East Essex Hackspace:Privacy policy: Difference between revisions

From East Essex Hackspace
Jump to navigation Jump to search
No edit summary
(First draft)
Line 1: Line 1:
= East Essex Hackspace Privacy Policy - DRAFT NOT FOR PUBLIC USE =
= East Essex Hackspace Privacy Policy - DRAFT NOT FOR PUBLIC USE =
East Essex Hackspace collects data about its members in order to fulfil legal requirements and contractual obligation with those members. It also collects some data about visitors. The Hackspace will:
East Essex Hackspace collects data about its members in order to fulfil legal requirements and contractual obligation with those members. It also collects some data about visitors. The Hackspace will:
* keep to a minimum the amount of information we hold about you.
* keep to a minimum the amount of information we hold about you.
* use your data to respond to your enquiries about our services (the lawful basis for this is “Legitimate Interest”), to provide our services to you (the lawful basis for this is “Contract”), and to maintain a register of members (the lawful basis for this is "Legal Requirement").
* use your data to respond to your enquiries about our services (the lawful basis for this is “Legitimate Interest”), to provide our services to you (the lawful basis for this is “Contract”), and to maintain a register of members (the lawful basis for this is "Legal Requirement").
Line 12: Line 11:
=== Members ===
=== Members ===
We hold your full name, postal address, email address, next of kin, alias as provided by you on sign up. Name and address are stored and shared according to the requirements of The Charitable Incorporated Organisations (General) Regulations 2012, all other information is used to communicate with you during your membership, and your next of kin in case of emergencies. '''It is your duty to inform your selected next of kin that you have shared their information'''.
We hold your full name, postal address, email address, next of kin, alias as provided by you on sign up. Name and address are stored and shared according to the requirements of The Charitable Incorporated Organisations (General) Regulations 2012, all other information is used to communicate with you during your membership, and your next of kin in case of emergencies. '''It is your duty to inform your selected next of kin that you have shared their information'''.
Your use of the Hackspace will generate more data such as access token ids, entry times, device ids (when using the Wi-Fi), we will log these for '''no longer than six months'''.
Your use of the Hackspace will generate more data such as access token ids, entry times, device ids (when using the Wi-Fi), we will log these for '''no longer than six months'''.
To review exactly what data we hold about you, and to amend any data that has changed, visit your [https://checkout.eehack.space/Identity/Account/Login member profile].
To review exactly what data we hold about you, and to amend any data that has changed, visit your [https://checkout.eehack.space/Identity/Account/Login member profile].


Line 18: Line 19:


=== CCTV ===
=== CCTV ===
The Hackspace has CCTV which collects images and video of members and visitors. These are stored for a maximum of '''four weeks''', only used for security purposes and can only be accessed by the Trustees and IT administrators delegated by the trustees.
The Hackspace has CCTV which collects images and video of members and visitors. These are stored for a maximum of '''four weeks''', only used for security purposes and can only be accessed by the Trustees and the IT administrators delegated by the Trustees.


=== Website ===
=== Website ===
Visiting our [https://eehack.space/ website] or the [https://checkout.eehack.space/Identity/Account/Login member profile] will log information about your visits, such as your IP address and which pages are visited. This data will be held for a maximum of '''six months'''.
Visiting our [https://eehack.space/ website] or the [https://checkout.eehack.space/Identity/Account/Login member profile] will log information about your visits, such as your IP address and which pages are visited. This data will be held for a maximum of '''six months'''.
Creating a [https://wiki.eehack.space/ wiki] user will collect name and email address to identify users who make contributions to the website. You need to contact a trustee if you want to delete your wiki account; your contributions to the wiki will remain, but will be anonymised.
Creating a [https://wiki.eehack.space/ wiki] user will collect name and email address to identify users who make contributions to the website. You need to contact a trustee if you want to delete your wiki account; your contributions to the wiki will remain, but will be anonymised.
== Whom do we share it with? ==
== Whom do we share it with? ==
The Hackspace uses some external services in order to provide you with your membership.
The Hackspace uses some external services in order to provide you with your membership.
* [https://workspace.google.com/ Google Workspace] is used by the Trustees to store documents and send official communications about Hackspace events such as the General Meetings.
* [https://workspace.google.com/ Google Workspace] is used by the Trustees to store documents and send official communications about Hackspace events such as the General Meetings.
* [https://stripe.com Stripe] is used to process member payments. They also store additional data required for this purpose (namely card details) the Hackspace has no access to.
* [https://stripe.com Stripe] is used to process member payments. They also store additional data required for this purpose (namely card details) the Hackspace has no access to.
Line 31: Line 33:
* [https://sendgrid.com/ Sendgrid] is used to send automated emails from the membership system.
* [https://sendgrid.com/ Sendgrid] is used to send automated emails from the membership system.


All third parties we use – including those who provide email and storage solutions used in our day to day work – are selected for, and monitored on, how they meet the requirements of current UK data protection legislation and the requirements of GDPR.
All third parties we use are selected for, and monitored on, how they meet the requirements of current UK data protection legislation and the requirements of GDPR.
 
