Menu
National Operatic & Dramatic Association
  • Facebook
  • Twitter

Privacy Policy

Privacy Policy

1. Privacy Policy: Version 1.0      dated August 20th 2018

1.1 NODA is committed to protecting and respecting your privacy.

1.2 This privacy policy is issued on behalf of the National Operatic and Dramatic Association – Charitable Incorporated Association whose charity reference number is 1171216 and NODA Ltd, a company registered in England and Wales with company registration number 00241572 both of 15 The Metro Centre, Woodston, Peterborough, PE2 7UH. 1.3 When we mention “NODA”, “we”, “us” or “our” in this privacy notice, we are referring to the relevant organisation responsible for processing your data. [Please contact us if you need clarification as to which entity acts as the controller in particular circumstances]. NODA CIO is the controller and responsible for this website.

1.3 This policy (together with our terms of use and any other documents referred to on it) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

1.4 For the purposes of the General Data Protection Regulation and Data Protection Act 2018:

1.4.1 in respect of the personal data of the users of our website, our members, volunteers, summer school students and the purchasers of our products and services, as well as our business contacts and prospects, we act as a data controller.

1.4.2 in respect of the personal data of persons whose applications we submit to the Disclosure and Barring Service (DBS) on behalf of our member organisations, in our capacity as a DBS Umbrella Body, we process personal data as a data processor. Please see section 11 below for further information.

2. Information we may collect from you

We may collect and process some or all of the following types of data about you:

2.1 Information that you provide by filling in forms on our site www.noda.org.uk (our site). This includes information provided at the time of registering to use our site, subscribing to our service, posting material or requesting further services. We may also ask you for information when you enter a competition or promotion sponsored by the National Operatic and Dramatic Association CIO, and when you report a problem with our site.

2.2 More specifically, the information we collect may include the following – your name, telephone number, address, email address, date of birth, password, NODA membership number, official position at NODA, a short bio, your sales ledger activity, the name of your amateur dramatic society, your position within the society, banking details, medical conditions, dietary requirements, any other special needs and medications required.

2.3 If you contact us, we may keep a record of that correspondence.

2.4 We may also ask you to complete surveys that we use for research purposes, although you do not have to respond to them.

2.5 Details of any transactions you carry out through our site and of the fulfilment of your orders.

2.6 Details of your visits to our site and your general internet usage including, traffic data, location data, weblogs and other communication data, whether this is required for our own billing purposes or otherwise and the resources that you access. We may also collect information about your computer, including where available your IP address, operating system, browser type and other technology on the devices you use to access our website (please refer to our cookies policy for more information).

3. Our basis for processing and use of your data

3.1 We only use your personal data when the law allows us to. Most commonly, we use your personal data where we need to perform or are about to perform a contract with you, where it is in our legitimate interests (such as developing our products/services, promoting our charitable aims, administering our website, network security, maintaining our records and the preventing fraud), where we need to comply with a legal obligation, where it is substantially made public or with your consent.

3,2 Where you enquire about becoming a member of NODA (or where you already are a member and are renewing your membership), the basis for our processing of your personal data will be to enter into and perform the contract between you and us. In respect of persons connected with you, such as your employees and volunteers, to the extent that the basis for processing their personal data is not covered by the performance of the contract, the basis for our processing will be legitimate interest.

3.3 Where you enquire about our products or services, the basis for our processing of your personal data will be to enter into and perform the contract between you and us including to process invoices. In respect of persons connected with you, such as your employees and volunteers, to the extent that the basis for processing their personal data is not covered by the performance of the contract, the basis for our processing will be legitimate interest.

3.4 Where you sign up for one or more of our newsletters, the basis for our processing of your personal data will be your consent which you will have given at that time – but will be free to withdraw at any time.

3.5 We may from time to time send you information about events (including the regional and annual General Meetings), products, services or other matters that we believe will be of interest to you. The basis for our processing of your personal data there will be legitimate interest and/or your consent.

3.6 Where you participate in interactive features on our website our basis for processing your personal data will be to enter into or perform a contract with you, our legitimate interests or your consent.

3.7 We process technical information about you to protect our business and website, including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data where it is necessary for our legitimate interests and/or to comply with a legal obligation.  We also process technical and other information about you to help deliver relevant website content and advertisements to you as well as measuring the effectiveness of the advertising. Our legal basis for doing so is that it is in our legitimate interests.

3.8 We may also share your personal data with selected third parties, so that they may contact you with information about their goods or services, but only where you have specifically and explicitly consented to this – you are free to withdraw your consent at any time.

3.9 In respect of special category data (that is personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data or data concerning yours or a third parties health, sex life or sexual orientation) or data concerning any criminal convictions, we will require your express consent. In other cases any processing by us will be on one or more of these bases:

3.9.1 that it is necessary to protect your vital interests or the vital interest of another natural person;

3.9.2 that it is necessary for the establishment, exercise or defence of legal claims;

3.9.3 that it is necessary for reasons of substantial public interest; or

3.9.4 where it has been manifestly made public by you.

