privacy
data protection policy
We are a volunteer-run not for profit organisation.
Why your data is collected
We maintain a database which contains necessary minimum personal data as collected during membership application and during the course of our activities. We will use all reasonable care to keep this data up to date and secure.
This Data Protection Policy explains how we collect, store, manage and protect your data. It outlines the types of data that we hold and how we use this information to carry out the activities.
We aim to be clear when we collect your personal information, and not to do anything you wouldn't reasonably expect.
The legal basis for holding your data is your Consent for us to hold this data. We need this data to be able to fulfil our obligations under our Constitution, for the Office of Scottish Charity Regulator (OSCR) requirements, and where applicable to ensure the Health and Safety of you and other members when engaged with activities.
If you do not provide your consent for us to hold this minimum necessary data, we may be unable to admit or retain you as a member and may therefore restrict you access. This policy deals with the data obtained via membership interaction. There is also a specific section below regarding your use of our web sites and social media.
How your data is collected
Data is typically collected through application forms. Further data may be collected as necessary for further activities.
What information do we collect about you?
As part of management of our spaces, we store and process personal information relating to our members. We have reviewed our responsibilities under the General Data Protection Regulation (Regulation (EU) 2016/679) and take our responsibilities under this regulation seriously; the personal information we obtain is held, used, transferred and processed in accordance with this regulation.
We will minimise the data held and processed to that necessary only for management.
We aim to keep your details up to date and will occasionally conduct surveys to check the contact details we have for you are correct, updating them where appropriate.
How we use your data
Upon receiving your consent to use your personal data, it will be used and processed for a range of activities including (but not exclusively):
· Administrative requirements
· Notification of meetings
· Sharing information regarding our activities
· Retaining information related to HSE requirements in premises.
· Requests to complete surveys
In order to fulfil certain of these purposes, communications may be sent by post or email.
Retention of your Data
In consenting to share your Data, you are giving permission for us to retain your Data for as long as is necessary for the purposes set out above, but certain Data may subsequently be retained for recording or auditing purposes or as required by law, our constitution or The Office of the Scottish Charity Regulator. When any Data reaches the end of its retention period it is destroyed securely.
Protecting your data
We are committed to holding your data securely and sensitively, in accordance with the GDPR.
Your data is held on a secure computer and/or paper file within the Responsible Person’s premises. Computer data is protected by appropriate authentication or encrypted. Data may be held on paper where this data has been provided to us in paper form, such as physical membership application forms, or for HSE reasons as stated above. Access to all such data is restricted to the Responsible Person and any other individuals necessary but these will in any case be limited to Trustees authorised to see such data so as to carry out their duties. This access is reviewed at board meetings. We will not disclose your data to individuals, organisations or other entities.
We do not sell to or trade your data with any other organisations. Your Data will not be made available to any third party including with any commercial organisation for direct marketing purposes. For bulk communications to many members by e-mail we will use the BCC function in our e-mailer to prevent your e-mail address being released to other individuals without your explicit consent.
Forwarded or follow-up e-mails from our members arising from one of our bulk e-mailings are excluded from this privacy policy as we have no control over the use of your e-mail by any member who may know or come to separately learn of your e-mail address. If the security of the data we hold is breached, we will promptly assess the risk to you and if the breach is of a relevant nature also report this breach to the ICO.
Your rights
You are obliged to share necessary minimum membership data with us in order to allow us to fulfil our responsibilities under our Constitution and OSCR requirements and for any HSE purposes as referred to above. If you wish to terminate our processing of data, we will observe this wish but it is possible this will mean we will require you to resign membership.
We undertake not to record or use your data in any way which will cause damage or distress. We will use your details until you tell us you resign as a member. We will always try to ensure that the data we hold for you is up to date, reasonable and not excessive.
You have the right to:
· Request a copy of the information we hold about you, free of charge and for your own purposes, provided in a commonly used and readable form, within one month of submitting your request to a board member
· Request amendments to the information we hold about you
· Change your communication preferences at any time
· Withdraw consent, object to the processing of your information, request that we erase your personal information from our records or restrict the processing of your data at any time; as stated, this may require you to resign as a member of The Inverclyde Shed
· Lodge a complaint with the Responsible Person, escalated if required to the BMS Chairman, or the ICO
Data accuracy
You are encouraged to make sure that your own data is accurate by communicating your updated details to us or by returning any update forms we may issue to you
Communication with Us / Access Requests
If you are unable to access this and require a paper copy, please request it.
If you have any questions about this privacy statement, or would like to receive a copy of the information we hold about you, please contact us.
Responsible Person
This GDPR / Privacy policy is operated by a “Responsible Person”. As a small Charity organisation, we do not have (and are not required to have by the GDPR) a dedicated person responsible for GDPR compliance. The role is likely to be shared by an individual who has other responsibilities.
ICO Registration Exemption
As a not-for-profit organisation which only processes data for the purposes of managing membership information we are exempt from registration. Refer to https://ico.org.uk/for-organisations/register/self-assessment
Children and International requirements
We do not hold data on Children nor do we have any International connections or business.
Our web site is viewable from abroad and we have no control over how information on the web site may be used, however, we do not post personal information (other than names of Trustees & Board members) or if necessary will only post any such information with your express consent.
Our Web sites / Cookies
We operate a web site and also have a Facebook page and Twitter page. The privacy policies for Facebook and Twitter are operated by Facebook and Twitter and for further information refer to their web sites. The information below refers only to our own web site.
Our website is built from a standard “content management software” package. This uses cookies on our website. A cookie consists of selected information sent by a web server to your web browser and stored by the browser. The information is then sent back to the server each time the browser requests a page from the server. This enables the web server to identify and track the web browser. These cookies are used by the internal workings of the software only.
We do not monitor or utilise these cookies.
We do not sell or share your data with any third party. Most browsers allow you to refuse or “block”cookies; search on-line for how to do this for your browser. If you block cookies this is likely to have a negative impact upon the usability of many websites, not just ours. Internet hosting companies generally also log information about your browser and your visits to and use of this website, such as your IP address, browser type, referral source, length of visit and number of page views.
They may also attempt to “look up” your geographical location but this is not always accurate.
Our web site is hosted by Square Space