(agreed at 2022 AGM)
Introduction
The data that members provide on their application forms are kept in documents that are held and processed electronically. This means that the Association is subject to the Data Protection Act.
Under the Act, the data that members provide are not classed as “sensitive data”, and because we are a not-for-profit organisation that does not use CCTV, we do not have to register with the ICO (Information Commissioner’s Office). Nevertheless, under the Act, we have responsibilities of care to uphold. This document outlines our policies.
For more information, the ICO website is here: https://ico.org.uk/
What data do we keep?
We are only allowed to keep data that are necessary for our association activities. We keep the following:
Name and postal address
Telephone number(s) – optional
Email address – optional
Accuracy
We will endeavour to maintain accurate records, but we rely on members keeping us up-to-date.
Members can at any time ask the Secretary for a copy of their recorded data. To request this, send an email to wildmoorallotment@gmail.com.
What is the data used for?
The data are only used for legitimate Association uses; these include:
Communication between committee members and other members as part of the daily running of the Association; notification of Association meetings, the minutes of those meetings; the provision of seed catalogues.
What is the data NOT used for?
We will not disclose your data to other members or to third parties or use it on behalf of third parties. For example, members may sometimes be lobbied to advertise a service or product that might be useful to other members of the association. We will not use your addresses to do this (no “spam” allowed). Such requests from third parties can however be placed on the Allotment web site or the Facebook page, so that members can benefit from these offers.
Who has access to the data?
Only those who need access to the data have access. The following committee members have access to all the member data:
Chairman, Secretary, Treasurer, Lettings secretary.
The Seed secretary has access to names and postal addresses for the purpose of distributing seed catalogues.
What happens when a member leaves the Association?
We do not keep data that is not needed for operation of the Association. The data for members who leave is held for at most 6 months, after which time it will be deleted from our records. We keep the data for a short period in the event that we need to communicate with a member who has recently left.
How do we protect the data?
The Data Protection Act does not specifically define the level of protection required for personal data, but rather recommends protection that is appropriate depending on the sensitivity of the data and the risks that might be incurred in the event of a security breach. The data that we keep is not classed by the Act as sensitive (examples of sensitive information are bank account details, ethnicity etc.). We therefore assume that the risks that we are exposed to are no greater than the risks of an individual providing the same data to a friend for social purposes.
Email usage
The Secretary responsible for mass emails across the membership has a Gmail account (wildmoorallotment@gmail.com) used for the purpose which has a strong password. All email traffic to the Secretary is on this account and not on a personal email account. This account contains members’ email data. Mass emails to the membership are sent blind (Bcc) so that addresses are not exposed.
Encryption and passwords.
The data are held in documents (generally spreadsheets) on a Google drive with password access. This allows access from all officers who need it (plotholder list, waiting list and plot inspection list). This will prevent the need for documents to be stored on members’ laptop computers. The documents themselves, mostly spreadsheets, are not encrypted.
Mobile (“smart”) phones are sometime used for email purposes. Phones are vulnerable to loss and theft so if they are used for Association business they must at least use a 4-character PIN. Spreadsheets containing multiple records will not be kept on phones.
Who is responsible for the implementation of this policy?
A nominated member of the committee is responsible for ensuring that this policy is adhered to. The Secretary has this responsibility (wildmoorallotment@gmail.com)
Version 2 (7th June 2022)
Wildmoor Allotments 