V2.0 1

Privacy Notice for Customers of South Tyneside Academy of Musical Performance CIC South Tyneside Academy of Musical Performance CIC take very seriously your privacy and the security of your information as a customer.

This statement explains when and why we collect personal information from you, how we use it, the conditions under which we may share it with, or disclose it to, others and how we keep it safe and secure. We will collect, store and use personal information in line with current data protection legislation. This means that we will endeavour to always handle your information fairly, lawfully and transparently. We may change this statement from time to time. These changes will be published on our website http://www.st-amp.co.uk, with information on why these changes have been made. Who are we? South Tyneside Academy of Musical Performance CIC is an independent Community Interest Company located in South Tyneside. South Tyneside Academy of Musical Performance CIC is the ‘data controller’ for your personal information. Throughout this notice: • ‘we’ refers to South Tyneside Academy of Musical Performance CIC; STAMP • ‘you’ refers to you as a customer of South Tyneside Academy of Musical Performance CIC for the purposes of services delivered by STAMP • ‘customer’ refers to current, former or potential customers; • ‘GDPR’ refers to Regulation (EU) 2016/679 General Data Protection Regulation. What is Personal Information? Personal information is defined as any data which relates to a living individual who can be identified: • From the information we hold, or • From the information combined with any other information which is already in the possession of, or likely to come into the possession of, the person or organisation holding the information. Personal information also includes any expression of opinions about an individual, and any indication of the intentions of the data controller, or any other person, in respect of the individual. Examples of personal data include: • Name and home address details • National insurance number • Bank account details • Date of birth • NHS number • Information from birth and death certifications • Telephone numbers • Images. Certain types of data is categorised as “sensitive personal data”, for example: • Racial or ethnic origin • Physical or mental health/condition • Sexual life • Criminal offences (including alleged offences) • Religious or other similar beliefs of a similar nature. V2.0 2 How do we collect information from you as a Customer of South Tyneside Academy of Musical Performance CIC? We may obtain information from you via a variety of sources including: • When you sign-up to become a user of one of our services • Through on-going contact with you during your continued use of our services • When you access services by logging in to our website, or membermojo membership system • When you contact us, or we contact you • When you end your membership with us • If you make a complaint about our services • If you apply for a job with us • If you take up an offer of employment with us For security purposes, your image may be recorded on CCTV in our premises for the prevention and detection of crime and to protect our employees and visitors. The CCTV operates continuously and recordings are held for 14 calendar days. We may also take photographs at our events, our properties and in our communities to use for general marketing and publicity. However, photographs of individuals will only be used for these purposes with your consent. We may receive information about you from third parties including: • Our Direct Debit processing company • When you purchase tickets from our ticket processing company, TicketSource.co.uk • Google Analytics when you search for us or visit our website What information do we collect from or about you? We collect information about current, former and potential customers, who have expressed an interest in our services, are currently using our services or may have been a previous user of our services. We collect information about anyone who makes a complaint or enquiry, and visitors to our website, social media sites, offices, open days and trial sessions. The categories of customer information that we collect, process, hold and share include: • Personal contact details such as names, addresses, e-mail addresses and telephone numbers • Other personal information such as date of birth • Medical or health-related information • Offences (including alleged offences for employees) • Sounds and visual images e.g. CCTV images • Family and household information • Safeguarding information or vulnerabilities • Financial details, such as bank details if you pay by direct debit or standing order. We do not store bank card details. • Information relating to health and safety • Emergency contacts • Persons nominated to act on a customer’s behalf. It is important that the data that we hold about you is correct. You should advise us as soon as possible if you need us to make any changes. V2.0 3 We will only process information that is provided by you, or someone who you have formally nominated to act on your behalf or to send us information relating to you. We may therefore ask you to verify your identity in providing your information or if you have contact with us. Where you nominate someone to contact us on your behalf, we will require formal notification from you and identification of this nomination. We may decline or challenge such contact and we will discuss this with you if we have any concerns. We will normally communicate with you in ways nominated by and provided by you, unless there are exceptional reasons as to why we cannot comply with your preferred method of communication. We will use these methods to communicate with you where you provide this to us. We will not use these contact details for any purpose other than form, management of your membership with us, under the terms of this privacy notice, unless you give us permission to do so. The lawful basis on which we process this information We process information under Article 6 (1) (b) of the GDPR, relating to the tenancy agreement between you and South Tyneside Academy of Musical Performance CIC that you receive after you sign-up for a membership with us. We process information to meet our statutory and legal requirements under Article 6 (1) (c) of the GDPR. We may also process information to protect our business from fraud and other illegal activities. Consent or Choice • Whilst the majority of information you provide to us is a mandatory requirement for us to provide services to you, some of it is provided to us on a voluntary basis. In order to comply with data protection legislation, we will inform you whether you are required to provide certain information to us or if you have a choice about whether you need to provide the information and how your data is used. However, if you choose not to share your personal data with us in these circumstances, this may affect our ability to improve our services and our offer to you as a customer. In these cases, you may withdraw your permission for us to use your data at any time. Personal data is also managed in accordance with current legislation. Why do we collect your information? How will we use it? We use this information to: • Manage your account charges and payments, including your membership and arrears • Ensure the wellbeing and safety of customers • Provide customer support services • Investigate complaints • Engage with customers to get feedback on our services • Provide education, employment and training advice and opportunities • Process requests for information access under data protection, insurance or other legislation • Inform the development of our policies and procedures • Respond effectively in an emergency situation and ensure your health and safety • Ensure that our premises and systems are secure • Undertake our financial and accounting