We are often asked how data protection legislation affects Pianola. It's an issue we take very seriously. This is our understanding of UK, EU and international legislation and our position as a company, based on advice we have received from the Information Commissioner's Office (www.ico.org.uk). Pianola will keep your club compliant with the requirements of the General Data Protection Regulation, which came into force on 25 May 2018, and the Data Protection Act 2018.
The Data Protection Act 2018 distinguishes between data controllers and data processors and puts obligations on each.
Data Controller vs Data Processor
As a club, you are (and always have been) the data controller. When you use a system like Pianola, we act as your data processor. Here’s how Pianola will help you to fulfill your obligations under GDPR.
Requirement to register
Organisations that hold personal information about individuals on computer are required to register with the ICO. However, there is a specific exemption for not-for-profit organisations; eg small clubs.
Furthermore, even if your club is privately owned and operates for profit, there is an exemption from registration if the only processing you are doing is for:
- Staff administration
- Advertising, marketing and public relations
- Accounts and records
Data processors are not required to register with the ICO, as data controllers who use the services of data processors carry liability under the Data Protection Act.
You can use the ICO's self assessment online to determine if you should notify them of your data use.
How Pianola protects your data
We believe your data is safer with us than it is on your own PC, where it is vulnerable to loss by theft, mechanical failure or human error. We take a number of steps to protect your data.
Encryption
When you login to Pianola, look for the padlock in your web browser. This shows that you are connected to our server across a secure connection. This means that data is encrypted as it passes between your PC and our server, so nobody can read it except you.
We also hold all of our users' passwords in an encrypted form, so that nobody is able to read them - not even us. (This is why we'll ask you to reset your password if you ever forget it - we're not able to give you a reminder.)
Access control
As per the EBU’s guidance:
“If you keep your records on a computer, they should only be accessible by appropriate people… Only committee members or club managers, if relevant, should have access to members’ records.”
Pianola allows you to give users different levels of access, according to their role within the club. Using Pianola’s roles and permissions means you can have fine-grained control over who can access your members’ personal data. We are tightening up these permissions to provide a stricter better level of access; after May 25th, people with the “secretary” role will no longer have access to members’ personal data.
Read more about Pianola’s roles and permissions.
Members’ preferences
The EBU’s guidance states:
“Clubs should not issue lists of members’ contact details (telephone number and email address) to all their members. Any such list that is made available should only contain the details of members who have specifically agreed to this. Any clubs that currently publish such a list should contact all members on it to ask whether they wish to remain on the list. They should be asked to “opt in” to this - it is not permissible for the default to be to include them unless they opt out.”
By default, members’ personal information is not visible to other members of the club. It requires a positive “opt-in” action on behalf of each member to make their information visible to other members. This has always been the case, since we launched Pianola in 2011. Members can choose to share some, none or all of their contact details; phone number(s), email address, postal address.
User login details
Pianola requires every user to choose their own secret password. There is no need to share an admin password. This means that you do not have to worry about changing passwords whenever there’s a change in the committee. You simply have to update the roles and permissions of anyone who no longer needs access to the data. Likewise, when a player leaves the club you can remove their access to Pianola completely.
Data exports
Although it’s possible to download a copy of your player records from Pianola, we recommend you don’t do this as it means you have the headache of protecting that file on your ‘local’ computer.
However, one very useful feature of Pianola is the ability to export your player records to EBUScore / Scorebridge. These files only contain the bare minimum required for your scoring program to work: name, national bridge organisation number, club number, membership status, EBU rank and NGS grade (where available).
Emails
As per the EBU’s guidance:
“Emails should not be sent to groups of people in a way that makes their email addresses visible. To avoid this, either use a mailshot program or blind copy (bcc) all the recipients.”
Pianola has always operated in this way. When you send emails via Pianola, each recipient receives an individual, personalised message. The email addresses of other recipients are not visible - and never have been.
Backups
The EBU recommends:
“Do not keep data in more places than necessary – not only does this weaken your security, it also increases the possibility that the data will get out of sync and will not be consistent in different places. It is however sensible to have a backup of your data providing that you have a system to ensure it is backed up regularly and kept in a secure place.”
Pianola means you do not need to keep extra copies of your members’ data. We backup your data every night, so there is no need to keep a local backup yourself (although you can download a copy of your database if you wish).
Privacy notice
The EBU recommends you publish a privacy policy and make it easily available to members. Pianola will allow you insert a link to this policy into the footer of every email you send.
Right to be forgotten
One of the provisions of GDPR is the right to be forgotten, when the club no longer has a legal purpose for holding an individual’s data (eg when they have left the club). Club admins have access to a button to wipe all trace of personal data from an individual’s record - but use this with caution as it is irreversible!
Your users' privacy
Your members only people who can decide how much of their information they want to share with other people. Therefore, Pianola allows each individual to choose whether or not to share with other members:
- their contact details
- their results history
If a member chooses not to share this information it will not be visible to any other members (except for people to whom you grant administrator access. Administrators can see all information about all members). However, some features will not work for members who choose not to share information. For example, to use the partner-finder, players will need to make their contact details available so that potential partners can contact then.
Our servers
Pianola is hosted by Amazon Web Services (AWS) in their West Virginia Data Centre. Not only does this infrastructure power Amazon's own store (surely one of the biggest and busiest in the world), it also hosts many other web companies, large and small. Examples include: Netflix, The Guardian, U-Switch, Yelp, Sega, Virgin Atlantic and Zoopla.
AWS is certified under the "EU-US Privacy Shield Framework" which permits data on EU citizens to be transferred outside the EEA.
We use various sub-processors to deliver our service, all of which are compliant with GDPR. We list all our sub-processors in our contract with clubs.
More information
If you have any further questions about data protection or privacy, we'd be happy to hear from you. Please email support@pianola.net or call +44 (0)113 320 1352.