the minimum amount of data needed for these purposes;
  • We keep the data up to date;
  • We store the data securely; and
  • We don’t give the data to anyone outside the organisation without your permission, except to our Data Processors as outlined below.

North London Chorus is the Data Controller and will determine what data is collected and how it is used. The committee is responsible for the secure, fair and transparent collection and use of data by North London Chorus.

Please see below for more information about how we get consent to collect your data, the types of data we collect and what we use it for. 

How we get consent

Any time data is collected for this purpose, we will provide a method for users to show their positive and active consent to receive these communications (e.g. a website form), and a clear and specific explanation of what the data will be used for. Data collected will only ever be used in the way described and consented to. Every marketing communication will contain a method through which a recipient can withdraw their consent (e.g. an ‘unsubscribe’ link in an email).

Whenever we need to collect any of your data, we will let you at that point why we need to do so and what it will be used for, but this guide provides a useful overview of all of those situations and provides more detail on how we keep your data secure and up to date, how long we might hold it for, and what your rights are in relation to it.

North London Chorus uses third party Data Processors to process data on our behalf. More information out the third party Data Processors are detailed in this policy. We ensure all Data Processors are compliant with GDPR.

If you are a choir member

We collect the following information about choir members:

Type of informationUsed for
Contact details (name, postal & email address, home/work/mobile phone numbers)Keeping you informed about choir events, sending you rehearsal information, circulating information about other events which may be of interest
Gift Aid declaration if applicable  Claiming Gift Aid from HMRC
Records of subs you’ve paid or donations you’ve madeFinancial record keeping
Attendance at rehearsals Monitoring member engagement 
PhotographyChoir publicity 
Emergency contact information for membersContacting choir members’ next of kin in the event of an emergency

We do not share the information with anyone else outside our organisation, except our Service  Providers (see below).

Choir members are invited to join the NLC Publicity and Bulletins WhatsApp group to receive updates and reminders about choir events.

If a member leaves the choir, they remain on the database with the ability to continue to use their single-sign-on account for the purposes of buying tickets and receiving publicity emails, but they lose their access to the members’ website and no longer receive members’ bulletins. We will remove a former member’s records from the database on specific request.

If you are a Friend of NLC

We collect the following information about Friends of NLC:

Type of informationUsed for
Contact details (Name, postal & email address, mobile phone number)Keeping you informed about choir events
Gift Aid declaration if applicable  Claiming Gift Aid from HMRC
Records of subs you’ve paid or donations you’ve madeFinancial record keeping

We do not share the information with anyone else outside our organisation, except our Service Providers (see below). If you choose to stop being a Friend of NLC, we normally retain your name & address (postal & email) on our mailing list. We will remove your records from our database completely upon specific request.

If you are on our mailing list

We collect the following information about people on our mailing list:

Type of informationUsed for
Name & email addressKeeping you informed about future choir concerts

Any marketing/promotional communication we send you will include a clear option to withdraw

your consent (e.g. to ‘opt out’ of future emails). We do not share the information with anyone else outside our organisation, except for our Service Providers (see below).

If you are buying tickets to NLC events

You can buy tickets to NLC concerts via our online ticketing portal. You will need to provide your name and email address when you book tickets online. We will use this only for the purpose of  providing your tickets, and will not share it with any third party, unless you agree to be added to our mailing list (Mailchimp).

If you visit our website

We use cookies on our website. A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences. We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system. Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us. You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. However, manually disabling cookies will disable your ability to make an account, log in and purchase tickets.

If you are employed or contracted by NLC

We may need (for administration or for legal/regulatory reasons) to collect personal or sensitive personal data on employees or contractors of NLC. Where this is the case, we will explain what this is for at the point of collection.

Our Service Providers

We use Service Providers located in the UK who are compliant with privacy laws.

Service ProviderType of informationUsed for
DigitalOcean (London Datacentre)Names and email addresses of ticket buyers   Names, email addresses, home addresses and phone numbers of choir members and employeesEnabling the purchasing of tickets   Internal choir communications with members and general administration
MailchimpNames and email addressesPublicity mailings
Google Workspace for Non-profitsNames and NLC email addresses for choir committee members, section reps, employees etc.Internal choir communications and general administration

How is the information stored and who can see it?

Information about our members, Friends of NLC, and mailing list supporters is collected by members of NLC’s committee and section reps. Some personal data (e.g. Gift Aid forms) may be held as paper documents by these individuals. Information may be shared between these individuals as necessary.

Do we share your data with anyone else?

We will never pass your details on to third parties for marketing purposes.

We sometimes use third party services to process your data (e.g. Google Drive and Mailchimp). We will always make sure any third parties we use are reputable, secure, and process your data in accordance with your rights under GDPR.

Are there special measures for children’s data?

We do not knowingly collect or store any personal data about children under the age of 13.

How can you update your data?

You can contact us at any time here to update or correct the data we hold on you.

How long we will hold your data?

NLC will retain your details on our mailing list until you ask us to remove it. If you have withdrawn your consent for us to use your data for a particular purpose (e.g. unsubscribing from our Mailchimp mailing list), your name and email address will remain on our mysql database. You can continue to log in to our website for the purpose of purchasing tickets should you wish. If a member leaves NLC, they remain on the database with the ability to continue to use their single-sign-on account to purchase tickets, but they lose their access to the members’ website and no longer receive email bulletins. If you do request to be removed from our database, we will comply, but please note that some archived data, such as old emails which we retain for legitimate interest for the purpose of keeping records of our interactions with members and employees, as well financial record-keeping, may contain references to you.

What rights do you have?

Under the GDPR, you have the following rights over your data and its use:

  • The right to be informed about what data we are collecting on you and how we will use it
  • The right of access – you can ask to see the data we hold on you
  • The right to rectification – you can ask that we update or correct your data
  • The right to object – you can ask that we stop using your data for a particular purpose
  • The right to erasure – you can ask us to delete the data we hold on you
  • The right to restrict processing – you can ask that we temporarily stop using your data while the reason for its use or its accuracy are investigated
  • Though unlikely to apply to the data we hold and process on you, you also have rights related to portability and automated decision making (including profiling)

All requests related to your rights should be made to the Data Protection Officer at dataprotection@northlondonchorus.org. We will respond within one month.

You can find out more[1] [2] [3] [4]  about your rights on the Information Commission’s Office website.

What you should do if you think the security of your data has been breached

Any suspected breaches of data (such as the unauthorised access to or use of data) should be reported to dataprotection@northlondonchorus.org immediately.

What will we do if anything changes?

If we make changes to our privacy statements or processes we will post the changes here. Where the changes are significant, we may also choose to email individuals affected with the new details. Where required by law, will we ask for your consent to continue processing your data after these changes are made.