Torbay U3A Data Protection Policy
The General Data Protection Regulation 2018 identifies key data protection principles with which Torbay U3A must comply :
Principle 1 - Personal data shall be processed lawfully, fairly and in a transparent manner .
Torbay U3A requires personal information from members in order to administer their membership and to provide communications about U3A activities. The lawful basis for obtaining member information is to manage the contractual relationship that Torbay U3A has with its members. The forms used to obtain this personal information contain a privacy statement describing the purpose and use of the information. Members will be asked to provide specific consent for certain processing purposes and will be informed as to how they may withdraw consent previously provided. Where consent is withdrawn the request will be acted upon promptly and the member will be notified when the action has been taken.
Principle 2 - Personal data must be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes.
On the subscription form members are advised how their information will be used. The Committee of Torbay U3A will endeavour to ensure that member information is never used inappropriately. Appropriate use of information provided by members includes: • Communication with members about U3A events and activities • Group Leaders contacting group members about group activities • Subject to consent, adding members addresses to the direct mailing database for the Third Age Trust magazines; • Evidence of this consent to receive communications will be retained • Contacting members about their membership and/or renewal of their membership Torbay U3A Committee will not allow inappropriate communication such as sending its members marketing and/or promotional materials from external service providers.
Principle 3 - The collection of personal data must be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
For the purposes of membership records, only name, address, telephone number, email address (optional) and gift aid eligibility are recorded.
Where additional information is required for any purpose such as security identification for the organisation of a trip, members must be notified why this information is required and their consent to use of the information obtained. This information should not normally be retained after such usage.
As photographs are classified as personal data members will be asked to step out of shot if they don’t wish to be in group photographs. Otherwise consent should be obtained from members for photographs to be taken and members should be told where photographs will be displayed. A member may withdraw their consent and have their photograph removed by contacting the appropriate Committee member.
Principle 4 – Personal data held should be accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay.
Members may make changes to their personal data by notifying the Membership Secretary at any reasonable time. Any such requests will be actioned promptly on receipt. On renewal of subscription each year members will be able to confirm or change their information. Members may request access to the information that is held by Torbay U3A by writing to the Membership Secretary who will provide a written response detailing all information held on the member. A record shall be kept of the date of the request and the date of the response which should be as soon as expedient and certainly no later than one month.
Principle 5 – Personal data must kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for the which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest , scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals.
The Committee will ensure that Torbay U3A complies with data protection requirements and can confirm compliance; it will also ensure that members’ rights regarding their information are safeguarded including rights of access, rectification, erasure, and the right to be informed. When Committee Members and / or Group Leaders relinquish their roles, they should pass on data to their successors and/or delete it.
Principle 6 - Personal data must be processed in accordance a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
Membership data will be stored on computer in an encrypted format protected by a non-trivial password. The database file will be held in secure “cloud” storage which will provide backup security, and regular additional backups will also be taken. All copies will be password protected. Access to the database is restricted to the Membership Secretary, or if necessary an agreed deputy. Members of Committee may for specific purposes be granted access to a copy of a subset of the data, but may not access or modify the full membership database. Any breach, or suspected breach, of data security will be investigated immediately and corrective action taken. Any member affected must be kept informed and a record kept of actions taken. Except in minor cases, National Office should be contacted for advice to ensure an appropriate response.
The Committee will review data protection and access to information on a regular basis.
Data Protection Policy approved by Torbay U3A Committee 7 June 2018
This policy explains how Torbay U3A processes personal information and safeguards data privacy.
When you subscribe as a member of Torbay U3A you are required to complete a form detailing your name, home address, email address and telephone number, and confirming your assent to the storage and use that may be made of this data. The lawful basis for collecting and storing your information is the contractual relationship that any member has with the U3A. We use this personal information:
• For administration, planning and management of our U3A • To communicate with you about group and other activities, by email, post or telephone
We may also share your personal information
• Internally – but only to Committee members and Group Leaders – where required to facilitate your participation in U3A activities • Externally – with your consent, for direct mailing of the Third Age Trust magazines • If we have a statutory duty to disclose it for other legal and regulatory reasons.
Where we need to share your information outside of the U3A we will seek your consent and inform you as to the purpose and with whom the information will be shared. We will never share your data with any third party for marketing, canvassing, or other commercial purposes.
In most instances information about your membership will not be stored for longer than 12 months after your membership expires. The exceptions to this are for records of Gift Aid claims, or instances where there may be legal or insurance circumstances that require data to be held whilst issues are investigated or resolved. In this case member/s will be informed as to how long the information will be held for and when it is deleted.
To ensure the data we hold is accurate and up to date, members must inform the U3A of any changes to their personal information. You can do this by contacting the Membership Secretary. You will also have the opportunity to update your information at membership renewal.
