Privacy Policy • Love Music

This privacy policy was last updated on 16th August 2022.

Who are we?

We are Love Music Productions Ltd, a registered Scottish charity, No SC037370 and a company limited by guarantee SC377848. You can contact us by post or email: Love Music, 65/8 Warrender Park Road, Edinburgh EH9 1ES or hello@lovemusic.org.uk. Any enquiries about our use of your personal data should be addressed to these contact details.

What is this guide for?

Whenever we need to collect any of your data, we will let you know at that point why we need to do so and what it will be used for, but this guide provides a useful overview of those situations and provides more detail on how we keep your data secure and up to date, how long we might hold it for, and what your rights are in relation to it. Love Music is committed to protecting your personal data and will use any personal or sensitive data we collect from you in line with the General Data Protection Regulations (GDPR). Love Music is a data controller under the GDPR.

How do we collect personal data from you?

We receive information about you when you use our website, complete forms on our website including signing up to our e-newsletter or one of our projects, when you contact us by email, post or phone in respect of any of our projects and services, during the payment process for participation in our projects, when you donate money to the charity, when you take part in a survey, project evaluation or when you inform us of any other matter.

We also collect data from you when you become a trustee, director, employee, freelance worker, volunteer, contractor or supplier.

If you provide us with personal data about a third party (for example, your child when registering them for a project) you warrant that you have obtained the express consent from the third party for the disclosure and use of their personal data.

Your personal data may be automatically collected when you use our websites, including but not limited to, your IP address, device-specific information and location information.

What data do we collect and what do we use it for?

Love Music collects data from individuals to help us plan, organise and run the day-to-day operations of the charity (eg. co-ordinating rehearsals or collecting membership payments) and to promote and market the charity’s activities (eg. marketing mailing lists and photography/film capture).

Mailing list subscribers for marketing and promotion

We offer everybody the opportunity to sign up to receive marketing and promotional information about Love Music’s activities. When you sign up to our marketing mailing list we will ask for your email address and will use this data to send you information about our events and activities, including forthcoming performances, participation opportunities, project updates, and social and fundraising events. The lawful basis for processing this information under GDPR is Consent.

We will only send you information that is related to Love Music and will not use your data to send you marketing messages from third parties. Anything we send you will include a clear option to withdraw your consent and you can also do so at any time by contacting us using the details at the top of this policy. We collect and store this information in our MailChimp account (see below for more on MailChimp).

Love Music Community Choir waiting list / choir member list subscribers

When you sign up to the Love Music Community Choir waiting list, we ask for your name, email address, postcode and voice part. We collect and store this information in our MailChimp account (see below for more on MailChimp). When you are offered the opportunity to book a place in the choir, your data is exported from MailChimp and stored in our Dropbox account. Once the booking process is complete, and we have updated our records, any data we don’t need for the administration of that term’s choir activities is deleted from our Dropbox. If you don’t have an email address or access to the internet and would like us to contact you by post, we ask for your postal address and phone number. This data is stored in our Dropbox account. The lawful basis for processing this information under GDPR is Contract.

Health information is a special category of data as part of the GDPR, and if you provide us with details about your health by any means, you give your explicit consent to the processing of this information. The provision of this information to us should only be to allow our team to best support you at choir rehearsals and events.

We also give you the opportunity to provide your consent to be sent the following information, and this data is also stored in our MailChimp account (the lawful basis for processing this information under GDPR is Consent):
~ Love Music’s e-newsletter (see “Mailing list subscribers” above);
~ Participation opportunities for other projects that Love Music is involved in.

Love Music Junior Choir waiting list / choir member list subscribers

When you sign up to the Love Music Junior Choir waiting list, we ask for your (meaning a parent, guardian or teacher) name, email address, phone number, child’s name, child’s date of birth, postal address and school attended. We collect and store this information in our MailChimp account (see below for more on MailChimp). When you are offered the opportunity to book a place in the choir, your data is exported from MailChimp and stored in our Dropbox account. Once the booking process is complete, and we have updated our records, any data we don’t need for the administration of that term’s choir activities is deleted from our Dropbox. The lawful basis for processing this information under GDPR is Contract.

