The EU General Data Protection Regulations (GDPR) now require a clear and unambiguous statement, by companies and other organizations such as charities and clubs, about how personal data is collected, stored and processed. The new rules go beyond the previous laws on Data Protection and are designed to give greater protection and rights to EU citizens.
To adhere to the new regulations St Cross Allotments provides its Plotholders with the following statement on privacy of Plotholders’ Personal Data.
St Cross Allotments Data Officer
March 2019
The ultimate responsibility for the privacy of members' personal date lies with the identified Data Controller. The Data Controller is the legal entity representing the organisation which in the case of St Cross Allotments it is the Committee and in particular the Chairman, Secretary and Data Officer. The Committee can be reached using the link on the Committee page. Similarly for the Chairman.
The Data Processor or Data Officer is the person responsible for managing the processing of the Personal Data on behalf of the Data Controller. St Cross Allotments nominates a Data Officer who serves as member of the Committee. The Data Officer is usually, but not necessarily, the Webmaster. The relevant email addresses for reaching the persons responsible are as follows. Data Officer is reached using the link on the Committee page. Similarly for the Webmaster.
When a person applies to join St Cross Allotments, either online or as part of a standard application, Personal Data about the applicant is requested and used by the Committee. If the applicant is subsequently selected to become a Plotholder that person’s Personal Data is transferred to the Membership List. The Personal Data maintained on the Membership List is as follows.
First Name
Last Name
Title
Home Address
Landline Telephone Number
Mobile Telephone Number
Email Address
Date of Joining St Cross Allotments
Plot Number
The GDPR requires an organization that collects, stores and processes the Personal Data of Data Subjects should clearly establish the Lawful Basis for carrying out the processing of the data. There are seven Lawful Bases defined by the GDPR under which an organization can process Personal Data . These are Consent, Contract, Legal Obligation, Vital Interests, Public Tasks, Legitimate Interests, and Special Categories of Data including Criminal Offence Data. A full discussion of each of these can be found on the UK Government Information Commissioners Office webpage at the following URL; https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/principles/.
After due consideration of the Processing (see below) to be carried out on the Personal Data of Plotholders, St Cross Allotments found two Legal Bases that apply. These are Consent and Legitimate Interests. Of these Consent was chosen as the most appropriate and each Plotholder will be formally sent the required documents setting out the detail of the Lawful Basis, the items for which consent is required and her/his rights regarding the Personal Data collected.
Throughout the year the Committee organizes events and activities for its Plotholders. The Committee is responsible for administering the finances, for communicating with Plotholders and the general public via its website. Plotholders can communicate with the Committee, the Data Officer and the Webmaster on all matters of interest and organization.
In support of Plotholders their Personal Data will be used in the following ways.
* To maintain a list of Plotholders
* To administer the membership
* To administer the finances
* To administer the annual programme of events
* To organize special events for Plotholders
* To communicate with Plotholders in a cost effective and timely manner
* To communicate with Plotholders about meetings
* To publicise St Cross Allotments and its activities via it's website
* To provide secure access to areas of the website dedicated to Plotholders only
* To maintain secure online login access to the website
* To foster links with and between Plotholders and the wider community
Plotholders’ Personal Data will be stored maintained by the Chairman and Secretary. The Master Membership List will be stored in electronic form using Microsoft Word and Microsoft Excel. Sub-sets of the Personal Data e.g. the email address will be used by the Committee to carry out their roles in communicating with Plotholders. To facilitate this communication, without individuals having access to every email address, group email addresses will be defined and used. The Data Officer maintains the master list of email addresses. The Webmaster maintains the group email addresses on the secure website hosting service (see below).
St Cross Allotments will retain its Plotholders’ Personal Data for the period during which they apply to become a Plotholder. The Personal Data is stored on the active Master Membership List. Once a Plotholder resigns or leaves St Cross Allotments, for any reason, the Plotholders’ Person Data is deleted from the active Master Membership List. The retiring members personal data may be retained on an archive membership list for historical reasons unless the Plotholder, or the Plotholder's next of kin, has specifically requested otherwise.
One of the main objectives of the new GDPR is to protect the rights of EU Citizens with respect to the gathering, storage and processing of their personal data. The following rights are conferred on individuals.
* The right to be informed
* The right of access
* The right of rectification
* The right of erasure
* The right to restrict processing
* The right to data portability
* The right to object
* Rights in relation to automated decision making and profiling
The purpose of the St Cross Allotments Privacy Statement is to address the first of these rights, the right to be informed. We wish to be clear about the Personal Data we collect from Plotholders and how it is stored and how it is used for processing in support of Plotholders.
Plotholders have the right to know what personal data is being stored and to ask for any errors in their personal data to be corrected. The have a right to ask for data to be erased and for references to them to be forgotten. They may ask for certain aspects of the processing to not be applicable to their personal data. Plotholders may ask for copies of their data to be provided to them in electronic form. They may also ask for their data to be excluded from any automated profiling processing that St Cross Allotments may use.
Those Plotholders wishing to exercise any of the above rights should in the first instance write or speak with the Data Officer at dataofficer@stcrossallotments.org.uk. A full discussion of these rights can be found in the guidance documentation provided on the UK Government Information Commissioners Office webpage at the following URL; https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/principles/.
St Cross Allotments considers the safeguarding Plotholders’ Personal Data to be very important and undertakes not to share Plotholders’ Personal Data with third parties for marketing purposes.
As part of the support of Plotholders and the St Cross Allotments activities services of third parties are used. The St Cross Allotments website is hosted by the web-hosting company Fasthosts. Fasthosts provides secure servers to host customer websites. The Webmaster creates group email addresses for use by Plotholders. To provide this service individual Plotholders’ email addresses are stored on the secure servers of the hosting service.
In addition there are two other services St Cross Allotments uses to support Plotholders. Secure access to the Members Area of the website using email address and password is implemented on the website using a software component called Sitelok provided by Vibralogix. To achieve this level of security each Plotholders’ email address is stored in the software component located on the website secure server. The remaining third party component used is Mailchimp. Mailchimp allows St Cross Allotments to provide a newsletter facility for Members. To provide this Mailchimp has access to the email address of each Plotholder. Each third party has their own Privacy Statement available on their respective website.
The St Cross Allotments can use simple cookies; small files of text, placed on the visitors computer to enhance the experience and functionality of a return visit to the website. The user/visitor is able to control which cookies are acceptable via the settings in the users browser. Simple cookies are transient files usually deleted by the browser at the end of a session. Some cookies are persistent and are stored in the user's browser and are available to the website when the user visits subsequently.
Our website can contain links to other websites. We cannot be responsible for the functionality of the content of other websites. These websites can ask your browser to store cookies some of which will be persistent or even tracking cookies. Some external websites may request personal data in connection with the supply of goods and services and you are advised to be aware of the websites privacy policy in this respect.
The next update of the St Cross Allotments Website will contain more functionality to allow visitors to have further information about the use of cookies and the ways to manage them. At present we do not have any links with Facebook, Twitter or Instagram.