Should you wish to view the information that the U3A holds about you, you should request this by contacting the Membership Secretary. We will usually respond within 14 days of the request being made, except in the unlikely event that there are issues regarding privacy of other individuals or if there are legal, investigative, or security constraints.
Your membership details are held in a database which is encrypted in order to protect personal information against loss or theft, or any unauthorised access or usage. Access to the database is controlled by password. Information from the membership database may be given only to authorised Committee Members or Group Leaders where this is necessary in order for them to fulfil their roles.
This document is available on our website www.TorbayU3A.org.uk If you have any queries about this policy, need it in an alternative format, or have any complaints about our privacy practices, please contact the Membership Secretary. Any changes to this must be approved by Committee and we will notify members of any material changes through the Newsletter, which all members receive.
Torbay U3A – Recording, Usage & Protection of Data
Recording of Data
Membership data is obtained from details submitted on an annual subscription form, although this information may be carried forward from the previous year’s membership for renewing members whose details are unchanged.
The details recorded consist of the member’s name and preferred title, full postal address, and (where provided) telephone number and email address. Additionally, if the member gives permission for Torbay U3A to reclaim tax on the subscription, a Gift Aid indicator is recorded. If membership is continued from previous years, that will also be noted.
Where 2 or more members share the same address, an indicator will be set on each member’s record to show that mailings may be shared (see below, use of data).
Subscription forms are filed alphabetically and stored by the Membership Secretary.
The details extracted from the form are stored on a computer database (currently Excel) access to which is password protected. The database is backed-up at least monthly.
Privacy of Data & Use of Data
The data is used primarily to facilitate communication with members, providing information through whichever means is most appropriate and/or available. For preference, contact is by electronic mail. Communications include a monthly Newsletter, occasional information about special events, subscription renewal information. The data may not be used to communicate with members to advertise or promote any commercial activities, except relating to specific initiatives of Torbay U3A.
Additionally, a file of members’ addresses (modified to reflect shared addresses) is sent periodically to the publishers of the Third Age Trust magazine “Age Matters” for direct mailing purposes. The data submitted to the publishers is not used for any other purpose, and no member details may be shared with any other third party under any circumstances without explicit permission.
The Membership Secretary is responsible for extracting capitation figures for submission to the Third Age Trust (no personal information at all is provided).
Details must also be provided to enable the Treasurer to document claims for reimbursement of tax through Gift Aid – this information is supplied to HMRC on a preformatted spreadsheet, giving name and address data extracted from our computer file.
In order to facilitate communication and distribution of the Newsletter, designated members of the Torbay U3A Committee may be given access to a copy of the address information in the membership database in a computer file, which is used to produce a distribution list. The file held by the Membership Secretary remains the only authorised full record. In order to maintain accuracy and consistency, changes to the mailing file should be made only as agreed with the Membership Secretary.
Any other access to the full membership database is restricted to Committee members only, and is then provided in PDF format (therefore not editable or accessible for processing). Printing of hard copies is strongly discouraged and long term retention of either hard copy or PDF copy is not allowed.
Telephone numbers for Group Leaders are available to all members through the Newsletter, and email addresses for Committee Members are also published in the Newsletter, on the noticeboard at monthly meetings, and in some cases on the Torbay U3A Website. Permission for this disclosure is confirmed through a Contact Agreement.
Contact information of members providing contributions to the Newsletter is not recorded therein unless written permission has been obtained through a Contact Agreement.
Enquiries requesting information regarding the address, telephone number, or email address of a member as recorded on the membership list must be referred to the Membership Secretary only, and the enquirer’s details will be noted and passed to the member who may (if they wish) then contact the enquirer directly.
Changes and Deletions
All changes and deletions are separately recorded in a Change Log, which shows the date of change, source of the information, and records both “before” and “after”. This is to provide an audit trail of changes to the main database during the current year.
Changes, once recorded in the Change Log, are made directly to the main file and also to the file ready to be supplied to the publishers of “Age Matters” at the next update (see above). Both changes and deletions are also copied to the Committee Member(s) responsible for Newsletter distribution.
Deletions, once recorded in the Change Log, are removed entirely from the current membership list, distribution list and the publishers list.
Archiving and Destruction of Data
Data is kept only as long as is necessary and relevant.
At the commencement of a new membership year, the previous year’s file will be marked as archive and become inactive except to facilitate any subscription reminders and late renewals of lapsed members, and to enable accurate capitation counts to be made. This archived file will be kept for 1 year.
[The change log will also be used to reinstate deletions made from the active membership list during the preceding year reflecting death / resignation / expulsion, so that the archived file presents an accurate capitation and Gift Aid record]
At the end of 1 year the archived file will be edited by permanent removal of all entries not flagged for Gift Aid, and will then be kept for a further 7 years to accord with HMRC regulations; after that period it will be deleted.
When entries on the computer file are removed, the corresponding paper forms will also be shredded at the same time.
Approved by Torbay U3A committee 2 December 2015