Privacy and cookies policy
The ABO takes your privacy seriously and is committed to complying with the requirements of the General Data Protection Regulation. As such, we have produced this personal data privacy statement to inform you about your rights and how we use your data.
YOUR PERSONAL DATA
We collect, hold and process personal data about actual/prospective/former members of the ABO, customers, service users (including users of our website), partners, business contacts, staff and board members. The ABO holds and processes personal data for the following purposes, as applicable:
- Managing membership of the ABO.
- Managing access to our website (including through cookies - see below) including the submission of job vacancies.
- Managing members’ rights under the ABO’s constitution.
- Managing access to our services and events, including centralised services to the benefit of our members’ legitimate business interests.
- Sending out information we reasonably believe may be of interest to members and non-members, for example newsletters and information on networking and training events.
- Seeking information about members’ views on relevant issues or their organisation.
- Seeking feedback on events.
- To fulfil our role as Secretariat of the All Party Parliamentary Group on Classical Music.
- Forwarding members’ details to specific third-party advisers for the purposes of industry research and advocacy when we deem this to be in members’ legitimate interests e.g. DHA Communications, Connect Communications, ElevenTenths PR, Hawthorns Consulting, Wigley Arts Management, Indigo Ltd.
We may use third party suppliers’ systems to process data on the ABO’s behalf (eg. cloud based IT networks, CRM, email marketing and event booking systems) on a secure and confidential basis.
We will not share your data with other third parties without your permission or for commercial gain.
The ABO may disclose personal information if required to do so by law, or if it believes that such action is necessary to protect and defend the rights, property or personal safety of the ABO, its premises or its visitors.
In cases where you have consented to our use of your personal information for a specific purpose you have the right to change your mind at any time. Where we are using your information because we have a legitimate interest to do so, you have the right to object to that use.
We may also store and use photographic images and video footage of members and event attendees. You have the right to object to this if you wish, to do so please contact us at firstname.lastname@example.org.
Whenever we process data for these purposes we will ensure that we always keep your personal data rights in high regard and take account of these rights. You have the right to object to this processing if you wish, and if you wish to do so, or to opt out of our communications, please contact us at email@example.com or update your mailing preferences here. Please bear in mind that if you object this may affect our ability to carry out the tasks above for your benefit.
THIRD PARTY DATA PROCESSORS
Like most organisations we rely on several third-party providers to support our day-to-day operations, for example in areas such as online file storage, email delivery and off-site storage facilities. We may also hire third parties to operate, maintain or improve our website and other digital services. Some of these service providers will by necessity have access to or be directly involved in processing or storing a subset of the personal information you share with us.
All our third-party data processors have been carefully chosen as service suppliers who also practise responsible data handling. We believe that each has in place appropriate protections to ensure the security of the data we store or process with them and have clear policies for how they treat that data. But if in doubt you should review their individual Privacy Policies.
IntraLan Group Ltd (File server): http://spf.intralan.co.uk/docs/privacy_notice.pdf
CMIS-UK Ltd (CRM provider): https://www.cmis-uk.co.uk/privacypolicy/
Quickbooks (Finance Software): https://quickbooks.intuit.com/uk/privacy-policy/
MailChimp (Email marketing): https://mailchimp.com/legal/privacy/
CreateSend (Email marketing): http://www.johngood.com/legal/privacy-policy.aspx
Microsoft (Email services) https://privacy.microsoft.com/en-GB/privacystatement
Google (Website analytics): https://support.google.com/analytics/answer/6004245?hl=en
Survey Monkey (Research and Evaluation): https://www.surveymonkey.com/mp/legal/privacy-policy/?ut_source=footer
Eventbrite (Event registration): https://www.eventbrite.co.uk/support/articles/en_US/Troubleshooting/eventbrite-privacy-policy?lg=en_GB
Kelly’s Storage (off site storage facility): https://www.kellystorage.co.uk/self-storage/about-us/privacy-policy
Before using or sharing your information with third parties in ways not described here or previously authorised by you, we will provide you with notice and an opportunity to control the further use or disclosure of your personal information.
TRANSFERS OUTSIDE OF THE EUROPEAN ECONOMIC AREA
Under certain circumstances we will transfer your information outside of the European Economic Area. We will only do this with your informed consent, when it is necessary to perform a contract we have with you or where the receiving organisation has adequate safeguards in place – for example certification under the EU-US Privacy Shield framework.