Where this includes storage or processing of information outside of the European Economic Area (EEA), we include checks to ensure that compliance with the appropriate frameworks for exchange of personal data (such as the EU-US Privacy Shield) is in place.
Where this includes storage or processing of information outside of the European Economic Area (EEA), we include checks to ensure that compliance with the appropriate frameworks for exchange of personal data (such as the EU-US Privacy Shield) is in place.
Exemptions to the above are where we are asked to provide information as a result of a court order or to recover monies due.
Exemptions to the above are where we are asked to provide information as a result of a court order or to recover monies due.
We do not share nor sell your personal data to anyone else.
We do not share nor sell your personal data to anyone else.
== How to change information or contact us about anything concerning our use of your personal data ==
== How to change information or contact us about anything concerning our use of your personal data ==
If there are any changes in your details that we need to reflect, or you need to check the accuracy of the details that we hold about you, visit your [https://checkout.eehack.space/Identity/Account/Login member profile]
If there are any changes in your details that we need to reflect, or you need to check the accuracy of the details that we hold about you, visit your [https://checkout.eehack.space/Identity/Account/Login member profile].
 
If you need help with the update, or have any other questions about this Privacy Notice, contact a trustee or privacy@eehack.space .
If you need help with the update, or have any other questions about this Privacy Notice, contact a trustee or privacy@eehack.space .
Should you feel that you need to complain about how we are handling your personal data, email trustees@eehack.space .
Should you feel that you need to complain about how we are handling your personal data, email trustees@eehack.space .
Your ultimate point of contact for all data protection matters in the UK is the Information Commissioner’s Office. See the [https://ico.org.uk/global/contact-us/ Contact us] page on the ICO website.
Your ultimate point of contact for all data protection matters in the UK is the Information Commissioner’s Office. See the [https://ico.org.uk/global/contact-us/ Contact us] page on the ICO website.
== What if this privacy notice changes? ==
== What if this privacy notice changes? ==
If changes to the East Essex Hackspace CIO Data Protection Policy (and hence this Privacy Notice) include any significantly different use of your personal data, we will let you know and give you the option to agree to the new use.
If changes to the East Essex Hackspace CIO Data Protection Policy (and hence this Privacy Notice) include any significantly different use of your personal data, we will let you know and give you the option to agree to the new use.

Revision as of 17:17, 25 August 2022

East Essex Hackspace Privacy Policy - DRAFT NOT FOR PUBLIC USE

East Essex Hackspace collects data about its members in order to fulfil legal requirements and contractual obligation with those members. It also collects some data about visitors. The Hackspace will:

  • keep to a minimum the amount of information we hold about you.
  • use your data to respond to your enquiries about our services (the lawful basis for this is “Legitimate Interest”), to provide our services to you (the lawful basis for this is “Contract”), and to maintain a register of members (the lawful basis for this is "Legal Requirement").
  • delete your data when it is no longer needed.
  • apply appropriate security mechanisms to protect your personal data.

We are happy to answer any questions you have about this Privacy Notice, contact us via email at privacy@eehack.space .

What personal data do we hold and why?

Members

We hold your full name, postal address, email address, next of kin, alias as provided by you on sign up. Name and address are stored and shared according to the requirements of The Charitable Incorporated Organisations (General) Regulations 2012, all other information is used to communicate with you during your membership, and your next of kin in case of emergencies. It is your duty to inform your selected next of kin that you have shared their information.

Your use of the Hackspace will generate more data such as access token ids, entry times, device ids (when using the Wi-Fi), we will log these for no longer than six months.

To review exactly what data we hold about you, and to amend any data that has changed, visit your member profile.

If you want to delete your data and terminate your membership, you need to send a notice of resignation to trustees@eehack.space .

CCTV

The Hackspace has CCTV which collects images and video of members and visitors. These are stored for a maximum of four weeks, only used for security purposes and can only be accessed by the Trustees and the IT administrators delegated by the Trustees.

Website

Visiting our website or the member profile will log information about your visits, such as your IP address and which pages are visited. This data will be held for a maximum of six months.

Creating a wiki user will collect name and email address to identify users who make contributions to the website. You need to contact a trustee if you want to delete your wiki account; your contributions to the wiki will remain, but will be anonymised.

Whom do we share it with?

The Hackspace uses some external services in order to provide you with your membership.

  • Google Workspace is used by the Trustees to store documents and send official communications about Hackspace events such as the General Meetings.
  • Stripe is used to process member payments. They also store additional data required for this purpose (namely card details) the Hackspace has no access to.
  • Azure is used to run some parts of the membership system.
  • Sendgrid is used to send automated emails from the membership system.

All third parties we use are selected for, and monitored on, how they meet the requirements of current UK data protection legislation and the requirements of GDPR.

Where this includes storage or processing of information outside of the European Economic Area (EEA), we include checks to ensure that compliance with the appropriate frameworks for exchange of personal data (such as the EU-US Privacy Shield) is in place.

Exemptions to the above are where we are asked to provide information as a result of a court order or to recover monies due.

We do not share nor sell your personal data to anyone else.

How to change information or contact us about anything concerning our use of your personal data

If there are any changes in your details that we need to reflect, or you need to check the accuracy of the details that we hold about you, visit your member profile.

If you need help with the update, or have any other questions about this Privacy Notice, contact a trustee or privacy@eehack.space .

Should you feel that you need to complain about how we are handling your personal data, email trustees@eehack.space .

Your ultimate point of contact for all data protection matters in the UK is the Information Commissioner’s Office. See the Contact us page on the ICO website.

What if this privacy notice changes?

If changes to the East Essex Hackspace CIO Data Protection Policy (and hence this Privacy Notice) include any significantly different use of your personal data, we will let you know and give you the option to agree to the new use.