The privacy and security of your personal information is extremely important to us. The Data Protection Policy and Privacy Policy explain how and why we use your personal data.
Data Protection Policy
This policy applies to the work of Cockermouth U3A. The policy sets out the requirements that Cockermouth U3A has to gather information for membership purposes. The policy details how personal information will be gathered, stored and managed in line with data protection principles and the General Data Protection Regulation. The policy is reviewed on an ongoing basis by Cockermouth U3A committee members to ensure that we are compliant. This policy should be read in tandem with Cockermouth U3A's Privacy Policy below.
This data protection policy ensures Cockermouth U3A:
Complies with data protection law and follows good practice
Protects the rights of members
Is open about how it stores and processes members data
Protects itself from the risks of a data breach
The only people able to access data covered by this policy should be those who need to communicate with or provide a service to the Cockermouth U3A members.
Cockermouth U3A will provide induction training to committee members and group leaders to help them understand their responsibilities when handling data.
Committee Members and group leaders should keep all data secure, by taking sensible precautions and following the guidelines below.
Strong passwords should be used and they should never be shared.
Data should not be shared outside of the U3A unless with prior consent and/or for specific and agreed reasons. Examples would include Gift Aid information provided to HMRC or address information provided to the distribution company for the Third Age Matters.
Member information should be refreshed periodically to ensure accuracy, via the membership renewal process or when policy is changed.
Additional support will be support from the Third Age Trust where uncertainties or incidents regarding data protection arise.
The General Data Protection Regulation identifies key data protection principles:
Principle 1 - Personal data shall be processed lawfully, fairly and in a transparent manner
Principle 2 - Personal data must be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes.
Principle 3 - The collection of personal data must be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
Principle 4 – Personal data held should be accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
Principle 5 – Personal data must kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for the which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest , scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals;
Principle 6 - Personal data must be processed in accordance a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
Cockermouth U3A requests personal information from potential members and members for membership applications and for sending communications about their involvement with the U3A. The forms used to request personal information will contain a privacy statement informing potential members and members as to why the information is being requested and what the information will be used for. The lawful basis for obtaining member information is due to the contractual relationship that the U3A has with individual members. In addition members will be asked to provide consent for specific processing purposes. U3A members will be informed as to who they need to contact should they wish for their data not to be used for specific purposes for which they have provided consent. Where these requests are received they will be acted upon promptly and the member will be informed as to when the action has been taken.
Members will be informed as to how their information will be used and the Committee of Cockermouth U3A will seek to ensure that member information is not used inappropriately. Appropriate use of information provided by members will include:
Communicating with members about Cockermouth U3A events and activities including the sending of the internal U3A newsletter
Group leaders communicating with group members about specific group activities
Consent will be sought in order to add members details to the direct mailing information held by DMP, the distributor of the Third Age trust magazine.
Sending members information about Third Age Trust events and activities
Communicating with members about their membership and/or renewal of their membership
Communicating with members about specific issues that may have arisen during the course of their membership
Sharing it with Group Leaders for those groups that you are a member of, including any disability that you have declared to us, to assist the Group Leader in running their group.
Ensure a Group Leader will, wherever possible and practical, ensure all communication between a Group Leader and a Member is undertaken using the U3Aweb site.
Cockermouth U3A will ensure that group leaders are made aware of what would be considered appropriate and inappropriate communication. Inappropriate communication would include sending U3A members marketing and/or promotional materials from external service providers.
Cockermouth U3A will ensure that members' information is managed in such a way as to not infringe an individual members rights which include:
The right to be informed
The right of access
The right to rectification
The right to erasure
The right to restrict processing
The right to data portability
The right to object
Members of Cockermouth U3A will only be asked to provide information that is relevant for membership purposes. This will include:
Name
Postal address
Email address
Telephone number
Gift Aid entitlement
Where additional information may be required such as health related information this will be obtained with the consent of the member who will be informed as to why this information is required and the purpose that it will be used for.
