ISM Group privacy policy

1. About us

The Incorporated Society of Musicians (ISM) is a professional association established in 1882. We provide a wide range of services and support to our membership of professional musicians and music students. We also campaign on behalf of musicians. We offer professional development opportunities for members and non-members via one of our sister charities, the ISM Trust, and offer further support for musicians via our other sister charity, the ISM Members’ Fund. Collectively we refer to all the ISM Companies as the ISM Group.

The ISM is a company limited by guarantee, incorporated in England and Wales under company number 36882. Our registered office is at 4-5 Inverness Mews, London, W2 3JQ.

The Incorporated Society of Musicians Trust is a registered charity which has as its aims the advancement of education, the arts and to promote health.

The Benevolent Fund of the Incorporated Society of Musicians (known as the ISM Members Fund) is also a registered charity which among other activities helps ISM members and their dependants in times of need.

This policy applies to all ISM Group companies.

You can contact us about this Privacy Policy by writing to: The Data Co-ordinator, ISM, 4-5 Inverness Mews, London W2 3JQ or via email: [email protected]

Please read this privacy policy carefully. It explains what personal information we may collect about you when you become a member of the ISM, register for one of our webinars or events, and subscribe to our mailing lists, and any other ways you may engage with us.

This policy tells what we do with your personal data, and who we may share it with. This policy also tells you about your rights in respect of the personal information we hold about you, and how to contact us to exercise your rights, or to find out more about how we handle personal data.

2. About this Privacy Policy

In order for us to fulfil our functions as a professional association, we process personal data relating to existing and prospective members, members of the public, our partners and other individuals we do business with (also referred to in this notice as 'you'), including:

  • ISM current, prospective and former members
  • Council Members and Trustees
  • ISM Ambassadors
  • Special Interest Group, Advisory Group, and Local Group Members
  • Campaign supporters
  • Survey respondents and petition signatories
  • Subscribers to newsletters and other publications
  • Registrants for professional development training seminars, webinars or other events
  • Representatives and contacts from other organisations and service providers
  • Other recipients of services provided by the ISM
  • Complainants and enquirers

The ISM is committed to preserving the appropriate confidentiality, integrity and security of the personal data we process by complying with the Data Protection Act 2018 (which incorporates the provisions of the 2016 General Data Protection Regulation (GDPR)) and all applicable Privacy and Electronic Communications Regulations.

3. Changes to this Privacy Policy

We will update this privacy policy from time to time. We will notify you of any changes as required by law. We will also post an updated version on our website.

This Privacy Policy was last updated on 24 May 2018.

4 What personal data do we collect?

Personal data is any information relating to an identifiable living individual. We may collect the following information about individuals:

  • personal details including your full name and date of birth
  • contact details, including postal and email addresses, and preferences
  • education
  • work/employment details
  • application forms and references
  • account and payment details
  • membership details
  • DBS certificate numbers
  • details of legal queries
  • details of complaints
  • financial details
  • any other information you choose to give us

We may also process in certain circumstances sensitive classes of information that may include:

5. How do we collect it?

We collect data directly from you (for example from registration forms, change of details forms, surveys, at fairs and events and via our website) and will create some data internally (e.g. when we assign you an ISM membership number).

We will also collect data directly from you when you voluntarily subscribe to any of our mailing lists.

Where we collect information, whether that be via websites, telephone, or manual forms, we will provide at the point of collection a more tailored and specific privacy statement pointing out the relevant information for that product or service and justifying why the collection is necessary.

We may also collect personal information about you when you create a profile in the ISM’s Music Directory.

We may also receive information from third parties, including referees in support of your membership application. We may also receive information about you in relation to the ISM Members’ Code of Conduct and our ISM Safeguarding & Child Protection Policy, Code of Practice and Procedures.

Information we collect through our website

When you visit our websites, we automatically collect some technical information from your computer or mobile device such as IP address, browser type and version, time zone setting, browser plug-in types and versions and operating systems and platforms, and information about your visit to the website and your use of it.

Our websites use cookies. Cookies are text files placed on your computer to collect Standard Internet Log information and visitor information. These cookies allow us to distinguish you from other users of the website and allow us to collect information about your visit to our website. For more information on which cookies we use and how we use them, see our Cookie Policy.

6. What do we do with your personal data?

We may process the information we collect about you for the following purposes:

ISM members

Administration of membership: we will hold personal data relating to members in order to administer membership. This includes to process your membership (and application for membership), payments and to notify you of any matters affecting your membership.

The legal basis for this processing is to perform the contract with you related to these activities and services or because you have asked us to take specific steps before entering into a contract in respect to these activities and services;

Membership benefits: we will use your information to administer membership benefits including to send you publications, to provide legal advice, to assist you to obtain a DBS certificate, to add you to the ISM Music Directory (only with your consent) and Handbook (again, only with your consent), to process applications for ISM Registered Private Teacher Status and to assist you with claims under professional insurances.

