Create, Perform
and Be Inspired...

19th-24th August 2018

Image courtesy of Altus Flutes, Japan

Privacy and Data Protection Policy

In order to operate, Oxford Flute Summer School needs to gather, store and use certain forms of information about individuals; e.g. participants, staff, applicants and trustees.

This policy explains how this data is collected, stored and used in order to meet Oxford Flute Summer School’s (OFSS) data protection standards and comply with the law.

This policy ensures that OFSS protects the rights of our participants, staff, applicants, trustees and suppliers, complies with data protection law and follows good practice. The policy protects the information from the risks of a data breach

The policy applies to all those handling data on behalf of OFSS e.g.:

  • Trustees

  • Staff and volunteers

  • Participants and applicants

  • Contractors/3rd-party suppliers

It applies to all data that OFSS holds relating to individuals, including:

  • Names

  • Email addresses

  • Postal addresses

  • Phone numbers

  • Any other personal information held

Everyone who has access to data as part of OFSS has a responsibility to ensure that they adhere to this policy.

The Data Controller for OFSS is Janet Way, Director. She is responsible for what data is collected and how it will be used. Any questions relating to the collection or use of data should be directed to the Data Controller.

Oxford Flute Summer School will only collect data where lawful and where it is necessary for the legitimate purposes of the operation.

An individual’s name and contact details will be collected when they first make a booking, and will be used to contact the participant for administration and information regarding the current course.

The name and contact details of trustees, staff and volunteers will be collected when they take up their roles and will be used to contact them regarding administration related to their roles.
Information may also be collected in specific circumstances where lawful and necessary (in order to process payment to the person or in order to carry out a DBS check).

An individual’s name, contact details and other details may be collected at any time, with their consent, in order for OFSS to communicate with them about current and future courses.

When collecting data, OFSS will always explain why the data is required and what it will be used for, e.g. “Please enter your email address in the form below. We need this so that we can send you email updates of course information” We will never use data for any purpose other than that stated or that can be considered reasonably to be related to it. For example, we will never pass on personal data to 3rd parties without the explicit consent of the subject.

OFSS will not collect or store more data that the minimum information required for its intended purpose.

OFSS will ensure that any individual will be able to update their data at any point by contacting the Data Controller

OFSS will keep data on individuals for no longer than 12 months after our involvement with the individual has stopped, unless there is a legal requirement to keep records.

Any requests concerning data held can be made in writing by the individual to the Data Controller.

We keep personal data secure. Electronically-held data will be held within a password-protected and secure environment

Passwords for electronic data files will be re-set each time an individual with data access leaves their role/position

Physically-held data (e.g. application forms) will be stored securely for no longer than 12 months.

Occasionally OFSS is asked for contact details of staff and participants. To facilitate this participants of the course can request the personal contact details of other members in writing via the Data Controller. These details will be given, with the consent of the other parties. Only email addresses (i.e. not postal addresses, telephone numbers or social media addresses) will be shared.

OFSS will occasionally collect data from consenting interested enquirers for marketing purposes. This includes contacting them with information about future events. You may opt out at any time by contacting the Data Controller.

Prepared May 2018
Review due May 2019