We require this information for the following reasons:
~ To send you booking information about joining or re-joining the choir.
~ Your postcode information is used in anonymised evaluation of the geographical reach of the choir’s membership, and this information is used for evaluation and fundraising purposes.
~ If your child becomes a choir member, we may also collect and process financial information from you, and in doing so may use third parties to process this data on our behalf. If you prefer not to use these third party payment processors, we will be happy to offer alternative methods of payment.
~ We are legally obliged to securely retain some financial data about you as part of our accounting records.
~ If your child becomes a choir member, we will send you weekly email updates throughout the choir term. These updates are only sent to guardians of choir members for that particular term and may include: logistical details for choir rehearsals and events, and information about opportunities to take part in singing projects and events organised by ourselves outwith that choir term’s rehearsal schedule.
~ We use school and date of birth information to help us decide which house team your child will be part of, to ensure there is a good mix of children within each group from across the city, and to ensure that your child fits the age range criteria for our choir.
~ We share your name, phone number, your child’s name, age, school and any health/emotional/accessibility/other relevant information with the chaperones who are responsible for your child during rehearsals, to enable them to best support your child and to enable us to contact you quickly if there is an issue during a rehearsal or event. The information is only provided on paper for the duration of rehearsals and is not kept or taken away by the chaperones. Any data on paper is stored securely in a locked storage unit between rehearsals or shredded if new data is required for the following week.
~ We take health conditions and learning and emotional issues into consideration when choosing the most appropriate house team for each child. For example, for children who have a visual impairment, we will choose a group which has seats in the front row, thereby avoiding the need to climb the steps on stage. If there are several children who may need extra support with reading song lyrics, we will allocate them to different groups so that chaperones are able to support each child more effectively.
~ We include your child’s name, date of birth, address and your performance consent in performance licence applications to the City of Edinburgh Council licencing department. Organisations with which children perform in events outwith school time are required to apply for a licence for each child taking part under the Children (Performances and Activities) (Scotland) Regulations 2014. If you opt-out of this information being shared in this way, your child will not be able to take part in our public performances, but will still be able to take part in our rehearsals leading up to performances.

Health information is a special category of data as part of the GDPR, and you give your explicit consent to the processing of your child’s health information if you provide that to us on your registration form or through verbal or written communication. The provision of this information should only be to allow our team to best support your child in the ways that we have stated above. Please always ensure that your child has given their consent for you to share this information with us before you do so.

Use of MailChimp to store your data

When you sign up to receive newsletter updates, or to join either Love Music Community Choir or Love Music Junior Choir, the information you provide is stored in our MailChimp account. MailChimp is an email automation platform – it allows us to efficiently contact a large number of people with the same messages. By submitting your personal data into one of our sign up forms, you acknowledge that the information you provide will be transferred to MailChimp for processing in accordance with its Privacy Policy and Terms. MailChimp is certified to the EU-US Privacy Shield Framework.

If you don’t have access to the internet or an email account, we will send you information by post or by phone. Your data will be stored in our Dropbox account.

Other projects

When you sign up for other projects on our website or by any other means, we will ask you for information that we need in order to administer that project. If there is any variance from this privacy policy, we will let you know at the time of registration how that information will be used and stored.

When you fill out other forms on our websites, for example as part of an evaluation survey for a project, or to sign up for an event or project additional to our regular choir rehearsals, this data is usually stored in our website’s content management system. Once the submission/sign up period is over, this data is exported within a reasonable timeframe to be stored securely in our Dropbox, and the data is then deleted from our website. If we plan to store sign up data anywhere else, we will provide details at the point that you fill in the form.

Email enquiries

We retain records of your queries and correspondence sent to us by email and via the contact us form on our websites within our email system, in the event that you contact us and we need to refer to this information.

Employees and contractors: for administration and legal/regulatory purposes

We may need to collect personal or sensitive data on employees/freelance individuals/volunteers/contractors of Love Music for administration or for legal/regulatory reasons. Where this is the case, we will explain what this is for at the point of collection.

Media usage – photos and film

The lawful basis for processing this data under GDPR is Legitimate Interest. We rely on photos and film of our projects, our rehearsals and our performances to publicise and promote our charity and its work. We use photos and films on Love Music’s websites and in marketing emails, and we use photos on printed materials such as brochures, posters and fliers to promote the charity and its events. We use photos and films in funding applications and reports, as these hugely support our applications and help funders to see the impact that their grants have had, or will have, during a project.

We will always tell you in advance if we are planning to film or photograph a rehearsal or an event, with a view to using these images in wider promotional distribution (as above), to give you the opportunity to let us know if you don’t want to be featured. In that case, we will ensure that you are out of frame for any photos taken and films made, or we will pixelate your image within these.

For projects where we know in advance that photography or filming will happen, either by us, other organisations, the press or the public, we will add media consent information to the sign-up form to alert you to the fact this will happen. This doesn’t mean that you have to consent to your image being used in order to take part, but it may help you to decide whether you wish to take part if you object to your image being captured. Love Music is not responsible for images taken during public events by members of the public, by the press, or by other organisations.

If you object to an image or images of you being used by Love Music after a photo or film has been published, we will make every reasonable attempt to remove or obscure your image from these at the earliest opportunity.

