Overview

Introduction

HarmonySite is the name of a website product created by, and marketed by, Virtual Creations Pty Ltd in Australia. This product is purchased and used by various types of groups, principally singing and other performance groups, and also associations, etc. Hereinafter, this document will refer to "HarmonySite" meaning "Virtual Creations Pty Ltd and our product, HarmonySite". "Group" means any client of HarmonySite that uses HarmonySite software.

In order to operate, the groups that use HarmonySite need to gather, use certain forms of information about individuals. These can include members, relatives of members, subscribers, business contacts and other people the group has a relationship with or regularly needs to contact. HarmonySite provides the software and databases to store and manage this data. HarmonySite does not directly collect data about any person.

This policy explains how this data is stored and used in order to meet data protection standards and comply with the European General Data Protection Regulations (GDPR).

Why is this policy important?

This policy ensures that HarmonySite:

  • Protects the rights of our members and other individuals
  • Complies with data protection law and follows good practice
  • Protect the individuals and groups from the risks of a data breach

Roles and Responsibilities

Who and what does this policy apply to?

HarmonySite is provided with member information by our clients, typically singing groups or other performance groups, but can include associations, etc. HarmonySite stores this information on our server for the exclusive access of the group(s) that provided the data. HarmonySite employees also have access to all such data.

It applies to all data that HarmonySite holds relating to individuals, including:

  • Names
  • Email addresses
  • Postal addresses
  • Phone numbers
  • Any other personal information held (e.g. height, next of kin, etc)

This document outlines the responsibilities and processes of HarmonySite with respect to GDPR requirement. This document makes no claims about the responsibilities and processes of the groups that use HarmonySite - the groups that originally collected the data. HarmonySite has no control over the actions of these groups, and is not responsible for any unlawful use of personal data by these groups.

Roles and responsibilities

The Data Protection Officer for HarmonySite is Mark Virtue (mark@virtualcreations.com.au). He is responsible for the secure, fair and transparent use of data by HarmonySite. Any questions relating to the use of data should be directed to the Data Protection Officer.

Everyone who has access to data as part of HarmonySite has a responsibility to ensure that they adhere to this policy.

Data Protection Principles

a) We fairly and lawfully process personal data in a transparent way

HarmonySite will only manage data that we believe to have been lawfully collected by, and is necessary for the legitimate purposes of the group.

b) We ensure any data stored is relevant and not excessive

HarmonySite will not store more data than the group needs for its intended purpose.

c) We ensure data is not kept longer than necessary

HarmonySite will keep records until requested by the group or the individual to remove the records.

d) We keep personal data secure

HarmonySite will ensure that data held by us is kept secure.

  • Electronically-held data will be held within a password-protected and secure environment
  • Passwords for electronic data files will be re-set each time an individual with data access leaves their role/position
  • Access to data will only be given to relevant employees who have a need to access this data to perform their role within HarmonySite. The Data Protection Officer will decide in what situations this is applicable and will keep a master list of who has access to data.

Individual Rights

When HarmonySite stores an individual’s personal data that individual has the following the rights over that data. HarmonySite will ensure its data processes comply with those rights and will make all reasonable efforts to fulfil requests from an individual in relation to those rights.

Individual's rights

  • Right of access: individuals can request to see the data HarmonySite holds on them and confirmation of how it is being used. Requests should be made in writing to the Data Protection Officer and will be complied with free of charge and within one month.
  • Right to rectification: individuals can request that their data be updated where it is inaccurate or incomplete. Any requests for data to be updated will be processed within one month.
  • Right to object: individuals can object to their data being used for a particular purpose. HarmonySite will always provide a way for an individual to withdraw consent in all marketing communications. Where we receive a request to stop using data we will comply unless we have a lawful reason to use the data for legitimate interests.
  • Right to erasure: individuals can request for all data held on them to be deleted. If a request for deletion is made we will comply with the request unless:
    • There is a lawful reason to keep and use the data for legitimate interests or contractual obligation.
    • There is a legal requirement to keep the data.

Cookies on each group's website

A cookie is a small text file that is downloaded onto "terminal equipment" (e.g. a computer or smartphone) when the user accesses a website. It allows the website to recognise that user’s device and store some information about the user’s preferences or past actions.

The HarmonySite software uses cookies on each group's website. This allows us to improve users’ experience of our website by, for example, allowing for a ‘logged in’ state to be retained between browser sessions.