Where Cockermouth U3A organises a trip or activity that requires emergency contact information to be provided, the member must ensure that they have the right to disclose this information.
Photographs are classified as personal data. Where group photographs are being taken members will be asked to step out of shot if they don’t wish to be in the photograph. Otherwise consent will be obtained from members in order for photographs to be taken and members will be informed as to where photographs will be displayed. Should a member wish at any time to remove their consent and to have their photograph removed then they should contact webadmin@cockermouthu3a.org.uk to advise that they no longer wish their photograph to be displayed.
Cockermouth U3A has a responsibility to ensure members' information is kept up to date. Members will be informed to let the membership secretary know if any of their personal information changes. In addition, on an annual basis, the membership renewal process will provide an opportunity for members to inform Cockermouth U3A as to any changes in their personal information.
The U3A Committee are responsible for ensuring that the U3A remains compliant with data protection requirements and can evidence that it has. Where consent is required for specific purposes then evidence of this consent (either electronic or paper) will be obtained and retained securely. The U3A Committee will ensure that new members joining the Committee receive an induction into the requirements of GDPR and the implications for their role. Cockermouth U3A will also ensure that group leaders are made aware of their responsibilities in relation to the data they hold and process. Committee Members shall also stay up to date with guidance and practice within the U3A movement and shall seek additional input from the Third Age Trust National Office should any uncertainties arise. The Committee will review data protection and who has access to information on a regular basis as well as reviewing what data is held. When Committee Members and Group Leaders relinquish their roles, they will be asked to either pass on data to those who need it and/or delete data.
Cockermouth U3A Committee Members have a responsibility to ensure that data is both securely held and processed. This will include:
Committee members using strong passwords
Committee members not sharing passwords
Restricting access of sharing member information to those on the Committee who need to communicate with members on a regular basis
Using password protection on laptops and PCs that contain personal information
Using password protection or secure cloud systems when sharing data between committee members and/or group leaders
Paying for firewall security to be put onto Committee Members' laptops or other devices.
U3A members are entitled to request access to the information that is held by Cockermouth U3A. The request needs to be received in the form of a written request to the Membership Secretary of the U3A. On receipt of the request, the request will be formally acknowledged and dealt with expediently (the legislation requires that information should generally be provided within one month) unless there are exceptional circumstances as to why the request cannot be granted. Cockermouth U3A will provide a written response detailing all information held on the member. A record shall be kept of the date of the request and the date of the response.
Were a data breach to occur action shall be taken to minimise the harm. This will include ensuring that all Cockermouth U3A Committee Members are made aware that a breach has taken place and how the breach occurred. The Committee shall then seek to rectify the cause of the breach as soon as possible to prevent any further breaches. The Chair of the U3A shall contact National Office within 24 hours of the breach occurring to notify of the breach. A discussion will take place between the Chair and National Office as to the seriousness of the breach, action to be taken and, where necessary, the Information Commissioner's Office would be notified. The Committee shall also contact the relevant U3A members to inform them of the data breach and actions taken to resolve the breach.
Where a U3A member feels that there has been a breach by the U3A, a committee member will ask the member to provide an outline of the breach. If the initial contact is by telephone, the committee member will ask the U3A member to follow this up with an email or a letter detailing their concern. The alleged breach will then be investigated by members of the committee who are not in any way implicated in the breach. Where the committee needs support or if the breach is serious they should notify National Office. The U3A member should also be informed that they can report their concerns to National Office if they don't feel satisfied with the response from the U3A. Breach matters will be subject to a full investigation, records will be kept and all those involved notified of the outcome.
Privacy Policy
Cockermouth U3A treats your privacy rights seriously. This privacy policy sets out how we will deal with your ‘personal information’, that is, information that could identify, or is related to the identity of, an individual.
