On 25th May, 2018, new legislation, commonly known as the General Data Protection Regulations (‘GDPR’), became effective, placing significant responsibilities on organisations with respect to the handling and processing of personal data. Because the Israel Philharmonic Orchestra Foundation UK [IPOFUK] holds a limited amount of personal data about its valued supporters, IPOFUK is registered with the Information Commissioner’s Office (‘ICO’) under Registration Reference ZA316157. This registration is renewed annually.
What information does IPOFUK handle and store?
IPOFUK collects and holds ONLY data that is necessary to carry out its charitable function in raising funds for the Israel Philharmonic Orchestra and this is limited to the following information:
First Name and Surname
Email Address and Telephone Number
Details of your donations to IPOFUK
Details of payments made for programme entries, adverts and auction
Any personal information in email correspondence between you and IPOFUK
This data qualifies as ‘personally available information’ under the terms of GDPR and, therefore, in order to comply with the new regulation, it is necessary for IPOFUK to receive your permission to store and use this data.
In some cases, data may be stored on a Legitimate Interest basis or Legal Obligation basis, but in this case, we will not use it to send newsletters. We hold Consent-based data and Legitimate Interest based data for a maximum of thirty years. We hold Legal Obligation basis data for a maximum of 15 years.
What is your information used for?
The above information may be used by IPOFUK in one or more of the following ways:
To send to you periodic emails and/or correspondence in relation to concerts and other special events or news;
To send to you periodic emails and/or correspondence in relation to fundraising initiatives, such as membership;
To send to you emails and/or correspondence regarding any outstanding payments;
To maintain a record of your support.
Under the GDPR regulations, it is necessary for you to give IPOFUK permission to use your personal information, even though the amount of data that we hold is limited and notwithstanding that IPOFUK only uses this information in the context of its role in fundraising for the Israel Philharmonic Orchestra. In the event that we do not receive your permission, and your information is not needed on a Legitimate Interest basis or Legal Obligation basis, we will delete your data and stop all forms of communication.
How does IPOFUK protect your information?
Your personal information is held in a secure, password protected database called Magbit and a secure, password protected accountancy database called Sage, both accessed by IPOFUK staff only. The IPOFUK uses a variety of standard security measures to maintain its safety. The IPOFUK
occasionally uses third party email software such as ActiveTrail that are based outside the EU but meet the GDPR requirements because they carry Privacy Shield certification. The IPOFUK only uses third party software that is strictly GDPR compliant. The IPOFUK occasionally needs to share your information with a limited number of IPO Foundation staff in Israel, for administrative support and in such instances, your information will always be shared with password protection.
How can you find out what information the IPOFUK holds on you?
Should you send us a Subject Access Request, IPOFUK is obliged to provide you with what personally identifiable information we hold on you. For the purposes of GDPR, we have a month, after receiving your request, to provide this information to you.
What about potential data breaches?
The GDPR places a duty on all organisations to report specific types of data breach to the ICO, and in some cases, to individuals. We have to notify the ICO of a data breach, where it is likely to result in a risk to the rights and freedoms of individuals.
Does IPOFUK disclose any information to outside parties?
We do not sell, trade, or otherwise transfer your information to outside parties. We may release your information when we believe release is necessary to comply with the law, or protect our or others rights, property, or safety.
You will be advised of any change to the policy
How can you contact IPOFUK to ask about GDPR or to opt-out of receiving any further information?
You are free to opt-out of receiving further information from us at any time, by emailing the address above.