Privacy Notice

Breaking Borders Logo

What is this notice for?

This notice provides an overview of what information we collect about you, how we keep your data secure and up to date, how long we might hold it for, and what your rights are in relation to it.

NYCoS (an operating name of National Youth Choir of Scotland) is committed to protecting your personal data and will use any personal or sensitive data we collect from you in line with the General Data Protection Regulations (GDPR). NYCoS is a Data Controller under the GDPR.

Contact Us

Please contact us if you have any questions about our privacy notice or wish to exercise your rights under the GDPR.

Contact us by email

Or write to us at: National Youth Choir of Scotland
The Mitchell, North Street, Glasgow, G3 7DN

What data do we collect and what do we use it for?

NYCoS collects data from individuals to help us plan, organise and run day-to-day operations and to promote and market our activities. When we refer to “your personal information” we also mean the personal information of a child for whom you have parental responsibility and/or any other person who has consented to you sharing their personal information with us.

We collect information about you when you register with us, book, donate or place an order for products or services. We also collect information when you voluntarily complete customer surveys, provide feedback, make an enquiry or participate in competitions.

Legal basis for NYCoS processing personal data

NYCoS collects and uses personal data because is it necessary for:

  • complying with our duties and exercising our rights under a contract for the provision of goods or services
  • the pursuit of our legitimate interests
  • complying with our legal obligations

In general, we only rely on consent as a legal basis for processing in relation to sending direct marketing communications to customers via email.

We have detailed what information we collect and how we use it for each of our main activities below:

When you apply to join NYCoS as a member, or during your membership with us, we may need to collect some or all of the following information on you:

  • Name
  • Email address
  • Phone number(s)
  • Address
  • Emergency contact details
  • Medical information
  • Education information
  • Gift Aid Declarations
  • Age/gender
  • Photos/video footage
  • Audition notes
  • Singing lesson reports

This data will be used by us to process your application, manage your membership with NYCoS and to organise and run our activities. We collect this data to provide you with the service agreed under our contract with you.

You are only required to provide the information necessary for us to form a contract with you, if you do not wish to provide the required information you cannot become a member. We will make clear what information is required at the time of applying for, renewing or signing up to a membership.

We will ask you to opt-in to the taking of photographs/video footage, where applicable, at the relevant time.

To ensure the safety and wellbeing of our members we may ask you to provide medical or other sensitive personal data and/or the details of an additional emergency contact. Sensitive personal information (special category data) is collected with your explicit consent. This information will only be used for the stated purpose, shared with those who need access and deleted when no longer need. Where we ask you to optionally provide the contact details of a third party for use in an emergency you do so after having gained their consent.

If you give us your consent to do so, we may also use your contact details to send you marketing/promotional communications. Any marketing/promotional communication we send you will include a clear option to withdraw your consent (e.g. to ‘opt out’ of future emails) and you can also withdraw consent at any point by contacting us.

We may send you necessary communications relating to your membership (e.g. renewal or payment reminders), these are mandatory communications.

Where our events are ticketed, we need to collect data on the person booking and, for certain events, people attending. This information may include:

  • Name
  • Email address
  • Phone number(s)
  • Address
  • Medical information
  • Age/gender
  • Education information
  • Photos/video footage

We collect this information in order to allow you access to the event (fulfil our contract with you) and to send you a confirmation of your reservation/purchase and any other communications relating directly to the event. This data will only be used for administering your access to the event/s for which you have booked and will not be used to send you marketing/promotional messages unless you have also provided your consent to receive these.

You are only required to provide the information necessary for us to form a contract with you, if you do not wish to provide the required information you may not be able to attend the event. We will make clear what information is required at the time of booking.

We will ask you to opt-in to the taking of photographs/video footage, where applicable, at the relevant time.

To ensure the safety and wellbeing of our event attendees we may ask you to provide medical or other sensitive personal data. Sensitive personal information (special category data) is collected with your explicit consent. This information will only be used for the stated purpose, shared with those who need access and deleted when no longer need.

When you purchase product(s) from our shop we need to collect data on the person purchasing and receiving the goods. This information may include:

  • Name
  • Email address
  • Phone number(s)
  • Address

We collect this information in order to fulfil our contract with you and to send you a confirmation of your purchase and any other communications relating directly to the purchase. This data will only be used for administering your order and will not be used to send you marketing/promotional messages unless you have also provided your consent to receive these.

You are only required to provide the information necessary for us to form a contract with you, if you do not wish to provide the required information you may not be able to purchase products from us. We will make clear what information is required at the time of placing your order.

We offer individuals the opportunity to sign up (consent) to receiving marketing and promotional information about NYCoS’ activities and products.

When you sign-up to our marketing mailing list we may ask for your:

  • Name
  • Email Address
  • Address

We will use this information to send you information about our events and activities (e.g. forthcoming performances and other events). We may also ask for your preferred topics and communication methods. These allow us to tailor the information we provide to suit your preferences (e.g. email vs post).

We will only send you information that is related to NYCoS, we will not use your data to send you marketing messages from third parties.

Anything we send you will include a clear option to withdraw your consent (e.g. to ‘opt out’ of future emails) and you can also do so at any time by contacting us.

