Data Protection

POL 004 DATA PROTECTION POLICY

Hartland Men’s Shed Fleet is classified as a Data Controller under the General Data Protection Regulation (the GDPR). This policy outlines our commitment to protecting the personal data of people in relation to our organisation’s work in accordance with the GDPR – as regulated by The Information Commissioner’s Office (ICO), the UK authority on data protection – and carrying out any data processing with transparency, accountability, and good governance.

The Information Commissioner’s Office (ICO)

The ICO is “the UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals” (ICO website). It is responsible for administering the provisions of the GDPR. Under the GDPR, organisations must register with the ICO unless exempt.

Hartland Men’s Shed Fleet is exempt from registering with the ICO because it is a non-profit making organisation / only makes a profit for its own purposes.

The six lawful bases for processing personal data are listed below, and at least one of them must legitimately apply to any data collected or processed from any natural person.

Consent: the individual has given clear consent for you to process their personal data for a specific purpose.

Contract: the processing is necessary for a contract you have with the individual, or because they have asked you to take specific steps before entering a contract.

Legal obligation: the processing is necessary for you to comply with the law (not including contractual obligations).

Vital interests: the processing is necessary to protect someone’s life. The ICO state that this lawful basis is likely to be relevant for emergency medical care when you need to process personal data for medical purposes, but the individual is incapable of giving consent to the processing.

Public task: the processing is necessary for you to perform a task in the public interest or for your official functions, and the task or function has a clear basis in law.

Legitimate interests: the processing is necessary for your legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual's personal data which overrides those legitimate interests.

Definitions

This policy uses the GDPR's definitions for the following key terms:

Personal data - any information relating to an identified or identifiable natural person, both 'direct' and 'indirect' identification.

Natural Person - an identifiable person is one who can be identified, directly or indirectly, by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural, or social identity.

Data Controller - a 'person' who determines the purposes for information processing and the way it is done. A data controller will be a 'person' recognised by law i.e., individuals, organisation, and corporate bodies.

Data Processor - any 'person' (again, a person as recognised by law), other than an employee of a data controller, who processes the data on behalf of the data controller. Other key terms are defined within their sections.

Who are we and how to contact us?

We are Hartland Men's Shed Fleet, Charity Number CI01207159

Our Address is:

Hartland Men's Shed Fleet
Hartland Village Community Training Hub, Building 505,
Bramshot Road
Farnborough
GU14 0FH

We can be contacted at this address or email to our Data Controller at: info@hartlandmensshedfleet.org.uk

Main Contacts

Below are the Shed’s main contacts for data protection in line with this policy. They should be your primary contact should you wish to discuss something related to data protection or need further information.

Data Protection Officer (DPO): Allan Walker DPO Tel: 07816 073166
DPO Email: chair@ccandfmensshed.org.uk

Data Protection Officer (DPO): Chris Martin   
DPO Email: scretary@hartlandmensshedfleet.org.uk

Data Protection Officer (DPO): Keith Read      
DPO Email: vicechairman@hartlandmensshed.org.uk

The DPO’s are volunteers of the Data Controller, the Hartland Men's Shed Fleet and have responsibility for ensuring personal data is collected and processed lawfully in line with this policy and the GDPR is kept secure.

How can I access the information you hold about me?

You can write to us or email us at the addresses provided above. If we do hold information about you, you can ask us to correct any mistakes by contacting us and providing us with the correct information.

Individual Rights

You have rights which you can exercise in relation to the information we hold about you. You can read more about these rights at https://ico.org.uk/for-the-public/is-my-information-being-handled- correctly. These include the right to withdraw consent at any time and the right to lodge a complaint with the Information Commissioner's Office.

Hartland Men's Shed Fleet is aware of the rights for individuals whose personal data we hold. In line with those rights, we will ensure we process data in accordance with these rights. We will:

Be transparent and inform them of how and why we will process their personal data, as well as the lawful basis for doing so.

Respond within 30 days if people ask to access their personal data, allowing them to verify its lawful collection and processing.

Rectify any inaccurate or incomplete personal data without delay.

Erase any personal data when it is no longer needed or there is no lawful reason for it being held.

Take immediate action if an individual requests that we suppress the processing of their data or objects to its collection, retaining just enough to respect their wishes in future.

Never process personal data for more than it's lawful, documented purpose(s).

Obtain clear, active consent from each individual where we are lawfully obliged to do so.

What information do we collect from you and what do we do with it?

From time to time, we will need to process the following examples of personal data. We may also, at times need to collect and process personal data not listed here.

  • Name
  • Contact information e.g., address, telephone numbers, email addresses
  • Information about your age, medical conditions, disability status
  • Information about your skills, qualifications, interests, and expertise

We may use this information to:

  • Manage memberships
  • Carry out administration functions Get help if somebody is in danger e.g., contact next of kin if an accident or emergency occurs
  • Comply with legal obligations

What we will not do with your data

We are serious about guarding the security of your personal information that we have under our control from unauthorized access, improper use and disclosure, unauthorized destruction, or accidental loss. However, we cannot guarantee the protection of your personal data as due to the nature of the Internet, the Website is theoretically accessible by any user of the World Wide Web. You should be aware that when you disclose personal information on the Website it may be collected by another user and may result in unsolicited messages from other Internet users.

We will not sell or rent your personal information to third parties or transfer it to other countries. Your data will not be used for automated decision making.

We will never share the information with people or organisations unless given permission.

We will not use personal data to discriminate against a person for any reason

Who might we share your information with and why?

