East Essex Hackspace:Privacy policy: Difference between revisions

From East Essex Hackspace
Jump to navigation Jump to search
(2022-08-26 Approved Version)
 
(8 intermediate revisions by the same user not shown)
Line 1: Line 1:
= East Essex Hackspace Privacy Policy - DRAFT NOT FOR PUBLIC USE =
__NOTOC__
East Essex Hackspace collects data about its members in order to fulfil legal requirements and contractual obligation with those members. It also collects some data about visitors. The Hackspace will:
East Essex Hackspace collects data about its members in order to fulfil legal requirements and contractual obligation with those members. It also collects some data about visitors. The Hackspace will:
* keep to a minimum the amount of information we hold about you.
* keep to a minimum the amount of information we hold about you.
Line 10: Line 10:
== What personal data do we hold and why? ==
== What personal data do we hold and why? ==
=== Member Personal Data ===
=== Member Personal Data ===
We hold your full name, postal address, email address, next of kin, alias as provided by you on sign up.  
We hold your full name, postal address, email address, alias, emergency contact details, as provided by you on sign up.  


Name and address are stored and shared according to the requirements of The Charitable Incorporated Organisations (General) Regulations 2012, contact information is used to communicate with you during your membership, and your next of kin in case of emergencies. '''It is your duty to inform your selected next of kin that you have shared their information'''.
Name and address are stored and shared according to the requirements of The Charitable Incorporated Organisations (General) Regulations 2012, contact information is used to communicate with you during your membership.
 
We are going to use your emergency contact details only in case of emergencies. It is your duty to inform your selected emergency contact that you have shared their information with us, and inform them that their name and phone number are stored on our database, or point them to this Privacy Policy.


The alias is used to announce your arrival to the space on the Hackspace discord server. Access to the relevant channel is limited to other members.
The alias is used to announce your arrival to the space on the Hackspace discord server. Access to the relevant channel is limited to other members.
Line 31: Line 33:


=== Third party organisations ===
=== Third party organisations ===
Some external organisations have access to the Hackspace through a service agreement, and receive Hackspace access cards as part of such agreements. We hold and store the names of the third party members these cards are assigned to, for the sole purpose of managing security of the building, and will delete the information when the access card is returned or the service agreement is terminated. '''The Privacy policy of such organisations will mention us as data processors and can refer to this Privacy policy'''.
Some external organisations have access to the Hackspace through a service agreement, and receive Hackspace access cards as part of such agreements. We hold and store the names of the third party members these cards are assigned to, for the sole purpose of managing security of the building, and will delete the information when the access card is returned or the service agreement is terminated. The Privacy policy of such organisations will mention us as data processors and refer to this Privacy policy.


== Whom do we share it with? ==
== Whom do we share it with? ==
Line 40: Line 42:
* [https://aws.amazon.com/ AWS] is used to run the Hackspace wiki.
* [https://aws.amazon.com/ AWS] is used to run the Hackspace wiki.
* [https://sendgrid.com/ Sendgrid] is used to send automated emails from the membership system.
* [https://sendgrid.com/ Sendgrid] is used to send automated emails from the membership system.
* [https://discord.com Discord] is used for online discussion between members
* [https://discord.com Discord] is used for online discussion between members.


All third parties we use are selected for, and monitored on, how they meet the requirements of current UK data protection legislation and the requirements of GDPR.
All third parties we use are selected for, and monitored on, how they meet the requirements of current UK data protection legislation and the requirements of GDPR.
Line 60: Line 62:
== What if this privacy notice changes? ==
== What if this privacy notice changes? ==
If changes to the East Essex Hackspace CIO Data Protection Policy (and hence this Privacy Notice) include any significantly different use of your personal data, we will let you know and give you the option to agree to the new use.
If changes to the East Essex Hackspace CIO Data Protection Policy (and hence this Privacy Notice) include any significantly different use of your personal data, we will let you know and give you the option to agree to the new use.
= Approvals =
Last modified and approved by Trustees on 2022-08-26

Latest revision as of 16:44, 26 August 2022

East Essex Hackspace collects data about its members in order to fulfil legal requirements and contractual obligation with those members. It also collects some data about visitors. The Hackspace will:

  • keep to a minimum the amount of information we hold about you.
  • use your data to respond to your enquiries about our services (the lawful basis for this is “Legitimate Interest”), to provide our services to you (the lawful basis for this is “Contract”), and to maintain a register of members (the lawful basis for this is "Legal Requirement").
  • delete your data when it is no longer needed.
  • apply appropriate security mechanisms to protect your personal data.

