Daylight Music takes your privacy very seriously. Please read our privacy notice below, which covers how we obtain, store and use your data from a marketing point of view. We’ve done our best to make our explanations short and easy to understand but if you’d like further information, or have any questions, please contact us at: firstname.lastname@example.org.
- We collect and securely store personal data about you which include your full name and email address.
- This data is collected with your consent when you attend one of our events and add your contact details to our mailing list sign-up sheet or when you sign up to our mailing list online.
- We only use your personal data for marketing purpose to contact you with information about upcoming Daylight Music events.
- Your data is stored on our 3rd party mailing-list provider’s database (ymlp.com) and on our 3rd party storage website (dropbox.com), which are both GDPR-compliant. Hard copies of the sign-up sheets are safely destroyed once your data has been uploaded onto these websites.
- We never disclose or sell your information to 3rd parties under any circumstances.
- We will usually retain personal data collected for marketing purpose until you ask us to delete it. Our mailing-list provider also automatically deletes email addresses that bounce back from our contact lists.
- After signing up to receiving our emails, you may opt out at any point by clicking the ‘unsubscribe’ link in our emails or by contacting us at: email@example.com
- We have implemented appropriate technical measures as regards the security of the data we are holding and have a detailed security policy on how we do this. You can obtain a copy of it by contacting us at: firstname.lastname@example.org.
- You have the following rights as regards your data:
- To be informed about the collection and use of your data
- To access the personal data we store on you
- To rectify the personal data we store on you in the event of errors
- To have your personal data deleted (the “right to be forgotten”)
- To withdraw any previously given consent for us to store and use your data
- To obtain and reuse data across different services (data portability)
- To unsubscribe from our emails or otherwise restrict how we contact you
- To be protected against automated decision making and profiling
- To register a complaint as to how we use your data
To exercise any of the above rights please contact us at: email@example.com.
This policy will be updated from time to time and the latest date will appear at the top of the document. Please make sure you check back occasionally to ensure you are still happy with its contents. Please note we have a separate Privacy Notice for data we hold on artists, volunteers and business contacts we work with on our events.
The General Data Protection Regulation (GDPR) (EU) 2016/679 is a new regulation introduced by the EU on 25 May 2018 in replacement to the the 1995 EU Data Protection Directive (DPD). It sets new guidelines for the collection and processing of personal information of individuals within the European Union (EU).
Daylight Music is regular music series, held on a Saturday afternoon at the Union Chapel in London Islington, presented by the Union Chapel it is produced by Arctic Circle.
The below policy looks at the type of data Daylight Music holds and the lawful basis for processing it, how data subjects can access, amend or have their personal data deleted, how Daylight Music manages this data and gives more information about security.
Type of Data
Personal data held by Daylight Music include, but is not limited to:
- Audience members’ names and email addresses. This data is used for promotional purposes ie. sending out newsletters with information about the events.
- Volunteers’ personal data. This mainly includes, but is not limited to, contact details and is used for administrative and event management purposes.
- Artists’ personal data. This mainly includes, but is not limited to, contact details and is used for booking artists and liaising with them prior to/after the events.
- Other business services personal data (eg Chapel contacts, piano rental companies, printers). This includes, but is not limited to, contact details and bank details. This data is used for administrative and event management purposes as well as for booking and paying for their services for the events.
Lawful basis for processing
Daylight Music stores and manages data from these individuals for the following reasons:
- Where it is needed to fulfil contractual obligations.
- Where consent has been given by the individual.
- Where legitimate interests apply, except where such interests are overridden by the interests, rights or freedoms of the data subject.
This applies to artists’ and other business services’ personal data. Holding and processing their personal data is essential to fulfilling Daylight Music’s contractual obligations with them. Without using their data, it would be impossible to make arrangements for the events.
This also applies to volunteers who have an informal agreement with Daylight Music to help with the running of the events. Without using volunteers’ data, especially their contact details, it would be impossible to involve them in the running of the events.
This applies to audience members’ personal data. Audience members whose personal data we hold and use for marketing purposes have all actively shared their data with Daylight Music in one of the following ways:
- They have added their details to the mailing list sign-up sheet that is passed around at Daylight Music events
- They have signed up to the mailing list via the website.
As of 25 May 2018, the GDPR requires companies to show that they have obtained consent from individuals to store and process their data. Consent is defined as any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which they, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to them. The individual must also be made aware of their right to withdraw their consent. The method of giving consent needs to be recorded and the company’s process must be followed.
