top of page

Welcoming New Members Now - Join Here

GYC Logo-transparent Back-01.png

Privacy Policy

Last updated: March 2026

The Glasgow Youth Choir is committed to protecting the privacy and personal information of our choir members, parents, guardians, volunteers, and website visitors. We recognise our particular responsibilities when working with children and young people.

This Privacy Policy explains how we collect, use, store, and protect personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

For the purposes of data protection law, Glasgow Youth Choir is the Data Controller for all personal data it processes, acting through its Committee.

1. Information We Collect

We collect and process the following categories of personal data:

  • For Choir Members (Children and Young People)

    • Full name, date of birth, and gender

    • Home address and contact details

    • School or college name and year group (e.g., P1, S4)

    • Parent/guardian names and contact details (telephone numbers, email addresses)

    • Emergency contact information

    • Medical information relevant to choir participation (allergies, medical conditions, dietary requirements)

    • Attendance records at rehearsals and performances

    • Photographs and video recordings (with appropriate consent)

    • Safeguarding and welfare information where necessary

  • For Parents and Guardians

    • Full name, address, telephone numbers, and email addresses

    • Emergency contact details

  • For Website Visitors

    • IP addresses, browser type, and device information

    • Website usage data and analytics (collected through cookies)

    • Information you provide through contact forms or email enquiries

Where required, we obtain consent from parents, guardians, or individuals before collecting and processing personal data. For members under the age of 18, consent is normally provided by a parent or guardian.

2. Processing Personal Information

Under UK GDPR, we must have a legal basis to process personal data. We rely on the following:

  • Performance of Contract: To fulfil our membership obligations

  • Consent: For photographs/videos, marketing communications, and health information

  • Legitimate Interests: For choir administration, preserving choir history, and improving our services

  • Legal Obligation: For safeguarding, health and safety, and legal reporting requirements

  • Vital Interests: In emergencies requiring access to medical information

For children under 13, we obtain consent from parents/guardians. For young people aged 13-17, we seek consent directly with parental awareness.

3. How We Use Personal Data

We use personal data for the following purposes:

  • Managing choir membership and attendance

  • Organising rehearsals, performances, and events

  • Communicating with members and parents about choir activities

  • Ensuring the safety and wellbeing of choir members

  • Complying with safeguarding obligations

  • Sending newsletters and updates (with consent)

  • Taking and using photographs/videos for promotional purposes (with consent)

  • Responding to enquiries and providing member support

  • Analysing website usage to improve user experience

4. Who We Share Personal Data With

We may share personal data with:

  • Event venues and organisers

  • Email and communication platforms (e.g., Mailchimp, Gmail)

  • IT service providers for website hosting and technical support

  • Police, social services, or safeguarding authorities when required by law

  • Legal and professional advisors when necessary

  • Partner organisations, schools, or other choirs for joint events (with consent)

  • Media organisations for promotional purposes (with consent)

All third parties are required to process data only as instructed by us, implement appropriate security measures, and comply with UK GDPR.

We do not sell or rent personal data to third parties.

5. International Data Transfers

We do not routinely transfer personal data outside the United Kingdom. If we need to do so (for example, for an international tour or performance), we will inform you in advance, ensure appropriate safeguards are in place (such as UK GDPR adequacy decisions or standard contractual clauses), obtain your consent where required.

6. Data Security

We take the security of personal data seriously and have implemented appropriate technical and organisational measures to protect it against unauthorised or unlawful processing, accidental loss, destruction, or damage. 

All staff and volunteers with access to personal data are required to maintain confidentiality and receive data protection training.

Despite our security measures, no system is completely secure. If you believe your personal data has been compromised, please contact us immediately.

7. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes outlined in this Privacy Policy or to comply with legal obligations. Specific retention periods include:

  • Active choir member records: For the duration of membership plus 6 years after a member leaves 

  • Photographs and videos: Routinely kept for 6 years after a member leaves the choir. May be retained indefinitely for archival and historical purposes to preserve the choir's history, with names and identifying details removed where appropriate

  • Website analytics: 26 months 

  • Email communications: 3 years after the last communication

  • Safeguarding records (children and young people under 18): Until the individual reaches age 25 or for 10 years after they leave whichever is greater

After these retention periods, personal data will be securely deleted or anonymised. If you withdraw consent or object to processing, we will delete your data unless we have a legal obligation to retain it.

8. Photography and Video Consent

We obtain consent from parents/guardians before using photographs and videos of their children:

  • On our website and social media

  • In printed promotional materials

  • In local media coverage

  • For internal records and archives

Photographs and videos may be retained indefinitely for archival and historical purposes to preserve the choir's history. For archival use, we will remove or anonymise identifying details where appropriate.

You can withdraw consent for promotional use at any time. We follow safeguarding best practice and do not name children in publicly available photographs without separate consent.

9. Your Rights

Under UK GDPR, you have the right to:

  • Access: Request a copy of the personal data we hold

  • Rectification: Correct inaccurate or incomplete data

  • Erasure: Request deletion of data in certain circumstances

  • Restrict Processing: Limit how we use data

  • Data Portability: Receive data in a portable format

  • Object: Object to processing based on legitimate interests or for direct marketing

  • Withdraw Consent: Withdraw consent at any time (where consent is the legal basis)

For children under 13, parents/guardians exercise these rights. Young people aged 13-17 may exercise their own rights with parental involvement.

10. Contact Us

For any questions or requests regarding this Privacy Policy please email us at glasgowyouthchoir@yahoo.co.uk

bottom of page