Privacy Policy

DATA PROTECTION PRIVACY POLICY
FOR
PRS FOR MUSIC MEMBERS BENEVOLENT FUND

The General Data Protection Regulation (GDPR) is enforced in the UK from 25 May 2018. This policy sets out how the PRS For Music Members Benevolent Fund (henceforward referred to as The Charity) will comply with the GDPR by covering the following areas:
1. Definition of key terms
2. Our understanding of the GDPR
3. How the GDPR fits into our objectives
4. Meeting our responsibilities under the GDPR
5. Respecting the rights of the individuals we work with under the GDPR
6. How our fundraising work complies with GDPR

1. Definition of the key terms:

Personal data: data conveying any information relating to an identified or identifiable natural person. This may include name, address, identifier numbers (e.g. telephone); it also includes online or electronically stored identifiers, if they can be used alone or in combination to identify a person. In addition, there is a category of ‘sensitive personal data’ which includes genetic, biometric and medical data; racial and ethnic identity; religious and political beliefs; and sexual orientation.

Data controller: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of processing personal data

Data processor: a natural or legal person, public authority, agency or other body which is responsible for processing personal data on behalf of the controller

Data processing: any operation or set of operations which is performed on personal data or on sets of personal data, whether by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction

Data subject: the individual to whom the personal data belongs. This could be an applicant, beneficiary, donor, potential donor, trustee, employee, volunteer, contractor, or any other individual whose personal data are held by us.

Consent: means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

2. Our understanding of the GDPR

The GDPR is an EU-wide law that replaces the previous Data Protection Act (1988). The purpose of the GDPR is to help EU citizens better understand and control how their personal data is being used, and how to raise objections if necessary. The GDPR achieves this by placing responsibilities on data controllers and data processors; and by giving rights to data subjects.
In the UK, compliance with the GDPR is overseen by the Information Commissioner’s Office (ICO). The Charity is registered with the ICO as a data controller (registration number Z5734202). The Charity is also a data processor under the GDPR. The Trustees of The Charity has assessed the scale of our data processing and decided that the quantity of data being processed justifies appointing a Data Protection Officer, who can be contacted at john.logan@prsformusic.com

3. How GDPR fits into The Charity’s charitable objectives

The Charity is a registered charity that exists to financially assist PRS members, ex-members and their dependants who may be in straitened circumstances. The Charity does this by offering grants or loans, offering advice, and fundraising. To carry out this work fairly and effectively, The Charity processes personal data from individuals making an enquiry about our work, grant applicants, beneficiaries, potential donors, and existing donors. The Charity also holds personal data from our employees, contractors, volunteers, trustees, and Committee members and we use this data to ensure that our organisation functions effectively. The Charity has contracts with other organisations and may need to share personal data to fulfil obligations made to applicants, beneficiaries, volunteers, donors, trustees, and staff. The Charity recognises that these uses of personal data fall within the remit of the GDPR.

The Charity will only process personal data where we have a legal basis to do so and will always respect our data subject’s rights. We may process personal data because the data subject has consented to us doing so or because we consider we have a legitimate interest to do so. Where we do rely on a legitimate interest to process personal data information, we will always ensure that this is done in a way that respects the rights of our data subjects. Other reasons may include using information because we have a legal obligation to do so or because we must fulfil contractual obligations.

4. Meeting our responsibilities under the GDPR

The GDPR sets out responsibilities for organisations processing personal data. These responsibilities are recognised by the Trustees and in practice will be delegated to the Data Protection Officer for the Charity. The responsibilities are:

4.1 Consent

Personal data must be ‘processed lawfully, fairly and in a transparent manner in relation to individuals’ (ICO website 2018)
In our work with applicants, beneficiaries, donors and potential donors, The Charity processes some personal data under the lawful basis of consent. To comply with this The Charity informs individuals about the data we require from them and sets out how it will be used. The Charity explains our use of personal data in our data protection policy, application form, website, and fundraising documentation. The Charity will usually ask for written consent from the individual where possible. Where explicit consent is not gathered for a processing activity, data will only be processed where it is necessary for our legitimate interests, to comply with legal obligations, or fulfilling contractual obligations.
Wherever we rely on your consent, you will always be able to withdraw that consent. Data subjects can tell us to stop contacting them, or change the way in which we do so, e.g. email, post, telephone, SMS etc by getting in touch with us at fund@prsformusic.com We will keep a record of any requests to stop receiving marketing from us to ensure that we do not communicate with those data subjects in the future, unless they tell us they want to hear from us again. Please note that if you opt-out of marketing emails, you will still receive non-marketing emails which may contain essential information about your grant.

