THE ACADEMY of ST OLAVE’S – Privacy Policy

Privacy Policy

Academy of St Olave’s Privacy Notice - Approved 9 December 2021


The Academy of St Olave’s is a Chamber Orchestra, based in York, and gives performances to the public several (usually 3) times a year.
The Orchestra’s website address is:
The Orchestra holds a list of playing members who wish to be invited to play in its concerts.  Playing members are invited to play in a specific concert by orchestra fixers who are responsible for fixing the different sections of the orchestra, so that the strings are invited independently from the woodwind, brass and percussion.  The orchestra fixers are appointed by the committee and they are orchestra members or the Musical Director.

For the purposes of the General Data Protection Regulation (GDPR), the Academy of St Olave’s is the data controller. Orchestra committee members and those authorised by them may process and store data on the Orchestra’s behalf.

If you’re reading this, you may be:

  • A member, or past member, of the Academy of St Olave’s
  • A member of the public who has contacted the Orchestra or bought tickets via the Orchestra’s website
  • Someone who supplies a service to the Academy of St Olave’s e.g. Musical Director

This notice explains when and why we collect personal information, how we will use it, the conditions under which we will disclose it to others and how we keep it secure.

What sort of information do we collect?

In order to administer the Orchestra we hold the following information:

  • Members’ name and contact details
  • The name and contact details of suppliers of services

The website collects information in order to function:


When visitors leave comments on the website we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
An anonymised string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: After approval of your comment, your profile picture is visible to the public in the context of your comment.


If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.


If you leave a comment on the website you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you have an account and you log in to the website, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Articles on the website may include embedded content (e.g. maps, videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.  These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracing your interaction with the embedded content if you have an account and are logged in to that website.

How do we use your personal information?

We will use the information we collect to:

  • Keep members of the Orchestra informed about rehearsals, concerts, notices regarding the administration of the Orchestra such as Annual General Meetings and any other relevant purposes, through email and applications such as WhatsApp
  • Keep past members informed about reunion concerts and events
  • Ensure that we comply with current legal financial responsibilities
  • Enter into contracts with suppliers and potential suppliers and process payments to them
  • Keep people who have purchased advance tickets to Academy of St Olave’s concerts informed of any changes to the concert venue, concert programme or soloists
  • Make payments to orchestra members who have incurred incidental expenses on behalf of the Orchestra

We will NOT

  • sell or rent any of the personal data we hold to third parties for any purpose.
  • hold bank details of those who purchase tickets; these details are held by our ticket provider, Web Ticket Manager, and payments are transmitted to the Orchestra’s bank account without account details being shared.
  • hold bank details of suppliers; these details are held securely by our Bank, HSBC, for the purposes of paying bills by bank transfer.

What is the purpose of collecting and processing this information?

Under the General Data Protection Regulation (GDPR) anyone who processes personal data should clearly state the legal bases for doing so, to ensure they process data lawfully, fairly and transparently. There are six legal bases for processing personal data and those which apply to the Academy of St Olave’s are as follows:

  1. The basis for processing data gathered from orchestra members and those who wish to contact the Orchestra is Consent. This means that when we enter into a relationship with you, we will ask for your consent to process your personal data for the purposes outlined in this Privacy Notice.
  2. The basis for processing data held about suppliers and potential suppliers to the Academy of St Olave’s is for Contract.

Your rights

Under the GDPR, you have a number of rights which you should be aware of. These include:

  • The right to access a copy of any information held about you by the Academy of St Olave’s;
  • The right to rectify the information if it is incomplete or inaccurate;
  • The right to withdraw consent (e.g. if you have previously consented to us holding your data and no longer wish to);
  • The right to have personal data erased, to prevent data being processed and/or to object to data being processed in specific circumstances (e.g. if the data is no longer necessary for the purpose for which it was originally collected).

If you would like to undertake any of the actions above, please contact You can also contact the Information Commissioner’s Office (ICO) if you have any concerns about how information has been collected, stored or processed.

How we store and protect information

We are committed to ensuring that personal information is treated securely. The Academy of St Olave’s is a volunteer-run organisation and information will therefore be stored on personal computers in people’s homes. For the purposes of the administration of the Orchestra (including the administration of contracts) and the promotion of our concerts and events

  • Details may be transmitted normally over the internet;
  • Paper records will be stored in an appropriate manner, ie within a filing system;
  • Information may be stored on personal computers, laptops and on memory sticks;
  • Laptops and personal computers will be protected with anti-virus software;
  • Information held by the Data Protection Officer and Treasurer will be backed up on a hard drive;
  • Information will be deleted by the Academy of St Olave’s
    • 6 years after the relevant accounting period has ended, for all financial administration records
    • 12 months after a member of the Orchestra leaves the Orchestra permanently unless you indicate that you would like to be kept informed of reunion events
    • 12 months after a supplier ceases to trade permanently with the Orchestra
    • Immediately upon a request to be removed eg from a mailing list, unless this conflicts with our legal obligations under financial regulation for retention of records.
  • Information stored by the Academy of St Olave’s is held within the UK. Where we use third party data processors (e.g. Web Ticket Manager), we check that they hold data within the UK or that they have appropriate protections in place if data is transferred outside the UK, to comply with UK data protection legislation.

How long we retain your website data

If you leave a comment on the website, the comment and its metadata are retained indefinitely unless you request deletion of the comment. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue. For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your website data

If you have an account on the website, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Approval and review

This Privacy Notice was approved by members of the Academy of St Olave’s Committee and will be reviewed annually or when data protection legislation changes, whichever is sooner.

Terms and Conditions for Online Ticket Purchases

  1. All tickets are sold on an unreserved basis.
  2. We publish any cancellation or unavoidable changes to concert programmes on our web site. No compensation is payable because of changes to the published programme or venue.
  3. We are unable to refund the cost of tickets unless a concert is cancelled before it has started. Postage and ticket administration charges are not refundable.
  4. The management reserves the right to refuse admission and to request any ticket holder to leave the building at any time.
  5. No liability can be accepted for any loss, damage or personal injury whilst attending a performance.
  6. Online ticket sales are fulfilled by a third party, Web Ticket Manager, who operate a separate Data Policy which can be viewed on the Web Ticket Manager pages. Web Ticket Manager need your contact details in order to fulfil the ticket order.
  7. By purchasing Academy of St Olave’s tickets online, you accept both the Web Ticket Manager Data Policy and the Academy of St Olave’s Privacy Policy.
  8. COVID-19: The Academy of St Olave’s will comply with whatever regulations are in force on the concert date. We reserve the right to ask audience members to wear a mask (unless exempt) and to provide evidence of Covid status (if required by England’s regulations on the concert date). Contact details may be used for Track and Trace if required. Please ensure you consult our website during the week of the concert for up to date requirements.