East Essex Hackspace:Privacy policy: Difference between revisions

From East Essex Hackspace
Jump to navigation Jump to search
Line 35: Line 35:
* [https://stripe.com Stripe] is used to process member payments. They also store additional data required for this purpose (namely card details) the Hackspace has no access to.
* [https://stripe.com Stripe] is used to process member payments. They also store additional data required for this purpose (namely card details) the Hackspace has no access to.
* [https://azure.microsoft.com/ Azure] is used to run some parts of the membership system.
* [https://azure.microsoft.com/ Azure] is used to run some parts of the membership system.
* [https://aws.amazon.com/ AWS] is used to run the Hackspace wiki.
* [https://sendgrid.com/ Sendgrid] is used to send automated emails from the membership system.
* [https://sendgrid.com/ Sendgrid] is used to send automated emails from the membership system.
* [https://discord.com Discord] is used for online discussion between members


All third parties we use are selected for, and monitored on, how they meet the requirements of current UK data protection legislation and the requirements of GDPR.
All third parties we use are selected for, and monitored on, how they meet the requirements of current UK data protection legislation and the requirements of GDPR.

Revision as of 17:27, 25 August 2022

East Essex Hackspace Privacy Policy - DRAFT NOT FOR PUBLIC USE

East Essex Hackspace collects data about its members in order to fulfil legal requirements and contractual obligation with those members. It also collects some data about visitors. The Hackspace will:

  • keep to a minimum the amount of information we hold about you.
  • use your data to respond to your enquiries about our services (the lawful basis for this is “Legitimate Interest”), to provide our services to you (the lawful basis for this is “Contract”), and to maintain a register of members (the lawful basis for this is "Legal Requirement").
  • delete your data when it is no longer needed.
  • apply appropriate security mechanisms to protect your personal data.

We are happy to answer any questions you have about this Privacy Notice, contact us via email at privacy@eehack.space .

What personal data do we hold and why?

Member Personal Data

We hold your full name, postal address, email address, next of kin, alias as provided by you on sign up.

Name and address are stored and shared according to the requirements of The Charitable Incorporated Organisations (General) Regulations 2012, contact information is used to communicate with you during your membership, and your next of kin in case of emergencies. It is your duty to inform your selected next of kin that you have shared their information.

The alias is used to announce your arrival to the space on the Hackspace discord server. Access to the relevant channel is limited to other members.

Your use of the Hackspace will generate more data such as access token ids, entry times, device ids (when using the Wi-Fi), we will log these for no longer than six months.

To review exactly what data we hold about you, and to amend any data that has changed, visit your member profile.

If you want to delete your data and terminate your membership, you need to send a notice of resignation to trustees@eehack.space .

CCTV

The Hackspace has CCTV which collects images and video of members and visitors. These are stored for a maximum of four weeks, only used for security purposes and can only be accessed by the Trustees and the IT administrators delegated by the Trustees.

Website

Visiting our website or the member profile will log information about your visits, such as your IP address and which pages are visited. This data will be held for a maximum of six months.

Creating a wiki user will collect name and email address to identify users who make contributions to the website. You need to contact a trustee if you want to delete your wiki account; your contributions to the wiki will remain, but will be anonymised.

Whom do we share it with?

The Hackspace uses some external services in order to provide you with your membership.

  • Google Workspace is used by the Trustees to store documents and send official communications about Hackspace events such as the General Meetings.
  • Stripe is used to process member payments. They also store additional data required for this purpose (namely card details) the Hackspace has no access to.
  • Azure is used to run some parts of the membership system.
  • AWS is used to run the Hackspace wiki.
  • Sendgrid is used to send automated emails from the membership system.
  • Discord is used for online discussion between members

All third parties we use are selected for, and monitored on, how they meet the requirements of current UK data protection legislation and the requirements of GDPR.

Where this includes storage or processing of information outside of the European Economic Area (EEA), we include checks to ensure that compliance with the appropriate frameworks for exchange of personal data (such as the EU-US Privacy Shield) is in place.

Exemptions to the above are where we are asked to provide information as a result of a court order or to recover monies due.

We do not share nor sell your personal data to anyone else.

How to change information or contact us about anything concerning our use of your personal data

If there are any changes in your details that we need to reflect, or you need to check the accuracy of the details that we hold about you, visit your member profile.

If you need help with the update, or have any other questions about this Privacy Notice, contact a trustee or privacy@eehack.space .

Should you feel that you need to complain about how we are handling your personal data, email trustees@eehack.space .

Your ultimate point of contact for all data protection matters in the UK is the Information Commissioner’s Office. See the Contact us page on the ICO website.

What if this privacy notice changes?

If changes to the East Essex Hackspace CIO Data Protection Policy (and hence this Privacy Notice) include any significantly different use of your personal data, we will let you know and give you the option to agree to the new use.