GDPR Statement

My web host is Bluehost. I am on a Virtual Private Server (VPS) which is in-house at their headquarters in Provo, Utah.

My WordPress installation is based there, but I have copies of my databases, including members’ personal information, both on a separate harddrive here at my home in Leicester, UK, and on GoogleDrive.

I have a preliminary Privacy Policy statement (choose YOUR ACCOUNT>PRIVACY POLICY), which I will expand before 25 May 2018.

Choose YOUR ACCOUNT>SECURITY to see what steps I have taken to keep the site and its data secure.

I have introduced and Opt-In check box on the registration form and my contact form. This means that every new member has to opt-in before they can complete their registration, and also whenever they renew their subscription.

I upgraded the membership system on 31 March, 2017 which is more robust in its handling of group accounts. Choirs used to share one login between their members, but the last choir transferred to the new system on 27 March 2018, so I am now able to prevent the sharing of login details as every member has their own unique, private login. The only individual personal information that I may need to share is for those who are invited to join a group account; I may share their details with the group owner and any nominated Admin of that group.

It is worth noting that the only personal information I gather for each member is their first name, their last name, and their email address. I do not know anyone’s phone numbers, home address, gender, date-of-birth, nationality.


Lat updated 29 March, 2018