City of Cardiff (Melingriffith) Brass Band (“the Band”)
We are committed to protecting your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA 2018).
1. How We Process Personal Data
We process personal data for various purposes, and the means of collection, lawful basis of processing, use, disclosure, and retention periods may differ for each purpose.
Our policy is to collect only the personal data necessary for agreed purposes. We request that individuals only share personal data where it is strictly required. We collect personal data from our clients or from third parties acting on the instructions of the relevant customer.
2. Lawful Basis for Processing
Under UK GDPR, we must have a valid lawful basis for processing personal data. The lawful bases we rely on include:
Contractual necessity
- To provide our services or fulfil contractual obligations.
Legal obligation
- To comply with legal, regulatory, and professional obligations. We are subject to legal, regulatory and professional obligations. We need to keep certain records to demonstrate that our services are provided in compliance with those obligations and those records may contain personal data.
Legitimate interests
- For administration, management, and improving our services.
Consent
Where we send direct marketing communications.
3. Marketing Communications
We will only send marketing communications if you have explicitly opted in.
You can opt out at any time by:
- Clicking the “unsubscribe” link in our emails.
- Contacting us at hello@melingriffith.co.uk
4. Data Retention Policy
We retain personal data only as long as necessary for its original purpose, in line with legal, regulatory, and professional requirements.
Unless otherwise specified:
- Personal data is retained for 7 years where required for compliance or contractual purposes.
- When data is no longer required, it will be securely deleted or anonymised.
5. Data Security
We take the security of personal data seriously. We have policies, procedures, and training in place to safeguard data from unauthorised access, loss, or misuse. We regularly review and update our security measures.
6. Sharing and International Transfers of Data
We will only share personal data when legally permitted. Categories of recipients may include:
- IT service providers
- Payment processors
- Legal advisors
- Regulators or law enforcement (where required)
Where data is transferred outside the UK, we ensure that adequate safeguards are in place, such as:
- UK adequacy regulations for specific countries.
- Standard Contractual Clauses (SCCs) where required.
- Other legally approved mechanisms for secure data transfers.
7. Your Rights Under UK GDPR
Under UK GDPR, you have rights regarding your personal data, including:
Access
- Request access to your personal data.
Rectification / update
- Correct inaccurate or incomplete data.
Erasure
- Request deletion of personal data where applicable.
Restriction
- Restrict processing under certain conditions.
Objection
- Object to data processing in specific circumstances.
Data portability
- Receive your data in a portable format.
Withdraw consent
- Withdraw consent where processing is based on consent.
To exercise your rights, please contact us at hello@melingriffith.co.uk.
We aim to respond within one month (extendable by two months for complex requests), in line with our obligations under UK GDPR.
8. Complaints
If you have concerns about our use of your data, please contact us at hello@melingriffith.co.uk
Our complaints policy can be found here.
You also have the right to complain to the Information Commissioner’s Office (ICO):
- Website: www.ico.org.uk
- Phone: 0303 123 1113
9. Contacting us about your data
For any data protection queries, please contact us at:
- Email: hello@melingriffith.co.uk
- Postal Address: We do not have a public correspondence address, but if you do not have an email address, please fill out our online contact form here, leaving your contact number and we will get back to you with a postal address you can raise data queries to.
10. Document History
This policy will be reviewed regularly and updated where necessary to ensure compliance with applicable laws and best practices.
| Version | Description | Date |
| Draft 1 | Initial draft circulated for committee review | 13/5/2018 |
| Version 1 | Agreed by committee and adopted | 17/05/2018 |
| Review 1 | Draft circulated for committee review | 01/03/2023 |
| Version 2 | Agreed by committee and adopted | 27/03/2023 |
| Review 2 | Draft circulated for committee review | 30/09/2025 |
| Version 3 | Agreed by committee and adopted | 03/10/2025 |