General Data Protection Regulations

General Data Protection Regulations

On 25th May 2018 the new EU General Data Protection Regulations come into force.

This requires that all personal data held by organisations is with the consent of that person, are held securely and are managed properly.  Membersí email, and in some cases, home address and telephone number, are held on the Hitchin Folk Club database for use in the issue of the Club Programme, the monthly Hitchin Folkus, and weekly reminders. It also holds the email addresses of non-members who have asked to be added to our event publicity email distribution list. Personal data is not shared with any other organisation or persons without the express permission of the person concerned.

Membership procedure

At the time of first joining Hitchin folk Club, applicants are requested to fill in a Hitchin Folk Club Application Form, asking for Name, Address, Email, Phone number and data consent. The applicant is presented with a membership card with name, membership number and expiry date.  A counterfoil is retained containing the same information. At renewal, a new membership card is issued without the need to fill in a new form.

Lawful basis for processing.

The lawful basis for processing personal data is that it is necessary to inform members and interested parties as to what is happening at Hitchin Folk Club, and to promote knowledge, understanding, conservation and appreciation of folk arts, including music, song and even dance.  It is also necessary to keep control of individual's membership status.

Information Held

Members - Name, email address, home address, telephone number, membership number, date joined or renewed, and signature.

All contact is primarily through email so, if email address is given, home address and telephone are not "required".  If they are given they will only be used if there is a problem with the email address.  If no email address is available, home address is required if the member wished to receive new programmes.

Non-members - Name and email address.

Individuals' rights

As can be seen above, information held is extremely limited, however any individual has the right to review the information held, cease receipt of emailed information and have their details completely deleted from all Hitchin Folk Club systems.

Data processing

Individuals' information is transferred from a paper membership form onto an Access database.  Names and email addresses are entered on to the Mailchimp mailshot list. It is not a requirement to be a member to be placed on the Mailchimp emailshot list. Requests are received by email, the entry made and the information stored nowhere else.

Processing - Hitchin Folk Club produces a Programme three time per year. Access is manipulated to produce address labels for those members who do not have email addresses.  Access is manipulated bi-monthly to produce a list of names, membership numbers, joining/renew dates and expiry dates taken to the club on concert nights.  For those on the Mailchimp emailshot list programmes are sent out three times a year, Hitchin Folkus newsletter monthly and a reminder weekly plus, occasionally extra missives concerning change in programme local weather conditions etc.


At the onset of GDPR on 25th May 2018, all subscribers to the Hitchin Folk Club Mailchimp emailshot list were asked if they wished to remain on the list. If they did not, they were guided to the "unsubscribe" button at the foot of the message. If they did, and they were members, they were asked confirm that they they were happy for Hitchin Folk Club to hold their personal data, and wished to continue to receive the Hitchin Folk Club emailshot.  If they were not members they were asked if they were happy for Hitchin Folk Club to hold their email address, and wished to continue to receive the Hitchin Folk Club emailshot. 

Members without email were posted a new membership form to provide their consent.


Children are not required to become members until they are 18, outside the GDPR age limit for parental consent.

Data Breaches

The GDPR introduces a duty on all organisations to report data breaches to the ICO where a breach is likely to result in a high risk to the rights and freedoms of individuals. Hitchin Folk Club does not hold data that could lead to these risks.

Storage and Security.

Initial application form is securely retained throughout membership to Hitchin Folk Club, at a location remote from the club's performance venue.  As membership tends to be renewed when a member next visits he club after becoming due, the initial application form will be held for six months after membership expiry.  After this, the initial application form will be destroyed.  Renewal request after this time will be considered as a new application, and the procedure will be started from scratch with a new form.

Information held on the Access database will be password encrypted. This information will be removed six months after membership expiry.

Information held on the Mailchimp Emailshot list is covered by Mailchimp privacy and security policies.

(Data Protection Act 1998, ICO registration No. Z9707250)

Picture gallery
Hitchin Folkus - the monthly newsletter
Who played when?(work in progress, watch it grow)
Directions to the club