Website visitors – for running and improving our websites

Other personal data that we may collect from you includes anonymised information about your use of our websites, including your IP address, traffic data, location data, weblogs and other communication data. We use Google Analytics to monitor traffic to our website, and by using this service, Google is also able to view and use anonymised information about your use of our websites. We use cookies on our website to enhance your user experience with us. For more information about cookies and how to disable them should you want to, please see the information at the end of this notice.

Website visitors – your comments

If you submit freely given and unprompted comments on our website’s posts and pages, these may remain online indefinitely, or until you ask us to remove them.

Do we share your data with anyone else?

We will never pass your details on to third parties for marketing purposes.

We sometimes use third party services to process your data (eg. Dropbox, MailChimp, Google Drive, NowDonate, PayPal, Stripe, GoCardless). We will always make sure any third parties we use are reputable, secure, and process your data in accordance with your rights under GDPR. See below for details of third party services used for financial processing.

In accordance with our child protection policy, if a child discloses abuse or information which raises concern to a member of our team, we will seek advice and/or make a referral to social workers or the police.

Are there special measures for children’s data?

Where we knowingly collect or store data of children under 13 years old we will ensure the person with parental responsibility for the child has seen the relevant information relating to the child data or has given consent on behalf of the child.

Once a child is over 13 years old, parental consent to use their data will no longer be sufficient (unless the child lacks the capacity to understand the consequences and so cannot give informed consent). We will only continue to hold/use the data if the child themselves also gives their consent.

If a child between 13 and 18 lacks the capacity to understand the consequences and so cannot give informed consent, their legal guardian who has the right to make decisions on their behalf can give consent in their place.

Use of third parties to process payments to Love Music

We offer payment options to facilitate you making a donation to Love Music, paying for items that we are selling for fundraising purposes, or buying tickets for our events and workshops.

For donations and payments made by credit card, debit card, Apple Pay, or Google Pay, we use the payment provider Stripe. When processing payments, the data you enter will be passed to Stripe, including information required to process or support the payment. By paying using this method, you agree to the processing and storage of your data according to Stripe’s Privacy Policy. We don’t store any card information on our website – all transactions take place directly with Stripe using secure secret keys.

When using our online donation system (for general donations, restricted fund donations and community choir membership donations), we will store the information you provide to us in our website’s content management system. For Gift Aid claims, we export the data you provide to submit it to HMRC as part of the Gift Aid claims process, and then store this information in our Dropbox for the length of time required by HMRC.

When using our own-hosted payments system (for events tickets and Junior Choir membership payments) we will store the information you provide in our website’s content management system until the end of a booking period, and then export this information and store it in our Dropbox for the length of time required by HMRC. The information will be deleted from the website once it has been exported. Depending on the event, we may export and delete at more regular intervals than a booking period.

If you prefer not to donate or pay using Stripe, you can send us a cheque or make a direct bank transfer. The details you need for this will be provided to you through our donation platform if you choose the cheque or bank transfer option or via a direct email.

If you prefer to use PayPal, please let us know and we will send you a payment request.

When making payments by card or PayPal, the card and account information you provide is stored, processed and managed by the payment processor you choose to use (see below). By submitting your personal data, card and account details in this way, you acknowledge that the information you provide will be transferred to the payment processor for processing in accordance with its own privacy policy. The payment processors we use are:

Stripe – to pay using your credit or debit card. By paying using this method, you agree to the processing and storage of your data according to Stripe’s Privacy Policy.

PayPal – to pay using your own PayPal account. By paying using this method, you agree to the processing and storage of your data according to PayPal’s Privacy Policy.

Making payments by bank transfer or cheque

If you would like to make a donation or payment without using these services or entering information into our website, please get in touch with us to be sent our bank details or details of how to pay by cheque. If you choose to use these method of payment instead of using our website system, the details of your payment will be stored only by Love Music in our Dropbox and retained for the length of time required by HMRC.

How can you update your data?

You can contact us at any time to update or correct the data we hold on you. To do this, write to us using the details at the top of this policy.

How long do we keep your information for?

Love Music’s data retention policy is to review all data held on individuals at least every two years and remove data where we no longer have a legitimate reason to keep it.

Where you have withdrawn your consent for us to use your data for a particular purpose (eg. unsubscribed from a marketing mailing list) we may retain some of your data for up to two years in order to preserve a record of your consent having been withdrawn.

If you are a subscriber to our newsletter, you can unsubscribe at any time by clicking the unsubscribe link at the bottom of any of our emails, or by writing to us to let us know that you wish to unsubscribe.