The legal basis for this processing is to perform the contract with you related to these activities and services.

Communications and information: we will use your information in order to send you ISM publications such as Music Journal, our Handbook and any other publication intended primarily for members. We will also send you regular member e-newsletters which contain information about the activities and services delivered through the ISM, the ISM Trust and the ISM Members Fund, along with updates on legal matters and other information relevant to music professionals. You can unsubscribe from our email newsletters at any time.

We will also use your information:

  • to send you registration or information packs, surveys, questionnaires, feedback forms, information regarding ISM campaigns and ISM courses and events
  • to correspond with you about any ISM projects or initiatives.

The legal basis for this processing is to perform the contract related to these activities and services.

Governance: we will use your information where you are an elected or appointed Council Member or Trustee for governance purposes. We will also use your data if you are ISM member to contact you and send you information so you can exercise your Companies Act rights.

The legal basis for this processing is legal obligation.

Seminars, conferences, webinars and other events: the ISM offers seminars, conferences, webinars and other training events, online or offline, for both members and non-members. If you choose to register for any of these, we will need your information in order to administer your registration and attendance.

The legal basis for this processing will be contractual in some cases or it will be to fulfil a legitimate interest.

ISM Members Fund: Certain additional information may be collected from members and dependants who are beneficiaries of the ISM Members Fund.

Other individuals who engage with us

Campaigns, newsletters and other resources if you opt in to receive newsletters about our activities or if you want to access some of our resources available to the public, we will email you with information relevant to the mailing list to which you have given your consent. You may withdraw your consent at any time.

The legal basis for this processing is consent.

To assist you: we will use your information to respond to enquiries and assist you with any requests. Your communications with the ISM, including online, by email, text message (SMS), via ISM’s website (or otherwise) may be recorded and retained for quality, training and record-keeping purposes. If you post or interact with us via social media, we may use your information, in order to contact you in relation to the query. We will not use this for the purpose of further marketing or communications, unless you give us your consent to do so.

The legal basis for this processing is legitimate interest because it is necessary for the administration of our business and the provision of our services, which is necessary for the legitimate interests of our business.

Professional conduct: we will use your information for the purpose of enquiries, investigations and complaints relating to ISM members. Such matters may be sensitive in nature and the ISM restricts internal access to information to those teams responsible for investigating and resolving the relevant matters.

The legal basis for this processing is the effective administration of such enquiries which is a legitimate interest of our business.

Partner relationship management. We will use personal information of nominated individual representatives of firms and other organisations as part of our partner relationship management activities, including of our corporate members.

Communications (including marketing). We use your information for:

  • Marketing purposes and to send you relevant communications about our products, services, news and other initiatives.
  • To send you registration or information packs, surveys, questionnaires, feedback forms, information regarding ISM campaigns and ISM courses and events
  • To correspond with you about any ISM projects or initiatives.

Where you have given us consent for us to contact you for these activities, you will have the right to withdraw your consent for these at all times, and we will make this process as easy as possible.

We will not pass your information on to other marketing providers and we will not sell your information to any third party.

7. What is the legal basis for our data processing?

We must have a legal basis to use your personal information when the law allows us to. In accordance with the law, we process the personal data described above because:

  • it is necessary in order to perform the contract we have entered into with you;
  • it is necessary for the purposes of our legitimate interests (or those of a third party). Where we use your personal data for our legitimate interests, we make sure that we take into account any potential impact that such use may have on you. If we believe your interests or fundamental rights and freedoms override our legitimate interests, we will not use your personal data on this basis and may seek your specific consent, and/or another lawful basis.
  • it is necessary for our compliance with a legal obligation.

We may also use your personal information in the following situations:

  • Where we need to protect your interests (or someone else’s interests).
  • Where it is needed in the public interest.

8. How will we share your data?

Service providers

The ISM uses a number of third-party service providers in order to carry out some of the activities described above. For example, to send you mailings, to provide professional insurances, to obtain DBS certificates, to collect direct debit payments and to manage surveys, campaigns and events. The ISM requires such service providers to use your personal data only for the purpose of the relevant service.

We also engage external IT consultants and suppliers to provide support and development services in relation to our systems and databases. These consultants may from time to time need to access information which may contain personal data for the purposes of systems testing and development.

Regulatory obligations

Our auditors are given access to our systems for the purpose of annual audit of our accounts.

In some circumstance, we may need to share your personal data where necessary with other third parties (including legal or other advisors, regulatory authorities, courts and government agencies) to enable us to enforce our legal rights, or to protect the rights, property or safety of our employees or where such disclosure may be permitted or required by law.

We require third parties to maintain appropriate security to protect information from unauthorised access or processing.

We may be under an obligation to report certain matters to internal senior management, committees within the ISM and/or to external bodies including local authorities, Companies House and the Charity Commission.

