In what follows, 'NESMS' is to be understood as referring both to the North East of Scotland Music School Ltd and to its sister organisation, Friends of The North East of Scotland Music School (Friends of NESMS).
Scope and Purpose
This policy applies to everyone involved with NESMS, whether tutors, pupils, advisers, volunteers, Friends or staff. Its aim is to ensure that all are aware of:
- what personal data are held by NESMS, the 'data controller'
- measures to protect the 'data subjects' from any misuse of such data
- each individual's right to confidentiality and privacy within NESMS
- their responsibilities regarding the security of personal data
All personal details held by NESMS both manually and in computer records are subject to the Data Protection Act 1998 (DPA) – to be superseded in May 2018 by the European Union's General Data Protection Regulation (GDPR) – and the Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR). NESMS is committed to complying fully with the DPA's eight Data Protection principles as enlarged or modified by the GDPR and will, accordingly:
- Collect and process personal data only to the extent necessary to provide its services in an efficient and professional manner and to fulfil its responsibilities in respect of any implied or explicit contract with tutors, pupils, staff, donors, sponsors or funding bodies.
- Ensure that it has the informed and freely given consent of each data subject to hold personal information; and that such data are accurate, relevant, not excessive in relation to the purposes for which they are held and, where necessary, kept up to date.
- Take all reasonable steps to protect personal data from accidental disclosure or theft.
- Remove from its databases any personal information no longer relevant to the purposes for which it was collected, or where consent to hold such information has been withdrawn by the data subject.
- Make full disclosure to a data subject, on request, of all personal details held pertaining to that subject and to remove or modify any details found to be inaccurate or out of date.
- Review its data protection procedures annually to ensure that NESMS remains compliant with current legislation, and act to ensure that its data protection policy is well understood.
- Require its tutors, staff and volunteers to make a personal commitment to uphold the aims of this policy.
Disclosure to Third Parties
NESMS will not in normal circumstances pass personal data to a third party without the express permission of the person involved. However,
- we may share personal data with our tutors on a confidential basis where good sense and/or good teaching practice demands it;
- in order to claim Gift Aid we are required to communicate a certain amount of personal data to HMRC; and
- we may disclose personal information for the purpose of child protection or otherwise as required or permitted by regulation and our common law duty of care.
Adopted by the NESMS Council of Management on 19 March 2018