Any personal information you provide to us is held on the understanding that the information should not be divulged to any person or organisation unless solely necessary for the operation of the Hayling Island Men's Shed Association. We comply with the Data Protection Act and - in particular - the data protection principles as well as the EU General Data Protection Regulation (GDPR).
We hold very little personal information - only that which is necessary for the operation of Hayling Island U3A. Specifically we do not hold personal bank, credit card or debit card data, nor do we hold any data classified as 'Special' under the General Data Protection Regulation; for example: racial, religious, medical, political, sexual orientation and trade union membership.
In the following section we describe how we handle your personal data. The final section describes how you can:
- Find out more
- Exercise your data protection rights
Click any heading preceded with a triangle like this: to see more information.
How we handle your personal data
Lawful basis of processing
We have a 'legitimate interest' in holding your data, specifically:
- Our interest in administering the Hayling Island Men's Shed Association
- Members' interests:
- Being kept informed
- Notifying emergency contacts if necessary
This is the information held about Hayling Island U3A members.
We need the following pieces of information about members in order to operate the web site, If you are a member you can see it in your personal profile page:
- Name you prefer to be known by
- Your given name, if different
- If supplied:
- Email address
- Postal address
- Phone number
- Mobile phone number
- Emergency contact(s)
- Whether contact details can be shared with other members
- Whether you want to receive all-member emails
- Whether or not donations can be gift-aided
- Whether you have retired as a member and, if so, the reason
Keeping basic data up-to-date
Members can update most of their data via their personal profile page.
Members can also ask the Secretary to change details on their behalf.
The Secretary updates details of members who have retired from the Men's Shed.
Access to basic data
The following have access to elements of basic data:
... can see:
A member's name if it is mentioned in a page or if they are a project leader, committee member, or other officer
A link to email a member if they are:
- a project leader
- a committee member or other officer
The link does not disclose the email address and cannot be re-used after a short time has elapsed (preventing spammers from repeatedly mailing the member).
Member contact details will also appear to the public in the text of pages but only with their agreement or at their request. Typically this will be because they are administering some activity involving the public.
Note that we can adapt page content based on whether the person viewing is logged in as a member, or not. It is therefore possible members will see additional information on public pages that is not available to the general public.
Men's Shed members
Members of Hayling Island Men's Shed that are logged in to the site with their personal username and password can see other members' contact details, but only if the member has opted to make their details visible to other members.
The Secretary and the Web site editor can see all basic data.
Retention of basic data
We keep data about members for the duration of their membership.
When we detect a member has retired from HIU3A we mark the member's record. From that point on:
- The public and HIU3A members cannot use the web site to send emails to the member
- The member's contact details are no longer available to other members (except site administrators) - instead they are told the member has retired, but not the reason
In effect, retired members are removed from the web site. We retain their details for a while (unless we are explicitly requested to delete them) in case of misunderstandings or a decision to rejoin. In that case we can remove the retired flag from the member's record to reinstate them.
Note that removal of a retired member's details from the web site is subject to any legal constraints. Specifically we are required to retain a member in the database for seven years after a gift aid subscription.
In addition to basic data and group memberships, the web site holds information about:
When people submit our membership application form we send the application details to the Secretary and store them on the web site to ensure we track them through to completion.
Form data is deleted automatically 60 days after completion.
For the time being, donation data is held offline by the Treasurer.
We record participants in each of our projects and whether they are a project leader, or not.
Names are shown to the public along with project details unless the project is marked as private - in which case, details are shown only to members.
Asset database updates
We record the id of the person who last updated a given asset together with the date and time they made the update.
We do not retain any information from forms used to email us or members. Instead, the forms generate emails to individuals who will deal with them, or forward them to the appropriate person(s) in the association.
Data provided to third parties
We provide name, address and donation details to HMRC to justify our claim under the Gift Aid scheme.
Otherwise we undertake not to provide information to any third party unless legally obliged to do so.
Copies of data held on computer or paper
From time to time, officers of the Men's Shed will make copies of data held in the web site database because:
- It is required for a legitimate process; for example: the Gift Aid notification to HMRC has to be prepared as a spreadsheet
- To provide a backup to the web site and additional reassurance should we be audited by HMRC or the Charities Commission
Data copies will be deleted or shredded as soon as they are no longer needed.
Securing web site data
We keep a number of backups of web site data:
- We assume that Ionos, our Internet Service Provider, keeps backup copies but we don't rely on them.
- We make a backup copy every day which is stored, encrypted, in a OneDrive folder belonging to the web site editor and made available to site administrators.
Apart from those pages available to the general public, access to the site is restricted to Men's Shed members who log in with their personal username and password. Passwords are encrypted before they are stored in such a way that no-one, not even site administrators, can retrieve the password (we use a process known as one-way encryption).
All traffic between our web site and web browsers is encrypted automatically using industry-standard https protocols.
Access to web site programming and site administration details is restricted to the web site editor and the Secretary.
How you can exercise your rights
You have rights under data protection legislation. The relevant ones being:
- The right to be informed about our collection and use of your personal data. This document helps us satisfy that right. Please let us know if:
- You have any questions about how we handle your data or what we hold
- Right of access to information we hold about you. If you want to see that information please contact the Secretary (firstname.lastname@example.org).
- Right of rectification. It's in everyone's interest that we hold accurate information. You can get your information corrected:
- Right to erasure. Note that this is not an absolute right. If you request deletion of all your data you can no longer remain a member of Hayling Island Men's Shed Association. We will delete your data immediately on your request to the Secretary - subject to our data security and retention policies and obligations. To request erasure of your personal data, please contact the Secretary(email@example.com).