duties • Protect our business from fraud or illegal activities • Ensure the health and safety of our workforce South Tyneside Academy of Musical Performance CIC conducts research and statistical analysis to help improve our business processes and the services offered to our customers, as well as to V2.0 4 evaluate our performance against other benchmarks. Wherever possible, statistical information is anonymised or pseudonymised. South Tyneside Academy of Musical Performance CIC conducts additional voluntary services including organising community events, and gathering information to improve our services. Where your personal information is needed we will always notify you about the service being offered, explain the service and obtain your consent to proceed, usually by way of a consent form or sign up form for that service. Much of the information contained in this privacy notice is still relevant for these additional services. Information about children South Tyneside Academy of Musical Performance CIC regularly process children’s information as part of memberships system. This is required so that we can keep an accurate attendance register and easily identify our member. We also use this information for purposes of child protection and in emergency situations. This data is also used to assist directors when auditioning and casting productions, as well as being able to produce accurate programmes and ensure that members are placed in the most appropriate group. How is your information stored? South Tyneside Academy of Musical Performance CIC takes your privacy, and the safety and security of your information, very seriously. Information is held by South Tyneside Academy of Musical Performance CIC in both paper, or noncomputerised, format and electronic, or computerised, format. • Paper-based, non-computerised, information is stored securely within access-controlled storage, and is only processed by staff with a need to do so. • Electronic, computerised, information is stored securely on servers managed by Membermojo, who provide our membership service on behalf of South Tyneside Academy of Musical Performance CIC. • Parts of our electronic, computerised, systems are also managed directly by South Tyneside Academy of Musical Performance CIC. South Tyneside Academy of Musical Performance CIC has security procedures and an Information Security Policy to ensure that data is handled appropriately and protected from accidental loss or misuse. We seek to comply and align its policies with all parts of the Information Security Standards ISO 27001. Access to information is only permitted where there is a legitimate reason. Who do we share your information with? There are a number of reasons why we share information. This can be due to: • Current legislation implies that we must • We may have to comply with a court order • We have a contract in place with another agency to deliver services on our behalf • You have consented to disclosure or sharing V2.0 5 We may share your information with: • You • Relatives, guardians or people associated with you, by formal nomination or where there is a legal duty to do so • Courts • Law enforcement agencies including the Police • Emergency Services e.g. Fire and Rescue Service • Contractors • Direct Debit processing contractor (GoCardless) • Data processors that work on our behalf • Membership systems (Membermojo, DoJo) • Processing ticket sales and orders (Ticketsource.co.uk) • Processing payments through our ticketing system and Chip & PIN systems (Stripe.co.uk, SumUp & PayPal) • Contact systems (MessageBird, Mailchimp, Survey Monkey) Only necessary information will be shared and we will seek to anonymise and depersonalise information wherever possible. We may share information for the purposes of fraud or crime prevention and for the apprehension or prosecution of offenders. We do not require your permission to share your information for this purpose and we may not notify you that we have done so. This may include sharing data with law enforcement bodies, such as the Police or HMRC and other public bodies where they have a law enforcement role. When we share data with other organisations: • We provide only the information that they need for their specific services • They may only use your data for the exact purposes that we specify in our contract with them • We work closely with them to ensure that your privacy is respected and protected at all times • If we stop using their services, any of your data held by them will either be deleted or anonymised • Where possible, we ensure that the data we share is anonymous and depersonalised. You have the right to opt out of data sharing arrangements if no statutory requirement exists, but our ability to share information enables us to improve our services to you. Your personal data will may be used for sales or marketing, however, we will not sell your personal data on to third parties. We will not pass on your personal data to unrelated third parties unless we are allowed or required to do so by law, or we have your explicit permission to do so. How long do we keep hold of your information? We keep information in line with our retention policy, which is in line with national guidelines for organisations such as South Tyneside Academy of Musical Performance CIC. In some cases the law sets the length of time that information has to be kept. Your information will only be held for as long as necessary and will be disposed of in a secure manner when it is no longer needed, unless there are exceptional circumstances which require us to retain it for a longer period of time. V2.0 6 How can I access the information you hold about me, or correct it if it is inaccurate? Under data protection legislation, you have the right to request access to information about you that we hold. To make a request for your personal information, contact the Data Protection Officer in writing at: • South Tyneside Academy of Musical Performance CIC, Brinkburn CIO, Harton Lane, South Shields, Tyne and Wear, NE34 0PP, or • By e-mail at info@st-amp.co.uk In some limited cases we may have to redact names or withhold information where it relates to: • A third party or where the information has been provided in confidence • The prevention and detection of crime • The apprehension of or prosecution of offenders • The assessment and collect of taxes and duties • The health and safety of staff • Where the disclosure of medical opinions may cause distress or serious harm to a person. We will try to provide you with as much information as possible. You also have the right to: • object to processing of personal data that is likely to cause or is causing damage or distress • in certain circumstances, have inaccurate personal data corrected, erased or destroyed • prevent processing for the purpose of direct marketing • object to decisions being taken by automated means. You have the right to request that South Tyneside Academy of Musical Performance CIC stop processing your personal data in relation to the services that it provides. However, if this request is approved, this may cause delays or prevent us delivering a service to you. You can request consideration of these changes by contacting the Data Protection Officer. Changes to our privacy policy We will keep our privacy notice under regular review and will advise you of any updates on our website.

This notice was last reviewed in November 2019

Contact details (Data Protection Officer) If you have a concern about the way we are collecting or using your personal data, we ask that you raise your concern with us in the first instance, by contacting the Data Protection Officer in writing at: • South Tyneside Academy of Musical Performance CIC, Brinkburn CIO, Harton Lane, South Shields, Tyne and Wear, NE34 0PP, or • By e-mail at info@st-amp.co.uk Alternatively, you can contact the Information Commissioner’s Office at https://ico.org.uk/concerns/