When you express an interest in becoming a member of Cockermouth U3A you will be asked to provide certain information. This includes:
your name
home address
email address
telephone number
your subscription preferences
We’ll only collect the personal data that we need. You may occasionally be asked by a committee member or group leader to be in a photograph that will be posted on the website, you can always refuse to give this consent.
All the information collected is obtained directly from you. This is usually at the point of your initial registration. The information will be collected via membership forms or online contact forms. The lawful basis for collecting and storing your information is due to the contractual relationship that you, as a member, have with the U3A. In order to inform you about the groups, activities and events that you can access as a member we need to store and process a certain amount of personal data.
You can give us your personal data by filling in forms on our website or by completing a paper application form. We will always ask for your consent to collect and use the data supplied. This may be in the form of an agreement when joining or renewing your membership.
We use your personal information:
To provide our U3A activities and services to you
For administration, planning and management of our U3A
To communicate with you about your group activities
To monitor, develop and improve the provision of our U3A activity
We’ll send you messages by email, post, other digital methods and telephone to advise you of U3A activities.
We may disclose information about you, including your personal information
Internally - to committee members and group leaders – as required to facilitate your participation in our U3A activities;
Externally – with your consent for products or services such as direct mailing for the Trust magazines – Third Age Trust and Sources;
To third party suppliers for certain Out & About trips
If we have a statutory duty to disclose it for other legal and regulatory reasons.
Where we need to share your information outside of the U3A we will seek your consent and inform you as to who the information will be shared with and for what purpose.
Officers of Cockermouth U3A authorised to receive personal information from the database must take reasonable precautions to keep this information secure and confidential. Members must take care not to disclose to unauthorised parties the information, intentionally or otherwise, and must ensure that any information received or gathered is destroyed once the purpose for which it was provided is fulfilled.
We need to keep your information so that we can provide our services to you. In most instances information about your membership will not be stored for longer than for a maximum of six months after the member resigns. The exceptions to this are instances where there may be legal or insurance circumstances that require information to be held for longer whilst the issues are investigated or resolved. Where this is the case member/s will be informed as to how long the information will be held for and when it is deleted. Information regarding Gift Aid donations is retained for as long as required under HMRC regulations;
To ensure the information we hold is accurate and up to date, member's need to inform the U3A as to any changes to their personal information. You can do this by contacting the membership secretary via our web site (cockermouthu3a.org.uk) or at our Monthly meeting. You can also correct or change any information by selecting ‘My Information’/ ‘Check My Details’ on our web site. On an annual basis you will have the opportunity to update your information, via the membership renewal process. Should you wish to view the information that the U3A holds on you, you can make this request by contacting the membership secretary – as detailed above. There may be certain circumstances where we are not able to comply with this request. This would include where the information may contain references to other individuals or for legal, investigative or security reasons. Otherwise we will usually respond within 14 days of the request being made. No charge will be made for this request.
We have in place a range of security safeguards to protect your personal information against loss or theft, as well as unauthorised access, disclosure, copying, use or modification. Security measures include technological measures such as Secure Socket Layer (SSL) encryption, which creates a secure connection with your browser when you register and login into our online services. Your membership information is held on a database and accessed by Committee Members and Group leaders – as appropriate. We keep our computers, files and buildings secure. We have received assurance from the provider of U3AWeb that their computers, housing your data, complies with all the security measures required by GDPR.
This policy is available in the ‘GDPR info’ menu list on our website. This policy may change from time to time. If we make any material changes we will make members aware of this via an email and monthly newsletter.
If you have any queries about this policy, or have any complaints about our privacy practices, please contact us via the website: www.cockermouthu3a.org.uk or contact a committee member at the Monthly meeting .
Cookie Policy
We use cookies in our website to improve its performance and enhance your user experience. Cookies are small text files which a website may put on your computer or mobile device when you first visit a site or page. The cookie will help the website to recognise your device the next time you visit. They also help us to remember your username and preferences (e.g. the groups you select in the 'Group Planner')
(effective 25th May 2018)