In order to comply with the GDPR, the following changes were implemented in May 2018:
- The wording on the mailing list sign-up sheet has been amended and reads as follows: “Please fill out your name and email address if you’d like to keep up to date with future Daylight Music events. We will only email you information relevant to Daylight Music. Your details will be stored securely and won’t be shared with other organisations. You can unsubscribe at any time. For further information, please email firstname.lastname@example.org.”
- Audience members signing up to the mailing list via the website are sent an email confirming they have been added to the mailing list containing the following : Thank you for signing up to Daylight Music mailing list. We will only email you information relevant to Daylight Music. Your details will be stored securely and won’t be shared with other organisations. You can unsubscribe at any time. For further information, please email email@example.com.
Contact details are uploaded to Your MailingList Provider (www.ymlp.com). YMLP keeps track of the date when new contacts are added. Additionally, digital copies of the mailing list sign-up sheets are stored on Dropbox. (Also see below “Managing data” for more information)
The law is not retroactive and doesn’t require companies to re-permission contacts for consent as long as their personal data is only used for the purposes they were originally obtained for. Therefore, Daylight Music doesn’t need to ask audience members added to the mailing list pre-25 May 2018 to opt in again.
We believe that Daylight Music has a legitimate interest in storing artists’ data and other business services’ data who have not yet been involved with Daylight Music events. Without doing so, it would be impossible for Daylight Music to run and grow the events. More information can be found in our Legitimate Interest Assessment – New artists and business contacts.
Access to data
Individuals can unsubscribe from the Daylight Music mailing list using the “unsubscribe” link at the bottom of the emails.
Individuals can contact Daylight Music at firstname.lastname@example.org to access or amend their data, or to have it deleted.
Individuals can also consult our Marketing Privacy Notice or our Event Management Privacy Notice available at [weblink] for more information.
Data may be stored in the following places
- Daylight Music mailboxes on the Arctic Circle’s server. Which is hosted by Eukhost.
- Staff and volunteers laptops
- Staff and volunteers mobile phones
- Staff and volunteers personal mailboxes
- Hard copies of mailing list sign-up sheet
- Online third-party websites : dropbox, ymlp
Under the GDPR, small and medium organisations with less than 250 employees are exempt of documenting processing activities personal data unless the process is not occasional, is likely to result in a risk to the rights and freedoms of individuals or involves special category data (eg. sensitive data relating to race, religion or health) or criminal conviction and offence data.
Daylight Music may very occasionally hold data relating to health (allergies/dietary needs from artists) which is categorised as sensitive data. This data will be processed as follows: the staff/volunteer who receives this data will only share it with the staff/volunteer who are in charge of artist coordination, if possible verbally. When possible and when this has no impact on operations, this data will be anonymised (eg. name of the subject data not shared with the cafe). After the event, all written correspondence/notes related to this data will be deleted.
- Audience members data:
- Hard copies of the mailing list sign-up sheets are shredded.
- Digital copies of the sign-up sheets are uploaded to Dropbox for our records and as a proof of consent. These digital copies are deleted from staff and volunteers’ latops and mailboxes as soon as the details have been saved to Dropbox and YMLP
- Invalid email addresses are automatically deleted from YMLP after 1 x hard bounce or 3 x soft bounces.
- Audience members’ names and emails are kept indefinitely on YMLP unless they request for their details to be deleted
- Volunteers’ data
- Volunteers’ personal details are kept indefinitely unless they stop volunteering and requests for their details to be deleted.
- Artists’ data
- Artists’ personal details are kept indefinitely unless they request for their details to be deleted.
- Other business services’ data
- Other business services’ data are kept indefinitely unless they cease trading or ask for their data to be deleted. Daylight Music may need to retain some data for legal reasons (eg. Payment details)
- Daylight Music mailboxes on the Arctic Circle’s server. Which is hosted by Eukhost.
- Staff and volunteers laptops: these are password-protected.
- Staff and volunteers mobile phones: these are password-protected.
- Staff and volunteers personal mailboxes: these are password-protected. Data is only stored temporarily on personal mailboxes until it is uploaded on dropbox and YMLP.
- Hard copies of mailing list sign-up sheet : volunteers in charge of the mailing list during the events
- Third-party websites :
- Dropbox security information can be found here: https://www.dropbox.com/security
- YMLP terms and services can be found here: https://www.ymlp.com/terms-of-service.html
- Both Dropbox and YMLP are GDPR-compliant as advertised on their respective websites.
This page was last updated on 7th November 2018.