Privacy and Cookie Policy

The Choir Schools’ Association (General Data Protection Regulation 2018)

The General Data Protection Regulation (GDPR) (in force from 25th May 2018) replaces the UK Data Protection Act. These changes to the law affect how the Choir Schools’ Association (CSA) may process personal information and use it to communicate with you.

This policy outlines the CSA’s responsibilities for data handling, the ways in which we safeguard the privacy of all personal data, and the individuals’ rights under the GDPR.

The CSA’s Roles and Responsibilities

The CSA hold some or all of the following personal data through its contact form on

  • Name
  • Postal address
  • Telephone numbers
  • Email address
  • Correspondence, Including ages and gender of children if supplied

This information is only used for the CSA’s purposes and is never revealed to third parties, without your express consent.

This personal data is held on computer forms.

The handling of personal data is restricted to designated CSA officers who need access to the data in order to carry out their duties, and who have agreed to adhere to the principles stated in this policy.

The Administrator/Information Officer is the first point of contact for any questions relating to Data Protection.  The Administrator/Information Officer together with other members of the CSA Committee, is responsible for how your personal data is handled.

Data Protection Principles

  • We only collect and hold essential data which is supplied by you and which we need to operate. This includes title, name, postal address, email address and telephone number(s)
  • We lawfully process your personal data in accordance with the GDPR
  • Personal data is used solely in the administration of our association and in communicating with you for these purposes
  • All electronic data files are held within password-protected and appropriately secure environments
  • All paper documents are stored with appropriate security
  • We aim to keep our records as accurate as possible and you may update your personal data at any time
  • Data will be retained for no longer than 12 months or after your connection with the CSA has ceased.
  • The CSA does not disclose personal data to any third party, except with your explicit consent

Supplying us with images

If you send us images to use on the website, you should avoid sending images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Embedded content from other sites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracing your interaction with the embedded content if you have an account and are logged in to that website.


To understand how people use our site, and to discover areas on our site with issues, we use Google Analytics. Most websites use some sort of analytics program like this. The data it collects helps us see things like how many people visit our site, which country they are from, how many pages they visited, how fast our site loaded, and so on. All data collected is completely anonymous, it does not identify you as an individual in any way.

Your rights under the General Data Protection Regulation (GDPR)

We process personal data in accordance with individuals’ rights under the GDPR.

You may contact the administrator at any time to check what personal data we hold and how we use it.  Under the GDPR this is known as a Subject Access Request and the CSA will respond within 30 days of a request being made.

You are entitled to:

  • Obtain a copy of your personal data to check its accuracy and relevance
  • Amend your personal data
  • Change your consent and your preferred method of communication
  • Be informed of any breach in data security i.e. data loss or unauthorised data usage
  • Request that personal data is erased from our records
  • Complain about how your personal data is being used

If you consider that your data is being handled incorrectly, you may also complain to the UK Information Commissioner’s Office (ICO). Visit for details on how to do this.

If you have any concerns regarding how we handle your data please contact the CSA Administrator at

Changes to the Privacy Policy

From time to time we may update this Privacy Policy in line with website changes that may affect the personal information we gather about you. The latest policy will always be available here

Last Update: September 2021