Knocklyon Concert Band Society

Privacy Notice

Last updated: 14th September 2025

Table of Contents

  • Introduction
  • Data Controller
  • How do we collect your data?
  • Why do we collect your data?
  • What is our legal basis for processing your data?
  • How long do we keep your data for?
  • Children’s data
  • Do we share your data with anyone?
  • Do we transfer your data outside the EEA?
  • Your data protection rights
  • Supervisory authority

Introduction

Sometimes when you interact with us – the Knocklyon Concert Band Society (KCBS) – you provide us with personal details, which may include personal data. Personal data is any information that directly or indirectly identifies a living person. For example, when you register as a member, you give us personal data such as your name, address, and date of birth.

This privacy notice explains how we process personal data you provide to us, in accordance with the following laws:

  • Data Protection Acts 1988 to 2018
  • EU Regulation 2016/679: General Data Protection Regulation (GDPR)

Data Controller

In relation to GDPR, KCBS is the Data Controller and is responsible for processing and storing personal data appropriately.

For all data protection matters, please contact the Data Controller at:
Email: privacy@knocklyonconcertband.ie

How do we collect your data?

We may collect personal data provided by you in the following situations:

  • When you register as a member
  • When you register for certain events (e.g. an overnight trip)
  • When you contact us (e.g. by phone, email, in writing, via private message on social media, or through our website contact form)

Why do we collect your data?

We collect your data so that we can:

  • Manage your membership
  • Inform you or your parent/guardian about activities organised by KCBS
  • Ensure you can safely take part in activities organised by KCBS
  • Respond to you when you contact us (e.g. via our website contact form)

What is our legal basis for processing your data?

Our legal bases for processing your data include:

  • Consent – where you or your parent/guardian have given consent for the processing of your personal data for a specified purpose
  • Legal obligation – where we are legally required to process your data
  • Legitimate interest – where processing is necessary in order to:
    • Protect your health and safety while participating in our activities
    • Provide our services to you as a member of our organisation

How long do we keep your data for?

We only store your data for as long as is necessary for the purpose for which it was collected. In particular:

  • Membership records are retained for the duration of your membership and up to 6 years after membership ends, to comply with legal and safeguarding requirements.
  • Financial and transaction records are retained for 6 years, in line with tax and accounting obligations.
  • Event registration data (e.g. for trips) is retained only for the duration of the event plus 1 year, unless required for longer due to legal obligations.

After these periods, personal data will be securely deleted or anonymised.

Children’s data

As many KCBS members are under the age of 18, we take particular care when processing children’s personal data. Where required, we will obtain parental or guardian consent before collecting and processing a child’s personal data. We do not knowingly collect or store personal data of children without such consent.

Do we share your data with anyone?

We do not sell or rent your personal data to third parties. However, we may share your data with trusted third parties where necessary, including:

  • Service providers who support our activities (e.g. insurers, event organisers, IT service providers)
  • Public authorities where required by law (e.g. Gardaí, Revenue)
  • Other organisations strictly where it is necessary to deliver our services (e.g. accommodation providers for overnight trips)

All third parties are required to process your data in compliance with GDPR.

Do we transfer your data outside the EEA?

We generally do not transfer your personal data outside the European Economic Area (EEA). If we ever need to do so (for example, when using IT or cloud services based outside the EEA), we will ensure that appropriate safeguards are in place, such as:

  • Transfers only to countries recognised by the European Commission as providing adequate protection, or
  • Use of standard contractual clauses approved by the European Commission.

Your data protection rights

Under GDPR, your rights include (but are not limited to):

  • Right of access – the right to know whether we are processing your personal data, and to access that personal data and details about its processing
  • Right to rectification – the right to have inaccurate or incomplete personal data we hold about you corrected
  • Right to erasure (‘right to be forgotten’) – the right to have personal data we hold about you erased, under certain conditions
  • Right to restriction of processing – the right to restrict the processing of your personal data, under certain conditions
  • Right to object – the right to object to the processing of your personal data, under certain conditions
  • Right to data portability – the right to have us transfer your personal data to another data controller, or directly to you, under certain conditions
  • Right to withdraw consent – the right to withdraw your consent to the processing of your data at any time

You may exercise your data protection rights by contacting the Data Controller at:
Email: privacy@knocklyonconcertband.ie

Supervisory authority

If you are not satisfied with how we process your personal data, you also have the right to lodge a complaint with the supervisory authority:

Data Protection Commission (DPC)
21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland
Website: https://www.dataprotection.ie
Tel: +353 57 868 4800 / +353 76 110 4800

Click here for a PDF version of this noticeDownload