If you signed up to join the waiting list for our choirs or are or have been a choir member, we will keep the personal data we need to process your membership on MailChimp until you tell us you wish to permanently leave the choir or leave the waiting list. You can do this by clicking the “unsubscribe” link at the bottom of any of our emails sent via MailChimp, or by writing to us to let us know that you wish to permanently unsubscribe. If you would like to change your marketing consent preferences but remain on the choir list, you can use the “update my preferences” link at the bottom of any of our emails sent via MailChimp.

When you unsubscribe from our MailChimp contact list, we are still able to see that you were once a subscriber on our account, along with any details that you submitted when you signed up, even though you will no longer receive emails from us. We will export any data that we can anonymise that is useful for evaluation purposes before deleting your data from our MailChimp account in its entirety.

We will complete this deletion process at least once every two years, unless we receive instruction from you that you would like your information to be deleted as soon as possible. In that case, we will delete any information we hold about you that we are legally able to as soon as we can and within one month after receiving your request.

We may need to retain some data about you according to our legal/accountancy obligations. For example, if we have claimed Gift Aid on any of your donations, we are obliged by HMRC to keep your Gift Aid declaration (which includes your name, postal address, email address and phone number) along with details of the amounts you have donated on which we have claimed the Gift Aid, for a period of time set by HMRC. We will keep this information in a single location in our Dropbox or other secure storage facility but will delete it from any other location.

We may keep anonymised data for a period of 20 years for research, statistical, evaluation and fundraising purposes.

We assure you that your personal data shall only be used for these purposes as stated in this document.

What rights do you have?

Under GDPR, you have the following rights over your data and its use:
~ The right to be informed about what data we are collecting on you and how we will use it;
~ The right of access – you can ask to see the data we hold on you;
~ The right to rectification – you can ask that we update or correct your data;
~ The right to object – you can ask that we stop using your data for a particular purpose;
~ The right to erasure – you can ask us to delete the data we hold on you;
~ The right to restrict processing – you can ask that we temporarily stop using your data while the reason for its use or its accuracy are investigated;
~ Though unlikely to apply to the data we hold and process on you, you also have rights related to portability and automated decision making (including profiling).

All requests related to your rights should be made to hello@lovemusic.org.uk or the address at the top of this policy. We will respond within one month.

You can find out more about your rights on the Information Commission Office website.

What will we do if anything changes?

If we make changes to our privacy statements or processes we will post the changes here. Where the changes are significant, we may also choose to email individuals affected by the new details. Where required by law, we will ask for your consent to continue processing your data after these changes are made.

Use of Cookies

What are ‘cookies’?

‘Cookies’ are small text files that are stored by a browser (for example, Internet Explorer) on your computer or electronic device. They allow websites to ‘remember’ you for a period of time so that they can store things like user preferences and make the website quicker and easier for you to use. Without cookies, some things on websites would not be able to work: for example, without cookies it might not be possible to know whether or not you are logged in on a website, which would prevent you from being able to see content restricted to logged-in users.

How do Love Music’s websites use cookies?

A visit to a page on Love Music’s websites may create the following types of cookie:
~ Registration and preferences cookies
~ Anonymous analytics cookies

Registration and preferences cookies

When you register on Love Music’s websites, we generate cookies that let us know whether you are signed in or not. Our servers use these cookies to work out which account you are signed in with, and if you are allowed access to a particular service. It also allows us to associate any comments you post with your username. If you have not selected ‘keep me signed in’, your cookies get deleted when you either close your browser or shut down your computer.

Anonymous analytics cookies

Every time someone visits our websites, software provided by other organisations (including Google Analytics and WordPress) generates an anonymous analytics cookie.

These cookies can tell us whether or not you have visited the site before and what pages you visit. Your browser will tell us if you have these cookies and, if you don’t, new ones are generated. This allows us to track how many individual users we have, and how often they visit the site. We use them to gather statistics, for example, the number of visits to a page, to help us identify if visitors would benefit from more information on a particular area.

How do I turn cookies off?

It is usually possible to stop your browser accepting cookies, or to stop it accepting cookies from a particular website.

All modern browsers allow you to change your cookie settings. You can usually find these settings in the ‘options’ or ‘preferences’ menu of your browser. To understand these settings, the following links may be helpful, or you can use the ‘Help’ option in your browser for more details.
~ Cookie settings in Internet Explorer
~ Cookie settings in Firefox
~ Cookie settings in Chrome
~ Cookie settings in Safari

Please note: switching off cookies may prevent some aspects of our website from working fully (eg. you may not be able to access our Members Only areas).

Useful links

You can find out more about cookies and their use on the internet from www.allaboutcookies.org.

Love Music Privacy Policy