The Tri-borough Music Hub’s (TBMH) employer is the Royal Borough of Kensington and Chelsea (RBKC). As a Local Authority (LA) service the TBMH abides by all RBKC policies including those related to Data protection - For further information: Royal Borough of Kensington and Chelsea Data Protectioninformation https://www.rbkc.gov.uk/data-protection/data-protection
The Tri-borough Music Hub (TBMH) is committed to protecting your privacy. On this page we set out why we collect information, what we do with information and what your rights are. Personal information or data is any information that can be used to identify you as an individual.
New policies effective from July 2020
We're updating our privacy policies in preparation for the changes to data protection regulations that came into force on 25 May 2018. We will be bound by EU and UK data legislation:
General Data Protection Regulations 2018 (EU2016/679)
UK Data Protection Acts 1998 and 2018 (updated)
1) Who are we?
We are the Tri-borough Music Hub (TBMH) - the lead organization that oversees the delivery of music education in three West London boroughs - the London Borough of Hammersmith and Fulham; the Royal Borough of Kensington and Chelsea; and City of Westminster - working with schools, pupils, the workforce and the community. Through an agreed shared-services model, we are a centralised Local Authority service which receives core funding from the Department for Education via the Arts Council England delivering an extensive programme of musical learning in and out of school. The TBMH is part of the School Standards Team in Children’s Services and is a Local Authority service, with The Royal Borough of Kensington & Chelsea acting as the lead borough for Tri-borough working.
Mailing address: Tri-borough Music Hub; Lyric Hammersmith; Lyric Square; King Street; London; W6 0QL
2) Data controller
Tri-borough Music Hub (TBMH) is the data controller and has overall control for all of the data it processes.
3) Personal information
The General Data Protection Regulations (GDPR) defines personal data as information relating to a person which can identify that person. The regulations require us to ensure that data is:
i. Processed lawfully, fairly and in a transparent manner in relation to individuals
ii. Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes
iii. Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed
iv. Accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay
v. Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organizational measures required by the GDPR in order to safeguard the rights and freedoms of individuals
vi. Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
4) Who we share data with
As a Local Authority service we may share data with Children’s Services colleagues for legitimate purposes (e.g. in cases of Safeguarding). We will share aggregated data with funding bodies (e.g. Arts Council England; Office for National Statistics) but never individual personal information.
5) Why we need your data?
We need to know your personal data in order to provide you with the services we offer. We will not collect any personal data from you that we do not need.
6) Privacy statements
Tri-borough Music Hub has created a series of core privacy statements (at bottom of page) which describe fully how we manage and process data. Select a link below for the specific details of each privacy statement.
7) What data do we collect?
TBMH may keep a record of your name, age, gender, mailing address, home telephone number, mobile telephone number, e-mail address and contact preferences. We don’t store our service users’ financial details - all financial systems are outsourced through the Local Authority to Hampshire Local Authority.
8) When do we collect information?
We collect personal information from you when you register for our classes and programmes, when you speak to or email a member of our team or a volunteer, donate, book for an event, subscribe to our newsletter, respond to a survey, fill out a form or make an enquiry.
We’d like to keep you informed about forthcoming events and developments at TBMH and when registering with us you will also be asked whether you would like to receive this information either by email, post or phone.
9) What do we do with your data?
We may use your personal information to communicate with you, to inform you about forthcoming events, for administrative and record keeping purposes, and in aggregate (and therefore anonymously) for monitoring and evaluation purposes so we may improve our services. All the data you provide will only be processed by TBMH staff and stored on our secure servers and secure filing systems as appropriate.
10)How long do we keep personal data?
TBMH will retain personal data securely and only in line with how long it is necessary to keep for a legitimate and lawful reason. Typically, the legal recommendation for how long to keep ordinary staff and student personnel files is up to 7 years following departure from TBMH. However, incident and safeguarding files will need to be kept much longer, in accordance with specific legal requirements.
Data about pupils’ musical activity will be kept for up to 3 years from the time that they left the TBMH. Aggregated data (e.g. for evaluations from CPD or events) will be kept for up to 3 years after the event.
If you have specific queries about how our retention policy is applied, or wish to request that personal data that you no longer believe to be relevant is considered for erasure, please contact the Head of TBMH Stuart.Whatmore@rbkc.gov.uk. However please bear in mind that TBMH will often have lawful and necessary reasons to hold on to some personal data even following such a request.
11)Security of your personal information
We take reasonable steps to protect all of your personal information we hold from misuse and loss, and from unauthorised access, modification or disclosure. This protection applies in relation to information stored securely in both electronic and hard copy form.
12)Subject access request
If you wish to make a formal access request to see the data TBMH holds about you, please email email@example.com, or complete our online form, (in development).
13)Your rights and how to make a complaint
If you believe that the information we hold on you is incorrect, you may request to see it and have it amended or deleted. If you wish to make a complaint about how your data has been handled, you may do so by contacting the Head of TBMH Stuart.Whatmore@rbkc.gov.uk who has been appointed to deal with all requests and enquiries concerning TBHM’s uses of your personal data.
If you are not satisfied with the response you receive, or you believe your data is not being processed in accordance with the law, you should contact the office of the Information Commissioner. (https://ico.org.uk/global/contact-us/)
TBMH will never provide data to third parties unless one of the following conditions applies:
•When you have given your permission to do so
•When we are required to do so by law, by a court order or by a governmental department or authority
•When we need to protect our own rights, property or safety of employees, students, volunteers, and visitors to our offices and venues and our website
Full details of how and when data may be exchanged with third parties are given in the core privacy policies listed below.
In the event of computer misuse data may be passed to computer security staff external to TBMH to aid in their investigations.
TBMH will never sell data to a third party.
Most websites, including www.triboroughmusichub.org will put small text files onto your computer or similar device, which are known as cookies. A cookie is a small piece of information placed in your web browser or hard drive that can be used to identify website visitors and to analyse website traffic. This allows us to understand how people use our website and to improve visitors’ experiences.
16)Links to third party websites
You will find links to other websites on the Tri-borough Music Hub site. TBMH can accept no responsibility or liability for the content of other websites or any information you provide to third party websites. It is your responsibility to familiarise yourself with the privacy policies of other websites.
Tri-borough Music Hub has processes in place to detect a data breach.
In the event of a data breach, either intentional or unintentional, TBMH will assess the likely impact on any individuals affected and any risk to which they may be exposed and take steps to notify the individuals concerned. If necessary, the Information Commissioners Office (ICO) will be notified of the breach.
18)Automated decision making
The General Data Protection Regulations provide safeguards for individuals against the risk that a potentially damaging decision is taken without human intervention. There are no automated decision making processes at Tri-borough Music Hub.
19)Accessing and updating your personal information
If you would like to amend the information you have provided or think that our records are incorrect, please email us at firstname.lastname@example.org to update us.