u3a

Ashbourne & District

Members

SUPPLEMENT THREE

PRIVACY OF MEMBERS’ DATA

During 2018 there were many changes to data protection regulations and our U3A has no choice other than to comply. Otherwise we risk a fine.

The General Data Protection Regulation states that, if any organisation (whatever its purpose or size) collects information about individuals for any reason other than personal, family or household purposes, it needs to comply with the GDPR.

GDPR applies to any “processing of personal data”. “Personal data” means information about an individual. It does not need to be “private” information; even information which is public knowledge is “personal data”. If someone could be identified from the details, or by combining the details with other information, it will count as “personal data”.

Therefore Ashbourne and District u3a may only collect and use personal information concerning each member with the consent of the member & for the purpose of proper management of u3a. Members give their consent when applying for membership.

In order to facilitate compliance with GDPR and to minimise the risk of any breach, Ashbourne u3a subscribes to the u3a Beacon Management System, a secure on-line facility for managing local u3as. On a server independent of Ashbourne u3a, Beacon hosts all data about Ashbourne u3a members, including name, postal address, any email address, telephone numbers, emergency contact, and (if applicable) Gift Aid status.

Ashbourne u3a’s Beacon Administrator will give you access to the data of each member of your group. However, you may only use the data in an appropriate manner for the purposes of u3a activities.

In particular, you must not disclose such data to anyone without the consent of the member to whom the data relates. If you are asked to divulge data (e.g. a telephone number or email address), you must first ask the member whose data it is if that member is agreeable to you divulging the data to the person seeking it.

You must not divulge to anybody (whether or not a member) the means of gaining access to the data relating to any member.

If for some good reason it is essential for you to record in writing some data concerning any member, you must store it securely & destroy it promptly when you no longer need it.

Because computers may be hacked, stolen or lost, you must not keep any data concerning a u3a member on a personal computer. Obviously, this requirement does not prohibit you from keeping any data of personal friends who coincidentally are members of u3a.

You must promptly destroy any data (other than that of personal friends) which was held by you electronically or otherwise prior to the implementation of Beacon by Ashbourne and District u3a.