4.2 Purpose of using personal data and Disclosure

Personal data must be ‘collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes’ (ICO website 2018)
The Charity uses personal data to carry out our charitable objectives as set out in section 3 above.
The Charity principally collects personal information to provide data subjects with the services, products or information they have requested. Where we use personal data, it may be because the data subject consented to us doing so. Some examples can be found below:
– The data subject has given consent to use the information for a specified purpose (including grant administration, marketing emails and newsletters)
• For internal administration, analyses, impact measurement and service reviews
• For fundraising support, feedback surveys and sending newsletters
– We have a legal obligation to use personal data, for example to provide Gift Aid information to HMRC
– We are using personal data in pursuit of a legitimate interest, for example:
• To collect money that is owed to us
• To manage our relationship with members, supporters, volunteers and donors, for example to invite people to events.

We may also keep a record of conversations we have with a data subject, feedback a data subject provides and any marketing/fundraising materials we send out to a data subject.
We may also need to share data with third parties, called ‘data processors’, (e.g. suppliers of goods or services) to fulfil our agreement with an individual. Where this is the case, we have a GDPR-compliant agreement with those third parties.

We may also need to disclose personal data if required to do so by law. For example, we are legally required to provide personal data to HMRC if a data subject has agreed to us claiming Gift Aid on their behalf.

4.3 How we collect personal data

Personal data must be ‘adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed’ (ICO website 2018)
The Charity carries out regular audits on all its data collection, processing, and storage functions to check that data are adequate, relevant and limited to that which is necessary to fulfil our charitable objectives and run our organisation effectively.
The charity receives and stores personal information supplied to us in writing, via email, via the telephone, in person or online when applying, enquiring, or registering for help, employment, trusteeship, or volunteering opportunities or when attending events or donating money to the Charity.
We may also receive personal information from third parties, for example, a welfare officer, charity, agency or organisation who refers you to our service.
Where grant recipients have provided information about their experience of applying for a grant, by whatever means, we will explain what the information will be used for and whether it will be held anonymously or not/ or it will always be used anonymously unless you agree otherwise. For example, to write case studies which can be used in our communications including PR and media activity, digital and social media, campaigning, fundraising materials and internal communications, to help us raise awareness of our mission. We would never use a personal story without obtaining the data subject’s consent first, we would always contact the data subject to discuss the use of their story in further detail each time.

4.4 Personal data must be ‘accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay’(ICO website 2018)

The Charity takes care to collect data accurately by using an application form; telephone questionnaire; documented face-to-face interviews and has reasonable administrative procedures for amending or erasing inaccurate data as necessary. There is regular training for staff and volunteers on how data is to be collected and updated or erased.

4.5 How long we keep your personal data

Personal data must be ‘kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed’ (ICO website 2018)
The Charity has set out a timescale for erasing data that we no longer need for processing purposes. When no longer needed, paper records will be shredded, and electronic records will be deleted or permanently anonymised. This process is documented as part of our regular data audit.
Enquiries – that do not progress beyond this stage – keep 1 year

Applications and Beneficiary information – keep for 6 years after the involvement has ended in line with HMRC’s requirements for tax records

Trustee information – in line with Charity Commission requirements and keep 1 year after a Trustee has left for Annual Return purposes

Donor information, including Gift Aid declarations and records to be kept until 6 years after the end of the accounting period they relate to.

4.6 Security of your personal data

Personal data must be ‘processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.’ (ICO website 2018)
The Charity’s data audit has assessed the risks to personal data. We have put in place appropriate managerial procedures to safeguard and secure the information we collect. We have set up reasonable levels of protection for physical and electronic records to include locked filing cabinets with control of access to keys; locked offices, again with key control; fire precautions; password protected computers; adequate levels of permission to access computer files; adequate anti-virus software; adequate back-up procedures; adequate agreements for data stored in the cloud or offsite; encryption of personal data if it being transferred electronically; regular training for staff and volunteers on data security.
The Charity recognises that serious breaches of unencrypted personal data must be reported to the ICO within 72 hours of our becoming aware of the breach.

4.7 Staff Training

The Charity will raise awareness of the GDPR regulations, its policy and the legal obligations upon it to all staff who have access to personal data. It will also ensure that there is appropriate data protection training for personnel on an ongoing basis.

4.8 Data Transfers

We share information with organisations outside the EEA where it is necessary to do so to fulfil our agreements and commitments to beneficiaries and applicants. Data is adequately protected by EU Commission approved standard contractual clauses, an appropriate Privacy Shield certification or a vendor’s Processor Binding Corporate Rules.

5. Respecting the rights of the individuals we work with under the GDPR

The GDPR sets out rights for individuals (i.e. data subjects), which The Charity recognises and respects.

5.1. The right to rectification: The Charity will correct data that is wrong when told to do so by data subject

5.2. The right to erasure: The Charity will delete some, or all, of a data subject’s information on request, unless it needs to be kept for legal reasons.

5.3. The right to restrict processing: The Charity will stop processing some, or all, data on request, unless there are overriding legal reasons.

