Calderdale Music Policy Pages Header

Data Protection Policy

Calderdale Music Policy Pages Header

This policy draws together the essential elements of the Data Protections Acts 1984,
1998 and 2018 in as far as they affect personal data capture and processing in our organisation.

Definition of personal data

Personal data is any information that relates to a living individual.


Calderdale Music complies with the requirement to register all personal data
held and to state the purposes for which it is required to be held. It ensures the
appropriate fees are paid on the due date.

Summary of Principles followed

All processing undertaken by Calderdale Music will be fair and lawful, accurate and up-to-date,
and the data held will be adequate, relevant, not excessive and be held for no longer
than is necessary. This means that when personal data becomes out of date, or is no
longer relevant to the purpose for which it was originally collected, there will be
arrangements in place for it to be destroyed. See also “Guiding Principles” below.

Conditions for processing personal data

Calderdale Music will ensure that personal data is only processed (that is,
used) if one of several conditions apply including:

  1. an individual has given their consent
  2. the processing is part of a contract
  3. there is a legal obligation to process the data
  4. the processing is necessary to protect the individual.
    Sensitive data
    “Sensitive personal data” is defined as including data relating to race, ethnic origin,
    political affiliations, religious or other beliefs and sexuality. This type of data demands
    greater protection and the organisation is obliged to ensure one of the following is true before
    the data can be processed:
  5. an individual has given their explicit consent **
  6. there is a legal requirement to process the data
  7. it is necessary to protect the vital interests of the individual.

** Explicit consent means fully informing the individual of the relevant facts in relation
to the proposed processing and getting their written consent.

The protection of personal data

It is mandatory to ensure that appropriate technical and organisational measures are
taken to prevent unauthorised access to or disclosure of data. This includes accidental
loss or destruction of, or damage to, personal data. Additionally, a request for
information under the Act may not be refused or ignored.

Guiding Principles

  1. Personal data shall be processed fairly and lawfully;
  2. Personal data shall be obtained only for one or more specified and lawful
    purposes, and shall not be further processed in any manner incompatible with
    that purpose or those purposes;
  3. Personal data shall be adequate, relevant and not excessive in relation to the
    purpose or purposes for which they are processed;
  4. Personal data shall be accurate and, where necessary, kept up to date;
  5. Personal data processed for any purpose or purposes shall not be kept for
    longer than is necessary for that purpose or those purposes;
  6. Personal data shall be processed in accordance with the rights of data subjects
    under the Act;
  7. Appropriate technical and organisational measures shall be taken against
    unauthorised or unlawful processing of personal data and against accidental loss
    or destruction of, or damage to, personal data;
  8. Personal data shall not be transferred to a country or territory outside the
    European Economic Area unless that country or territory ensures an adequate
    level of protection for the rights and freedoms of data subjects in relation to the
    processing of personal data.

Staff Awareness

This policy shall be included in the staff handbook.

Publication of Web pages

  • The Internet is only to be accessed via PCs which have been expressly set up
    within the organisation for that purpose.
  • Publication of personal information or images of individuals on any web site the organisation develops will only occur if the written consent of the individuals concerned has been given.

The use of images of people

When planning to take photos of anyone, be they adults or children, Calderdale Music will
consider the need to get consent to take the photos and clearly stated consent about
how the photos can be used e.g. just for a specific purpose/project or on a web site.

Use of electronic mail and the Internet

When using electronic mail and the Internet Calderdale Music will consider the
following Data Protection issues.

  • Not to include personal or confidential information in the text of emails (or as an
    email attachment) to be sent outside the organisation unless appropriate encryption is
    applied to protect it.
  • Not to treat E-mail as a secure method of communication when dealing with
    personal data as defined by the Data Protection Act.

Pupils and parents right to see their education records

Calderdale Music takes into account that under normal circumstances, parents and pupils
have got the right to see information that is held about them.

Table of Contents