Our Legitimate Interests

The normal legal basis for processing personal data, unless an alternative basis has been specified, is that it is necessary for the legitimate interests of NYCoS, including:

  • selling and supplying goods and services to our customers
  • protecting customers, members and other individuals and maintaining their safety, health and welfare
  • promoting, marketing and advertising our products and services
  • sending communications which are relevant and tailored to individual customers, members and donors
  • understanding our customers’ behaviour, activities, preferences, and needs
  • improving existing products and services and developing new products and services
  • complying with our legal and regulatory obligations
  • preventing, investigating and detecting crime and prosecuting offenders, including working with law enforcement agencies
  • handling customer contacts, queries, complaints or disputes
  • fulfilling our duties to our customers, colleagues and other stakeholders

How do we keep your data safe?

NYCoS is committed to keeping your personal data safe and secure.

Our security measures include:

  • Encryption of data
  • Automated threat detection technologies
  • Security controls which protect NYCoS IT infrastructure from external attack and unauthorised access
  • Internal policies and training setting out our data security approach for employees

Do we share your data with anyone else?

We do not share your details with third parties for marketing purposes.

We may disclose your personal information, including any medical information provided, where in our view it is necessary to protect the health and wellbeing of any person without the capacity to consent to the sharing of their information. We may also share your personal information with third parties where we have a legal obligation to do so.

In common with most business we sometimes use third party services to process your data on our behalf (e.g. a payment services provider to process card payments). Where we use third parties to process your data we have GDPR compliant data processing addendums or model contract clauses with these suppliers.

Are there special measures for children’s data?

While NYCoS is a youth arts organisation parental consent for those under 16 is required to participate in our activities. As such we do not knowingly collect personal information directly from children under the age of 16.

Young people aged 13 and older have the same rights over their personal information as adults. Where a person with parental responsibility provides us with the personal data of a young person aged 13 or older it is with the knowledge and consent of that young person.

How can you update your data?

You can contact us at any time at to update or correct the data we hold on you.

How long we will hold your data?

NYCoS’ data retention policy is to review all data held on individuals at least every two years and remove data where we no longer have a legitimate reason to keep it.

Where you have withdrawn your consent for us to use your data for a particular purpose (e.g. unsubscribed from a mailing list) we may retain some of your data for up to two years in order to preserve a record of your consent having been withdrawn.

Sensitive Personal Information

Where we have collected non-anonymised sensitive personal information (e.g. medical information) we will delete the information from our primary systems within one month of the information no longer being required. Paper based records will typically be securely destroyed/redacted within a year of the information no longer being required.

What rights do you have?

Under the GDPR, you have the following rights over your data and its use:

  • The right to be informed about what data we are collecting on you and how we will use it
  • The right of access - you can ask to see the data we hold on you
  • The right to rectification - you can ask that we update or correct your data
  • The right to object - you can ask that we stop using your data for a particular purpose
  • The right to erasure - you can ask us to delete the data we hold on you
  • The right to restrict processing - you can ask that we temporarily stop using your data while the reason for its use or its accuracy are investigated
  • Though unlikely to apply to the data we hold and process on you, you also have rights related to portability and automated decision making (including profiling)

 All requests related to your rights should be made by contacting us. We will respond within one month.

You can find out more about your rights on the Information Commission’s Office website

What will we do if anything changes?

If we make changes to our privacy statements or processes we will post the changes here. Where the changes are significant, we may also choose to email individuals affected by the new details. Where required by law, will we ask for your consent to continue processing your data after these changes are made.

This notice was last updated on 18 May 2018.

Cookies

Cookies are text files placed on your computer to collect standard internet log information and visitor behaviour information. This information is used to track visitor use of the website and to compile statistical reports on website activity.

For further information visit www.aboutcookies.org or www.allaboutcookies.org.

How this site makes use of browser cookies:

  • When you have logged in successfully to a logged-in-only area of this site (if one exists), a cookie will be applied to your browser to convey your authentication as you move through the pages of the site. This cookie is removed when you log out of the logged-in area and does not itself contain any of your personal information.
  • Where a shopping area of the site exists, a cookie will be used to store which items you have placed in to your shopping basket.
  • The framework we use to build this area of the site creates a cookie that follows you as you move through the pages of the site. This cookie allows the site to respond to any settings you may set so that they persist as you move through the pages of the site. This cookie does not itself contain any of your personal information.
  • All cookies set by this site (other than tqCombinedLogin where used) will be deleted when you close your browser down.

This site does not use browser cookies to:

  • Collect personally identifiable information about you.
  • Track your movements for the purposes of advertising.

Blocking cookies

If you wish to restrict or block the cookies which are set by this, or indeed any other website, you can do this through your browser settings. The Help function within your browser should tell you how. Note that your use of some of the sections of this site mentioned above will be impaired if you do choose to disable cookies.

The Cookies used by this site

Cookie name

Purpose

.ASPXAUTH

The cookie used to convey your authentication when you are logged in.

ASP.NET_SessionId

The cookie used by the framework we use to build this site.

tqCombinedLogin

The cookie used to convey your authentication to other nycos.co.uk sites when you are logged in or to identify you have previously logged in.

esitShop2

The cookie used by the shopping area of this site to hold items you place in your basket. If you block this cookie you will not be able to purchase products from the shop.

ai_user, ai_authUser & ai_session

These cookies are placed by Application Insights which we use to monitor the health of the website e.g. recording errors and site speed. You can safely block these cookies.

_ga & _gat

The cookies placed by Google Analytics which we use to track and report on the usuage of this site. You can safely block these cookies.

__cfduid

This cookie is placed by CloudFlare. Blocking this cookie may result in you being repeatedly challenged to prove you are a human user and make the site unusable.