RCM Data Protection Policy
The Royal College of Music (RCM) is the data controller and has overall control for all of the data it processes.
The General Data Protection Regulations (GDPR) defines personal data as information relating to a person which can identify that person. The regulations require us to ensure that data shall be:
- Processed lawfully, fairly and in a transparent manner in relation to individuals
- Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes
- Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed
- Accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay
- Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals
- Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
Why we need your data
We need to know your personal data in order to provide you with the services we offer. We will not collect any personal data from you that we do not need.
The Royal College of Music has created a series of core privacy statements which describe fully how we manage and process data. Select a link below for the specific details of each privacy statement.
What do we do with your data?
All the data you provide will only be processed by RCM staff and stored on our secure servers.
Subject access request
If you wish to make a formal access request to see the data the RCM holds about you, please complete our online form.
Your rights and how to make a complaint
If you believe that the information we hold on you is incorrect, you may request to see it and have it amended or deleted. If you wish to make a complaint about how your data has been handled you may do so by contacting the RCM’s Data Protection Officer.
Data Protection Officer
Data handling complaints and Freedom of Information requests
If you are not satisfied with the response you receive, or you believe your data is not being processed in accordance with the law, you should contact the office of the Information Commissioner.
The RCM will never provide data to third parties unless one of the following conditions applies:
- When you have given your permission to do so
- When we are required to do so by law, by a court order or by a governmental department or authority
- When we need to protect our own rights, property or safety, employees and students
Full details of how and when data may be exchanged with third parties are given in the core privacy policies listed below.
In the event of computer misuse data may be passed to computer security staff external to the RCM to aid in their investigations.
The RCM will never sell data to a third party.
Data & cookies on the RCM website
Most websites, including rcm.ac.uk will put small text files onto your computer or similar device, which are known as cookies. A cookie is a small piece of information placed in your web browser or hard drive that can be used to identify website visitors and to analyse website traffic. We are also able to gather limited device-specific information about your visit, including the kind of device and browser you have used, as well as your IP address (if available), which can provide information about the country, region or city where you are based. This allows us to understand how people use our website and to improve visitors' experiences.
Our website offers the ability to submit information through online forms and to make purchases. By completing a transaction or completing one of these forms, we understand that we have your consent to process and hold the personal data you have submitted. More detailed information about such data gathering processes are detailed in our Privacy statements below.
Links to third party websites
You will find links to other websites on the Royal College of Music site. The RCM can accept no responsibility or liability for the content of other websites or any information you provide to third party websites. It is your responsibility to familiarise yourself with the privacy policies of other websites.
The Royal College of Music has processes in place to detect a data breach.
In the event of a data breach, either intentional or unintentional, the RCM will assess the likely impact on any individuals affected and any risk to which they may be exposed and take steps to notify the individuals concerned. If necessary, the Information Commissioners Office (ICO) will be notifed of the breach.
Automated decision making
The General Data Protection Regulations provide safeguards for individuals against the risk that a potentially damaging decision is taken without human intervention. There are no automated decision making processes at the RCM.
For more information concerning the way in which your data is managed please contact any of the following people:
Head of Digital
Head of Human Resources & Organisational Development
Registry Information & Systems Manager
These statements are reviewed annually or more frequently should circumstances require it. They were last reviewed in February 2018.