General public

The ISM will publish your details in our Music Directory, our online directory of music professionals, and in the ISM Handbook. This is only done with your consent and you can withdraw this consent by emailing us at [email protected]. If you wish to withdraw consent from the print edition we will remove your details at the first reprint or new edition of the Handbook.

Transfers of your information out of the EEA

We may need to transfer your personal data to data processors working for us or one of our suppliers which are located outside the European Economic Area (EEA). One such example is where any of the computer services used to host our website are located in a country outside of the EEA. We may also transfer your data to the USA to organisations such as Campaign Monitor, SurveyMonkey, Facebook, Twitter and Google for content delivery, communication and marketing services in accordance with your preferences. We will take all steps reasonably necessary to ensure your personal data is treated securely and in accordance with this privacy policy. These steps may include entering into processing agreements with these parties or ensuring the parties receiving your data are certified under an approved certification mechanism such as the Privacy Shield framework (details of which can found at www.privacyshield.gov).

9. How long will we hold your data?

We will retain your details for as long as they are needed for the relevant purposes listed in the section above Why does the ISM hold information on me? above.

We may also retain certain records for other legitimate reasons (including after your relationship with the ISM has ended), for example to resolve any potential disputes, cross-check against future membership applications and to comply with other retention obligations e.g. safeguarding issues.

10. Your rights

The law gives you certain rights in relation to your data. The ISM is committed to respecting individuals’ rights. You may action your rights by contacting us via email to [email protected]. We will comply with your requests unless we have a lawful reason not to do so. We will endeavour to handle any requests within a reasonable period and, in any event, within a month of the original request.

Your rights include:

  • Right to information and access

You have the right to be informed about what personal data we collect about you, why, on what lawful basis and what your rights are. This Privacy Statement is the key document we use to inform you about this.

You also have a right to request access to the information that we hold about you, and to receive a copy of this information, along with other information which is generally contained in this Privacy Statement.

ISM members also have the right to receive a copy of any information we hold about them in connection with the performance of our contract with them.

We will respond to you within the time frame specified within the applicable data protection law, which is generally within one month of receipt of the written request. We will provide the information without charge, but we may charge a reasonable fee for the administrative cost of providing the information where the request for information is unfounded, repetitive or excessive.

  • Right to rectification

You have the right to request that inaccurate personal data be rectified, or completed if it is incomplete. We will respond to you within the time frame specified within the applicable data protection law, generally within one month of receipt of the request. If we have disclosed your personal data to any third parties, we will also inform those third parties of any correction to your personal data where possible. Members can update their details via the Members’ area of our website at ism.org.

  • Right to erasure and restriction

You have the right to ask us to limit or cease processing or erase information we hold about you in certain circumstances. When responding to such requests, we will tell you how such restrictions or deletions may affect our ability to fulfil our contracts with you or otherwise affect your interests.

  • Right to object

You can ask us to stop using your information, where we are processing it on the basis of our legitimate interest. We will do so unless we believe we have a legitimate overriding justification to continue processing your personal data.

  • Right to ask us to stop contacting you with direct marketing

You can ask us to stop contacting you for direct marketing purposes. If you would like to do this, please email us at [email protected]

  • Right to withdraw consent

If you have given us any specific consent to use your personal data, you have the right to withdraw it any time. If you wish to tell us that you are withdrawing your consent, please email us at [email protected]

11. Data security

We will use technical and organisational measures to safeguard your personal data. All information you provide to us is stored securely and any access to your online user account is controlled by a password and user name that is unique to you.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

Our website may include links to, or content embedded from third party web service providers. Please note that we have no control over these third-party websites and therefore cannot accept responsibility for the protection and privacy of any information which you provide whilst visiting such third-party websites and such websites are not governed by this privacy policy. It is your responsibility to exercise caution and note the terms of privacy policies relevant to any such third-party websites.

If you have reason to believe that your interaction with us is not secure, please notify us of the problem immediately by contacting us using the details below.

Prior to introducing new systems or technologies relevant to the processing of personal data, we will undertake any necessary impact assessments with a particular focus on any associated risks.

12. Breaches

In the event of any breach of our systems impacting on the security of a member’s or any other individual’s personal data, we will inform the affected member(s) or individuals at the earliest opportunity describing the nature of the breach, the possible consequences and the measures being taken to remedy the situation in accordance with our procedures and applicable law. Where necessary, we will notify the Information Commissioner’s Office in accordance with the law.

13. Complaints

If you are unhappy with the way in which we process your personal data, please contact us via email [email protected]

You also have the right to lodge a complaint before the Information Commissioner’s Office (ICO), the UK’s data protection authority.

Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF; Tel: 0303 123 1113 (local rate) or 01625 545 745; or see their website.

14. Contact us

Please direct any comments or enquires relating to this policy to:

The Data Co-ordinator, ISM, 4-5 Inverness Mews, London W2 3JQ

or via email: [email protected]

Date: 24 May 2018