1.1 NODA is committed to protecting and respecting your privacy.
1.4 For the purposes of the General Data Protection Regulation and Data Protection Act 2018:
1.4.1 in respect of the personal data of the users of our website, our members, volunteers, summer school students and the purchasers of our products and services, as well as our business contacts and prospects, we act as a data controller.
1.4.2 in respect of the personal data of persons whose applications we submit to the Disclosure and Barring Service (DBS) on behalf of our member organisations, in our capacity as a DBS Umbrella Body, we process personal data as a data processor. Please see section 11 below for further information.
2. Information we may collect from you
We may collect and process some or all of the following types of data about you:
2.1 Information that you provide by filling in forms on our site www.noda.org.uk (our site). This includes information provided at the time of registering to use our site, subscribing to our service, posting material or requesting further services. We may also ask you for information when you enter a competition or promotion sponsored by the National Operatic and Dramatic Association CIO, and when you report a problem with our site.
2.2 More specifically, the information we collect may include the following – your name, telephone number, address, email address, date of birth, password, NODA membership number, official position at NODA, a short bio, your sales ledger activity, the name of your amateur dramatic society, your position within the society, banking details, medical conditions, dietary requirements, any other special needs and medications required.
2.3 If you contact us, we may keep a record of that correspondence.
2.4 We may also ask you to complete surveys that we use for research purposes, although you do not have to respond to them.
2.5 Details of any transactions you carry out through our site and of the fulfilment of your orders.
2.6 Details of your visits to our site and your general internet usage including, traffic data, location data, weblogs and other communication data, whether this is required for our own billing purposes or otherwise and the resources that you access. We may also collect information about your computer, including where available your IP address, operating system, browser type and other technology on the devices you use to access our website (please refer to our cookies policy for more information).
3. Our basis for processing and use of your data
3.1 We only use your personal data when the law allows us to. Most commonly, we use your personal data where we need to perform or are about to perform a contract with you, where it is in our legitimate interests (such as developing our products/services, promoting our charitable aims, administering our website, network security, maintaining our records and the preventing fraud), where we need to comply with a legal obligation, where it is substantially made public or with your consent.
3,2 Where you enquire about becoming a member of NODA (or where you already are a member and are renewing your membership), the basis for our processing of your personal data will be to enter into and perform the contract between you and us. In respect of persons connected with you, such as your employees and volunteers, to the extent that the basis for processing their personal data is not covered by the performance of the contract, the basis for our processing will be legitimate interest.
3.3 Where you enquire about our products or services, the basis for our processing of your personal data will be to enter into and perform the contract between you and us including to process invoices. In respect of persons connected with you, such as your employees and volunteers, to the extent that the basis for processing their personal data is not covered by the performance of the contract, the basis for our processing will be legitimate interest.
3.4 Where you sign up for one or more of our newsletters, the basis for our processing of your personal data will be your consent which you will have given at that time – but will be free to withdraw at any time.
3.5 We may from time to time send you information about events (including the regional and annual General Meetings), products, services or other matters that we believe will be of interest to you. The basis for our processing of your personal data there will be legitimate interest and/or your consent.
3.6 Where you participate in interactive features on our website our basis for processing your personal data will be to enter into or perform a contract with you, our legitimate interests or your consent.
3.7 We process technical information about you to protect our business and website, including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data where it is necessary for our legitimate interests and/or to comply with a legal obligation. We also process technical and other information about you to help deliver relevant website content and advertisements to you as well as measuring the effectiveness of the advertising. Our legal basis for doing so is that it is in our legitimate interests.
3.8 We may also share your personal data with selected third parties, so that they may contact you with information about their goods or services, but only where you have specifically and explicitly consented to this – you are free to withdraw your consent at any time.
3.9 In respect of special category data (that is personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data or data concerning yours or a third parties health, sex life or sexual orientation) or data concerning any criminal convictions, we will require your express consent. In other cases any processing by us will be on one or more of these bases:
3.9.1 that it is necessary to protect your vital interests or the vital interest of another natural person;
3.9.2 that it is necessary for the establishment, exercise or defence of legal claims;
3.9.3 that it is necessary for reasons of substantial public interest; or
3.9.4 where it has been manifestly made public by you.
3.11 We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
4.5 You may wish to visit www.aboutcookies.org where you can find comprehensive information on cookies and how to manage them.
4.6 To find out more about and to opt out of Google analytics tracking functionality, you should visit https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage
5. How do we collect your personal data
5.1 We use different methods to collect data from and about you including through:
5.1.1 Direct interactions – You may give us your personal data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you register with us, request a product or service, give us feedback, or request marketing.
5.1.3 Third parties or publicly available sources – We will receive personal data about you from various third parties and public sources such as analytics providers, advertising networks, social media and other publically available sources, payment, financial and delivery service providers and your employer/organisation.
6. Where we store your personal data
6.1 We do not transfer or store your personal data outside the European Economic Area ("EEA").
6.2 We employ appropriate security measures to protect your information from access by unauthorised persons and against unlawful processing, accidental loss, destruction and damage. All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
6.3 Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
7. Disclosure of your information
7.1 We may disclose your personal information within our group.
7.2 We may disclose your personal information to other third parties including:
7.2.1 In the event that we transfer or merge any of our activities or assets to another organisation, your information may be disclosed to our new business partners or owners.
7.2.3 our third party service providers, such as those providing IT and system administration services, based in the EEA.
7.2.4 permitted third parties for marketing purposes.
8. Your rights
8.1 You may have the right to:
8.1.1 request access to your personal data,
8.1.2 request correction of your personal data,
8.1.3 request deletion of your personal information,
8.1.4 request the restriction of processing of your personal information,
8.1.5 object to processing of your personal information where we are relying on a legitimate interest,
8.1.6 request the transfer of your personal information to another party,
8.1.7 make a complaint to the Information Commissioner's Office (ICO),
8.1.8 withdraw your consent to processing at any time.
8.2 Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
9. Keeping your information up-to-date, how long we will keep your data, opting-out, automated decision making and changes to this policy.
9.1 Please let us know if your information changes as it is important that the personal information we hold about you is accurate and up to date.
9.2 We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. As a general rule, we will keep your information for a maximum of 7 years after you cease to be a member or have no other financial or other dealings with us. We keep your information for this period so that we have a record of you should you wish to recommence your relationship with NODA.
9.3 You can opt out of our electronic newsletter simply by clicking ‘unsubscribe’ at the bottom of the email.
9.4 You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making, unless we have a lawful basis for doing so and we have notified you
10. NODA as a Data Processor
12.1 We act as an umbrella body for the purposes of submitting applications to the DBS for our membership. Where we process your personal data for these purposes we act as a data processor. This means we process your information on behalf of the data controller who has requested that we submit the application.
12.2 [Once an application has been processed by the DBS and a certificate awarded and communicated to us and the relevant data controller, we do not retain a copy for our own records].