This site is owned and operated by musicalchairs.info Ltd (henceforth referred to as "musicalchairs").
As a Company it is extremely important that we give time and thought as to how we acquire personal data, how/where we store it, how long we store it for, and how we process it. We must be worthy of the trust that you place in us to handle your data with integrity and security, upholding your privacy and safety.
GOVERNANCE and CONTACT
Clare Bradbury is the musicalchairs Data Controller. If you have any questions or feedback about privacy, or wish to make a complaint about the way in which we have handled your personal data, please contact firstname.lastname@example.org or phone +44 (161) 2826042. Clare and all other employees at musicalchairs also act as Data Processors, and have had GDPR training.
DATA THAT MUSICALCHAIRS GATHERS
Our “customers” comprise our Publishers and our Readership (these groups overlap).
When a customer registers with the site we hold their name, email address, country and date of registration. If they then publish a listing (eg Instrument Sale, Course, Competition, Job, Profile for the public Directory or Stolen Instrument), or subscribe to our Job Alerts, that data is also associated with them in our database.
If a Reader applies for an ATS (Application Tracking System) job, we also gather personal, contact, CV and Audio-Visual data.
These submissions are acquired and processed on the basis of consent. Please see the ATS section below.
When an invoice is raised, the Publisher's contact details are acquired. If she chooses to pay via WorldPay or PayPal then these details are shared with those platforms to expedite the payment. We do not hold any Card details. Worldpay acquire the IP address of the payer which they share (unsolicited) with us. We are not responsible for the Data Protection afforded by WorldPay and PayPal - any data that you share with them for the purposes of payment is at your own risk.
These submissions are acquired and processed on the basis of contract.
TRANSPARENCY, RIGHTS and ERASURE
Customers can view all of their data via the website, or by emailing email@example.com (we endeavour to reply to data requests within 48 hours). Listings can be taken offline at any time via the website. Readers can unsubscribe to the Job Alert at any time via the website, or by clicking the link at the end of each Job Alert email. Customers who wish to unregister entirely can email firstname.lastname@example.org. If they have no listings to their account then we will erase all their details from our servers. If they have published listings then we will delete their name (and other identifying elements) from all relevant records; but for contract reasons we will usually need to maintain a contact email address - if this can identify them (eg email@example.com) then we will ask the customer to substitute a new email address of their choice.
When someone visits musicalchairs.info we use Google Analytics to collect internet log information and details of visitor provenance and behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is processed in a way which does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website.
SHARING OF THE INFORMATION
Musicalchairs will not share information about individual users with any third party, except to comply with applicable law or valid legal process or to protect the personal safety of our users or the public.
LINKS TO OTHER WEBSITES
We do not have any control over the Privacy settings of websites which we may link to.
Musicalchairs is proud to employ some of England and Scotland's most skilled programmers to look after our Servers and Networks and who share our commitment to protecting your personal data. And by choosing Mythic Beasts (our server is at Telecity Sovereign House, Docklands, London), we have a hosting company that goes the extra mile for your security (https://www.mythic-beasts.com/support/topics/security).
ATS (Application Tracking System)
Suppose Arthur Appleson (AA) applies for a job in Middlemarch Sinfonia (MS). Whilst filling out the online portfolio, AA is told which fields will be seen by which persons of concern. If he submits an AV file he is also told who will have sight/sound of the file. At the point of application, AA is again reminded of the scope and duration of his data. At any time he has the option to withdraw his Candidacy at which point the Panel Chair and Panellists have no access to any of his data. If a self-ID form is solicited, all data is double-encrypted and cannot be traced back to an individual Candidate - only aggregated data is presented in the final DEI Report. If a cohort numbers 4 or less, even aggregated data is not presented in case deductive identification can be undertaken.
For Panel Chairs
Suppose Bertha Bittlethwaite (BB) is the Panel Chair for this job. During the job publication BB is reminded of her duties under the Data Protection Act 2018. When she appoints Panellists she is reminded to ensure that they are aware of their GDPR responsibilities.
We have identified this cohort as the most likely to breach Data Privacy. They cannot at any stage view Candidate personal details or contact details. When they sign up as a Panellist they are required to abide by strict GDPR protocols. However, this stage is (literally) box ticking, and needs at every stage to be underpinned by vigilance. They are reminded that eveb the fact AA (for instance) has applied is private and no facts should be divulged outwith the Panel.
When Candidates have been rejected (at any stage of the process) their data is no longer visible to Panellists. There is reason for Panel Chairs to retain this data in case decisions are reversed. When an appointment is made there is still a chance that a probabtion year is unsuccessful or it is turned down. Therefore data is retained for 12 months beyond appointment. This is reviewed case by case.
Our GDPR is not perfect but is at the heart of our development; any major deployment has a formal GDPR assessment. We do not have a box-ticking approach to data privacy - instead we aim to have a dynamic, interrogative approach which always questions how and where we could "do better". One of the most worrying trends with online auditions and competitions is the casual way in which organisations solicit AV files and disseminate without caution. We have assiduously promoted a anonymity and audio-rip protocol which is ground breaking and much better than any other that we have come across. We exercise vigilance and challenge orchestra procedures where it appears managements may be too casual with Candidate Data.
ICO Registration number: ZA293104