We are happy to answer any questions you have about this Privacy Notice, contact us via email at privacy@eehack.space .

What personal data do we hold and why?

Member Personal Data

We hold your full name, postal address, email address, alias, emergency contact details, as provided by you on sign up.

Name and address are stored and shared according to the requirements of The Charitable Incorporated Organisations (General) Regulations 2012, contact information is used to communicate with you during your membership.

We are going to use your emergency contact details only in case of emergencies. It is your duty to inform your selected emergency contact that you have shared their information with us, and inform them that their name and phone number are stored on our database, or point them to this Privacy Policy.

The alias is used to announce your arrival to the space on the Hackspace discord server. Access to the relevant channel is limited to other members.

Your use of the Hackspace will generate more data such as access token ids, entry times, device ids (when using the Wi-Fi), we will log these for no longer than twelve months.

To review exactly what data we hold about you, and to amend any data that has changed, visit your member profile.

If you want to delete your data and terminate your membership, you need to send a notice of resignation to trustees@eehack.space .

CCTV

The Hackspace has CCTV which collects images and video of members and visitors. These are stored for a maximum of six weeks, only used for security purposes and can only be accessed by the Trustees and the IT administrators delegated by the Trustees.

Website

Visiting our website or the member profile will log information about your visits, such as your IP address and which pages are visited. This data will be held for a maximum of twelve months.

Creating a wiki user will collect name and email address to identify users who make contributions to the website, you can optionally add your real name for content attribution. You need to contact a trustee if you want to delete your wiki account; your contributions to the wiki will remain, but will be anonymised.

Third party organisations

Some external organisations have access to the Hackspace through a service agreement, and receive Hackspace access cards as part of such agreements. We hold and store the names of the third party members these cards are assigned to, for the sole purpose of managing security of the building, and will delete the information when the access card is returned or the service agreement is terminated. The Privacy policy of such organisations will mention us as data processors and refer to this Privacy policy.

Whom do we share it with?

The Hackspace uses some external services in order to provide you with your membership.

  • Google Workspace is used by the Trustees to store documents and send official communications about Hackspace events such as the General Meetings.
  • Stripe is used to process member payments. They also store additional data required for this purpose (namely card details) the Hackspace has no access to.
  • Azure is used to run some parts of the membership system.
  • AWS is used to run the Hackspace wiki.
  • Sendgrid is used to send automated emails from the membership system.
  • Discord is used for online discussion between members.

All third parties we use are selected for, and monitored on, how they meet the requirements of current UK data protection legislation and the requirements of GDPR.

Where this includes storage or processing of information outside of the European Economic Area (EEA), we include checks to ensure that compliance with the appropriate frameworks for exchange of personal data (such as the EU-US Privacy Shield) is in place.

Exemptions to the above are where we are asked to provide information as a result of a court order or to recover monies due.

We do not share nor sell your personal data to anyone else.

How to change information or contact us about anything concerning our use of your personal data

If there are any changes in your details that we need to reflect, or you need to check the accuracy of the details that we hold about you, visit your member profile.

If you need help with the update, or have any other questions about this Privacy Notice, contact a trustee or privacy@eehack.space .

Should you feel that you need to complain about how we are handling your personal data, email trustees@eehack.space .

Your ultimate point of contact for all data protection matters in the UK is the Information Commissioner’s Office. See the Contact us page on the ICO website.

What if this privacy notice changes?

If changes to the East Essex Hackspace CIO Data Protection Policy (and hence this Privacy Notice) include any significantly different use of your personal data, we will let you know and give you the option to agree to the new use.

Approvals

Last modified and approved by Trustees on 2022-08-26