We may share your information with trusted third parties for administrative purposes. These organisations have systems to protect your data and will not share your data with third parties. We use Office 365 to store electronic membership forms. We use Office 365 to administer membership records including applications and renewals, payments, and email distribution. We use Eventbrite for online event registration and administration. We use PayPal to collect donations to the Trust. 

How long do we keep hold of your information?

We will only keep the information while the individual is a member or supporter or if necessary for member/supporter administration. We will not retain it for longer than is necessary to comply with administrative/legal requirements.

Cookies

Our website uses cookies, as do almost all websites. The purpose of these is to help provide you with the best experience possible. Cookies are small text files stored by your browser on your computer or mobile phone when you browse websites.

Our cookies enable us to:

  • Make our website work as expected
  • Improve the speed/security of the site
  • Allow you to share pages with social networks like Facebook and Twitter 
  • Continuously improve our website for you
  • Track visits to our articles so we know what kind of information is most popular
  • We do not use cookies to:
  • Collect any personally identifiable information
  • Collect any sensitive information
  • Pass personally identifiable data to third parties
  • You can learn more about all the cookies we use below

Granting us permission to use cookies

If the settings on your web browser are set to accept cookies, we understand because of that, and your continued use of our website, you are in agreement with how we use cookies. If you wish to remove or disable cookies, please follow your Browser instructions. However, doing so will likely mean that our site will not work as you would expect.

Our own cookies

Our site may include the following which may use cookies:

  • Videos (powered by YouTube and other providers)
  • Google Maps
  • Other embedded content
  • Disabling these cookies will likely break the functions offered by these third parties

Visitor Statistics Cookies:

We use cookies to compile visitor statistics such as how many people have visited our website, what type of technology they are using (e.g. Mac OS X or Windows PC) which helps to identify how our site works on particular platforms. This helps us to continuously improve our website. These so called "analytics" programs also tell us, on an anonymous basis, how people reached this site (e.g. from Google) and whether they have been here before helping us develop our services.

Google Analytics - you can opt-out of being tracked by Google Analytics (we'd prefer you didn't though as this data is helpful to us in improving our website and therefore your experience on it (https://tools.google.com/dlpage/gaoptout)

Other websites

This Privacy Notice does not cover the links within our website or Social Media pages linking to other websites.

Data Handling

Hartland Men's Shed Fleet understands its obligations under the GDPR, when collecting, controlling, and managing personal data. We will ensure that we:

  • Process data lawfully, fairly and in a transparent manner.
  • Collect data only for specified, explicit and legitimate purposes and not further processing in a manner that is incompatible with those purposes.
  • Process data adequately, relevant and limited to only what is necessary.
  • Ensure personal data is accurate and kept up to date, rectifying and erasing any errors or inaccuracies without delay.
  • Will keep personal data in a form that permits identification of individuals for no longer than is necessary for the purpose.
  • Process personal data in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing, and against loss, destruction, or damage.
  • Take immediate action if an individual requests that we suppress the processing of their data or objects to its collection, retaining just enough to respect their wishes in future

Hartland Men's Shed Fleet will maintain a live log of the exact types of data, reasons and lawful basis for collection and processing which allows us to demonstrate our compliance with the GDPR with the ICO, if ever necessary.

Hartland Men's Shed Fleet will audit personal data on file on an annual basis to ensure it is still relevant, needed and lawfully held. If ever we need to use data for another purpose, we will make sure we inform and/or request consent from the relevant persons, in line with the GDPR.

Hartland Men's Shed Fleet will carry out a Data Protection Impact Assessment (D'PIA) prior to implementing new data handling technology and/or where processing personal data is likely to significantly affect individuals.

As a data controller and in line with the GDPR, we will keep a record of our processes, consistent with the above and be able to demonstrate our compliance at any given time.

Data Storage and Security

Hartland Men's Shed Fleet takes the matter of safety of personal data very seriously and will always ensure we put in place robust safety measures, appropriate to the type of information we hold and process.

To secure personal data kept by Hartland Men's Shed Fleet we will use a mixture of the following methods, appropriate to the data held.

Physical security including good quality doors and locks, and security lighting. Computer security including passwords, encryption, or two-factor authentication.

We will check our storage and security practices regularly to ensure they are in line with regulation and appropriate for the personal data held. We will build a culture of awareness and security within the Shed ensuring good communication with key people, and we will only ever provide access to personal data for people that need it for lawful processing.

The exact way we store personal data for each purpose will be documented in our Data Protection Log.

Data Breaches

Hartland Men's Shed Fleet recognises the GDPR's guidelines to record, rectify and report, where necessary, data breaches, where a breach of security leads to the destruction, loss, alteration, or unauthorised disclosure of, or access to, personal data.

Hartland Men's Shed Fleet DPO’s are allocated the responsibility for minimising the likelihood of breaches and taking prompt action if ever they happen. Hartland Men's Shed Fleet will ensure it notifies the individuals whose data is involved if there is any adverse risk to them because of the breach, and where necessary notify the Information Commissioner's Office (ICO).

Accessing Information

Under the GDPR, individuals have the right to access the information held about them. If you would like to request information held, or be reminded of the reasons, lawful basis, and methods of keeping your personal data, please send a request in writing to:

FAO Mr Chris Martin

Secretary

Hartland Men's Shed Fleet

Hartland Village Community Training Hub, Building 505,

Bramshot Road

Farnborough GU14 0FH

We will respond to all requests within 30 days.

 

©Copyright. All rights reserved. 

To read our Policies on Privacy and Cookie use Please Click Here  For Data Protection Policy  Click Here

We need your consent to load the translations

We use a third-party service to translate the website content that may collect data about your activity. Please review the details in the privacy policy and accept the service to view the translations.