We consider it in the legitimate interests of yourself and the ABO and an important part of your membership to contact you regularly with relevant information in the form of regular newsletters and event updates and, from time to time, with marketing information or to seek information about you/your views/your organisation. You may opt out of these communications at any time by clicking unsubscribe on the email, emailing firstname.lastname@example.org or updating your mailing preferences here. Please bear in mind that if you opt out of these communications you may not receive information which will help you make the most of the benefits of ABO membership.
Should you choose to opt out we will still contact you regarding the administration of your membership e.g. membership renewals and payments. We may also contact you regarding the role of members in the running of the ABO, for example our annual general meeting and board elections. We need to process your data in this way in order to carry out our contractual obligation to you and manage your rights under the ABO’s Articles of Association. It is therefore not possible for members to opt out of such communications.
The ABO places great importance on the security of all personally identifiable information associated with our members. We have implemented technology and policies to safeguard your privacy from unauthorised access and improper use and will continue to update these measures as necessary
The ABO’s website is accessible to everyone. However, certain parts of the site and certain pages are accessible only to the staff of ABO members. If you are unsure as to whether your organisation is a member or not please check our member directory pages.
Although membership of the ABO is on an organisation basis, all the staff working for that organisation are, by extension, members of the ABO and can access the members area with their own log in. Your name and email address will have been supplied to us by your organisation and we hold this data securely in accordance with the General Date Protection Regulation.
You have a right to access the personal information we hold about you at any time. If you wish to do this, please put your request in writing to the Director.
When you apply to become a member of the ABO, the details you submit which include your name, email address and postal address, will only be used by us to process your application and keep you informed about updates relating to your membership and its benefits.
Membership data is held separately from our public website in a database system hosted and managed in the UK by CMIS-UK Ltd. Appropriate security measures are in place to guard against unauthorised download or alteration of the information we hold. We will retain your personal data while you remain an active member of the ABO.
POTENTIAL MEMBERS AND EVENT ATTENDEES
In the course of their activities, members of the ABO team may obtain your details from, for example, business cards, event delegate lists, during conversations, referrals and recommendations. If we obtain your details in this way, we may contact you at a work address or work email to enquire if you would like to receive marketing information from us. If you opt in to receive marketing information, we will inform you of the ABO’s services and activities. You may opt out of such contact at any time.
During the course of their work our team may obtain personal details from individuals including colleagues in other organisations, journalists, government officials, politicians, and venue administrators. This information is required to undertake daily administration and is stored in a central system to ensure the security of your personal data.
GENERAL BROWSING AND THE ABO WEBSITE
Our website is hosted in the UK in a data centre managed by John Good Limited. When you visit our website or access one of the files stored on our web server, information about this request will be automatically stored in our log files to provide usage statistics, enable security features and aid technical troubleshooting. This is on the legal basis of legitimate commercial interests. In these cases, your IP address at the time acts as a unique identifier and is stored along with information about your operating system, browser version and the pages/files you access. These logs are retained on the server for up to 30 days, after which they are automatically deleted. Netplan Internet Solutions will also record a similar set of data for the purposes of data management and security.
Like most organisations we use Google Analytics to help understand how our website is being discovered and interacted with and we use this information to help improve the experience for our visitors and make decisions about future development. Google Analytics presents us with aggregate information about the geographic location, device types and operating systems used by our website visitors, but not in a way that personally identifies you. Additionally, Google will record your computer’s IP address and set a number of temporary cookies in your browser to help distinguish you as an individual visitor as you move around our site. In the interests of limiting the amount of data Google collects via our site we are using Google’s standard Analytics implementation and have not enabled any additional advertising features, such as remarketing tags which would tie your usage of our site in with your broader browsing habits.
As a membership association, we use CreateSend (hosted by John Good Limited) and MailChimp to facilitate communication with our members and partners. So, when you choose to receive mailings as part of your membership benefits, the email address and name you submit will be held securely by John Good Limited and MailChimp, and the information also made accessible to us.
MailChimp’s servers are based in the United States, so your information may be transferred to, stored, or processed in the US. MailChimp participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework, which certifies that is has adequate safeguards in place. As a respected email marketing provider MailChimp will not share your information with any unauthorised third parties or contact you directly at any time.
You can update your details or opt-out of our emails at any time using the ‘Unsubscribe’ or ‘Email Preferences’ links found at the bottom of every email we send via CreateSend and MailChimp. If you unsubscribe, both MailChimp and CreateSend will retain your email address for the purposes of a suppression list to ensure that no further marketing messages can be sent unless you actively choose to opt-in again.
