Home > Privacy Policy

Privacy Policy


Gwasanaeth Cerdd Ysgolion Gwynedd a Môn take the privacy of personal data seriously, our core data protection obligations and commitments are outlined in our Data Protection Policy available from the Manager on request.

This statement provides our employees, sub-contractors, volunteers, individuals who receive a service as well as parents/ carers schools who have provided us with information in order for students to take part in any musical activity with Gwasanaeth Cerdd Ysgolion either at school or in other locations with an overview of the policy.

We are committed to processing data in accordance with our responsibilities under the General Data Protection Regulation (GDPR), which is overseen and regulated by the Information Commissioners Office (ICO)

We aim to ensure that we have effective processes in place to protect any information given to us. We are committed to ensuring that privacy is protected. Should we ask anyone to provide certain information by which they can be identified, then they can be assured that it will only be used in accordance with the policy.


We collect, obtain and use personal data for internal organisational purposes including, without limitation, to:

  • improve the content and provision of lessons, courses, concerts and other related activities
  • process applications for lessons
  • process admissions to courses
  • organise lessons, courses, concerts, regional and county ensembles, tours and events
  • administer the regional and county ensembles
  • raise funds
  • administrate membership records
  • promote the music service through public relations and marketing
  • enforce our terms and conditions and payment procedures and collection
  • and in any other reasonable manner in order to carry out our organisational objectives or to provide a specific service


In order to carry out these purposes we may collect and obtain the following personal information:

  • Personal contact details such as name, title, addresses, telephone numbers, and personal email addresses.
  • Date of birth.
  • Gender.
  • Next of kin and emergency contact information
  • National Insurance number.
  • Bank account details, payroll records and tax status information.


Personal data will only be collected only for specified, explicit and legitimate purposes and will not be further processed in any manner incompatible with those purposes.

We will not keep personal data in an identifiable form for longer than is necessary for the purposes for which the data is processed, this is detailed on our Data Asset Register.

We do not use automated decisions and the decisions we make about you involve human intervention.


We will seek the data subjects consent to processing of their personal data, this can be withdrawn at any time and withdrawal will be promptly honoured. Please note that if consent is withdrawn or if you fail to provide certain information when requested, we may not be able to provide the requested services.


You have certain rights when it comes to how we handle your personal data. These include rights to:

  • withdraw consent to processing at any time (detailed above);
  • receive certain information about the data controller's processing activities;
  • request access to personal data that we hold;
  • prevent our use of their personal data for direct marketing purposes;
  • ask us to erase personal data if it is no longer necessary in relation to the purposes for which it was collected or processed or to rectify inaccurate data or to complete incomplete data;
  • restrict processing in specific circumstances;
  • be notified of a personal data breach which is likely to result in high risk to their rights and freedoms;
  • make a complaint to the supervisory authority