5.4. The right to data portability: The Charity will provide data in a suitable format to another data controller when requested to do so.

5.5. The right not to be subject to automated decision-making (sometimes called ‘profiling’): The Charity will not use automated decision-making.

5.6. The right to access: The Charity recognises data subjects’ right to file a written subject access request (SAR) for a copy of any personal data held.

5.7. The right to object: Where we don’t have to process the data to meet a contractual or other legal requirement, The Charity will comply with objections to our processing of your personal data.

Please note that these rights may be limited, for example if fulfilling your request would reveal another person’s personal data, or if you ask us to delete information which we are required by law to keep or have compelling legitimate interests in keeping.

To exercise any of these rights, please get in touch with us using the contact details provided above.

6. How our fundraising complies with GDPR

We fundraise from members of PRS for Music Ltd, and our supporters. When we contact individuals for fundraising purposes, we are clear that fundraising is our aim. We refer individuals to our Data Protection Policy and obtain their informed consent before collecting personal data (this is sometimes called ‘opt in’ consent). We contact individuals by post or email. Our post and email requests contain an ‘unsubscribe’ facility, and this is used to prevent further unwanted email contact.
The Charity does not pass our fundraising contacts to other parties and does not buy mailing lists for fundraising purposes.

7. Use of Cookies

We use cookies and other tracking technologies on our website. For more details on the cookies we use, and the purposes for which we use them, please see our Cookie Policy.

Home Visits

 

We know every situation is different, and we find face-to-face meetings are an effective way to understand individual needs and offer the most relevant advice. We can arrange for our advisers to make home visits to discuss your circumstances, and advise on your benefit entitlements and ways in which the Fund can help.

×
Debt Management Advice

 

We can also refer you to specialist money advisers for help with managing debts and reducing monthly expenditure.

×
Short-term Loans

 

We can give short-term loans to members who have an unexpected financial crisis. We assess your circumstances to agree an amount and a timescale for paying it back.

×
Regular Financial Assistance

 

We can arrange for regular small grants (up to £20 a week) to help members who are receiving benefits but still aren’t able to maintain basic standards of living. We can also help pay for things like telephone and TV rental and licence, gas and heating bills.

×
One-off Grants

 

We are able to provide one-off grants in the case of unexpected crisis, and well as to elderly or disabled members who are finding it difficult to meet their living costs despite receiving all the benefits they are entitled to. It might be for anything from essential property repairs to replacing a broken fridge.

×
Specialist Health Assessments

 

Together with our partners the British Association for Performing Arts Medicine (BAPAM), we provide a free and confidential medical service specially tailored to performers experiencing work-connected health problems.

BAPAM have in-depth understanding of the kind of physical and psychological problems that performing artists may experience and have been providing specialist diagnostic assessments to people in the music industry for the last 25 years.

BAPAM doesn’t deal with emergencies and isn’t a general medical service, but every appointment involves a thorough evaluation, practical advice and tips, and a referral for further treatment if it’s required.

A free diagnostic appointment with BAPAM is the gateway to understanding the problem, and a genuine chance to getting on the road to recovery.

×
Sheltered Accommodation

 

In some circumstances we are able to help members find sheltered accommodation. This is arranged in association with Cyril Wood Court in Bere Regis, Dorset.

×
Career Coaching

 

Do you need a change of career? Perhaps a change from songwriting or composing, or work that runs alongside it? We have two career coaches who work in different ways. If you would like a referral, please get in touch with us.

×
Make a Donation

 

You can make one-off donation or set up a regular monthly gift simply and securely at justgiving.com/prsformusic or send a cheque payable to “PRS for Music Members Benevolent Fund” at 2 Pancras Square, London N1C 4AG.

Don’t forget if you’re a UK tax payer, we can receive an extra 28p from the Inland Revenue for every £1 you donate. Please tick the Gift Aid box when making an online donation on JustGiving or download the Gift Aid Form and send it to us with your cheque.

×
Donate Copyright and Royalties

 
It is because of members who bequeath us their PRS payments, royalties and copyrights, that we can be there to support members who need our help. If these are made a Gift of Will, they will be exempt from Inheritance Tax. We recommend that you ask a solicitor for advice and we have produced will drafting notes to help you. Alternatively you can donate a percentage of your PRS royalties at each PRS distribution. If you’d like to do this please download the PRS royalties form and your donations will start from the next PRS distribution.

×
Leave a Legacy

 

You can either leave a residuary legacy or a pecuniary legacy.

A residuary legacy is what is left of your estate after tax, expenses and other legacies have been paid. You can leave a percentage of your residuary legacy to the PRS for Music Members Benevolent Fund. A pecuniary legacy is a fixed sum of money that may decrease in value over time.

You can make a new Will or change your existing Will at any point, and we recommend that you ask a solicitor for advice. We have produced will drafting notes to help you.

×