In addition to the information you supply at sign-up MailChimp and CreateSend will also capture data about your interactions with our emails and website, such as which links you click within an email which pages you go on to visit on our website. It does this using a combination of tracking pixels and cookies. You can learn more about those in the Cookies policy on our website.
JOB VACANCY SUBMISSION
When you submit the details of a job vacancy the information you provide is sent to us by email. This includes your name, email address, telephone number and place of work. This information will only be used by our team for the purpose of processing your job vacancy submission. We will also record your IP address and a timestamp for the purposes of fulfilling our obligation under data protection regulations to appropriately log submissions of personal data.
On its way to us your message will pass through anti-spam filters operated by John Good Limited and Microsoft to identify poor quality content or viruses. These are automated processes with no human involvement. These third parties will only access email content under very limited circumstances, such as investigating fraudulent or abusive activity.
Because your submission can include attachments and other information we can’t limit what data you share with us. We request that you only share information directly relating to your submission and that you have the appropriate consent to disclose the information you share
When you send us an email, either through the contact form on our website or to an individual member of staff, we will collect your email address and any other information you provide within your email.
Microsoft are our email service provider so any emails you send us will be stored on their servers. Therefore, your email and any associated personal data may be transferred outside of the European Economic Area to servers located in the USA. Microsoft’s certification under the EU-US Privacy Shield Framework commits it to maintaining appropriate safeguards for international data transfers.
The information you provide will only be processed in relation to the purpose of your correspondence with us. We have no fixed retention period for email correspondence, but we are committed to only storing your data for no longer than is necessary to serve our legitimate interests of record keeping or to perform a contract we have entered into with you.
When registering to attend our events, you will complete a booking form through our website which then sends a form to our email servers. We then input the information you provide during registration, which includes your name, email address, and dietary or access requirements. This information will be available to us for our legitimate interest in keeping financial records, controlling access to our events and providing attendees with essential event information via email. If you choose to pay by invoice for your booking(s) we will also collect your billing contact information for the purposes of issuing the appropriate invoice.
If you book to attend an ABO event or activity, we may include your name, your job title, and your organisation (but no further details unless otherwise agreed) in a delegate list which may be provided to other delegates. We may need to disclose your details to a third party, such as an event venue, to arrange event attendance.
Eventbrite is US-based company so your personal information may be transferred, processed and stored in the US. As a certified EU-US Privacy Shield Framework organisation they adhere to the principles of Notice, Choice, Accountability for Onward Transfers, Security, Data Integrity & Purpose Limitation, Access and Recourse, Enforcement & Liability when processing Personal Data from the EEA in the United States.
If you are a speaker at an ABO event, we will publicly promote your involvement. This may include on our website, in our marketing and member communications, on Twitter and other platforms such as Facebook. Your data may continue to be processed by external platform providers after the event has ended.
PERSONAL DATA BREACHES
QUESTIONS & ACCESS REQUESTS
The General Data Protection Regulation (2018) gives you the right to know what personal data we hold, to have it updated if it is inaccurate or removed entirely if you no longer consent to our use of it. We will endeavour to respond to any such requests within one month confirming receipt and outlining what follow-up actions will be taken and when.
Association of British Orchestras
32 Rose Street
London WC2E 9ET
When we provide services, we want to make them easy, useful and reliable. Where services are delivered on the internet, this sometimes involves placing small amounts of information on your device, for example, computer or mobile phone. These include small files known as cookies. They cannot be used to identify you personally.
These pieces of information are used to improve services for you through, for example:
- enabling a service to recognise your device so you don't have to give the same information several times during one task
- recognising that you may already have given a username and password so you don't need to do it for every web page requested
- measuring how people use the site, what pages they visit and how long they spend so that we can improve services to members
You can manage these small files yourself and learn more about them by clicking Internet browser cookies - what they are and how to manage them.
First Party Cookies
Abo.org.uk uses two first party cookies - these are only used for those pages which require membership log in. If you disable cookies on your browser you will not be able to view members area pages.
Authentication of member log in
Third Party Cookies
We use Google Analytics to track behaviour patterns on the site. This data is completely anonymised and does not store any personal data.
Google Analytics - we use this to understand how the site is being used in order to improve the user experience. User data is all anonymous.