3.10 We also collect, use and share "aggregated data" such as statistical or demographic data for any purpose. Aggregated data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we will treat the combined data as personal data which will be used in accordance with this privacy policy.

3.11 We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

4. Cookies  

4.1 Our site uses cookies which may obtain information about your general internet usage by using a cookie file which is stored on your browser or the hard drive of your computer. Cookies contain information that is transferred to your computer's hard drive. They help us to provide you with a good experience when you browse our site, improve our site and to deliver a better and more personalised service. 

4.2 By continuing to use our site, you are agreeing to our use of cookies.

4.3 Please note that our advertisers may also use cookies, over which we have no control – you can turn them off, but not through us.

4.4 You can block cookies by activating the setting on your browser which allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our site. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies as soon as you visit our site. For more information about the cookies we use, please see our cookie policy [LINK].

4.5 You may wish to visit www.aboutcookies.org where you can find comprehensive information on cookies and how to manage them.

4.6 To find out more about and to opt out of Google analytics tracking functionality, you should visit  https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage

5. How do we collect your personal data

5.1 We use different methods to collect data from and about you including through:

5.1.1 Direct interactions – You may give us your personal data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you register with us, request a product or service, give us feedback, or request marketing.

5.1.2 Automated technologies or interactions – As you interact with our website, we will automatically collect technical data about your equipment, browsing actions and patterns. We collect this personal data by using cookies and other similar technologies. [We may also receive technical data about you if you visit other websites employing our cookies.] Please see our cookie policy [LINK] for further details.

5.1.3 Third parties or publicly available sources – We will receive personal data about you from various third parties and public sources such as analytics providers, advertising networks, social media and other publically available sources, payment, financial and delivery service providers and your employer/organisation.

6. Where we store your personal data

6.1 We do not transfer or store your personal data outside the European Economic Area ("EEA").

6.2 We employ appropriate security measures to protect your information from access by unauthorised persons and against unlawful processing, accidental loss, destruction and damage. All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

6.3 Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

7. Disclosure of your information

7.1 We may disclose your personal information within our group.  

7.2 We may disclose your personal information to other third parties including:

7.2.1 In the event that we transfer or merge any of our activities or assets to another organisation, your information may be disclosed to our new business partners or owners.

7.2.2 If we are under a duty to disclose or share your personal data in order to comply with a legal obligation (such as to HMRC or the Charity Commission), or in order to enforce or apply our terms of use and terms and conditions of supply and other agreements; or to protect the rights, property, or safety of NODA, our members, customers, or others (such as to our professional advisers including our lawyers and accountants). For the avoidance of doubt sharing information for these purposes may include exchanging information with other companies and/or organisations for the purposes of fraud protection and credit risk reduction.

7.2.3 our third party service providers, such as those providing IT and system administration services, based in the EEA.

7.2.4 permitted third parties for marketing purposes.

8. Your rights

8.1 You may have the right to:

8.1.1 request access to your personal data,

8.1.2 request correction of your personal data,

8.1.3 request deletion of your personal information,

8.1.4 request the restriction of processing of your personal information,

8.1.5 object to processing of your personal information where we are relying on a legitimate interest,

8.1.6 request the transfer of your personal information to another party,

8.1.7 make a complaint to the Information Commissioner's Office (ICO),

8.1.8 withdraw your consent to processing at any time.

8.2 Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

9. Keeping your information up-to-date, how long we will keep your data, opting-out, automated decision making and changes to this policy.

9.1 Please let us know if your information changes as it is important that the personal information we hold about you is accurate and up to date.

9.2 We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. As a general rule, we will keep your information for a maximum of 7 years after you cease to be a member or have no other financial or other dealings with us. We keep your information for this period so that we have a record of you should you wish to recommence your relationship with NODA.

9.3 You can opt out of our electronic newsletter simply by clicking ‘unsubscribe’ at the bottom of the email.

9.4 You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making, unless we have a lawful basis for doing so and we have notified you

9.5 We keep this privacy policy under review. Any changes will be posted on this page and, where appropriate, notified to you by e-mail.

10. NODA as a Data Processor

12.1 We act as an umbrella body for the purposes of submitting applications to the DBS for our membership. Where we process your personal data for these purposes we act as a data processor. This means we process your information on behalf of the data controller who has requested that we submit the application.

12.2 [Once an application has been processed by the DBS and a certificate awarded and communicated to us and the relevant data controller, we do not retain a copy for our own records].

12.3 We usually submit an application based on your consent, which is obtained by the controller. If you have any questions regarding an application, please speak to the relevant controller and/or consult their privacy policy.

11. Contact

11.1 Questions, comments and requests regarding this privacy policy are welcomed and should be addressed to info@noda.org.uk or to Dale Freeman dale@noda.org.uk, who acts as our data privacy manager OR DPO.