Desford Allotment Gardens Association
Data Protection Policy.
​
Introduction
The data that members provide to us is kept in documents that are held and processed electronically. This means that the Association is subject to the Data Protection Act.
Under the Act, the data that members provide is not classed as "sensitive data", and because we are a not-for-profit organisation that does not use CCTV, we do not have to register with the ICO (Information Commissioner's Office). Nevertheless, under the Act, we have responsibilities of care to uphold. This document outlines our policies.
For more information, the ICO website is here: https://ico.org.uk/
What data do we keep?
We are only allowed to keep data that is necessary for our association activities. We keep the
following:
Name and postal address
Telephone number(s)
Email address
​
Accuracy
We will endeavour to maintain accurate records, but we rely on members keeping us up-to-date.
Anyone can at any time ask the Chairman for a copy of their recorded data. To request this, send an email to desfordallotments1@gmail.com
​
What is the data used for?
The data is only used for legitimate Association uses; these include:
-
Communication between committee members and plot holders as part of the daily running of the Association
-
Notification of Association meetings, distribution of the minutes of those meetings.
-
The provision of seed catalogues.
​
What is the data NOT used for?
We will not disclose your data to other members or to third parties or use it on behalf of third parties. For example, members may sometimes be lobbied to advertise a service or product that
might be useful to other members of the association. We will not use your addresses to do this (no "spam" allowed).
​
Who has access to the data?
Only those who need access to the data have access. The following committee members have access to all the member and plot holder data:
Chairman, Vice Chairman, Treasurer, Seed Secretary
What happens when a member leaves the Association?
We do not keep data that is not needed for the operation of the Association. The data for members who leave is held for at most 6 months, after which time it will be deleted from our records. We keep the data for a short period in the event that we need to communicate with a member who has recently left.
​
How do we protect the data?
The Data Protection Act does not specifically define the level of protection required for personal data, but rather recommends protection that is appropriate depending on the sensitivity of the data and the risks that might be incurred in the event of a security breach. The data that we keep is not classed by the Act as sensitive (examples of sensitive information are bank account details, ethnicity etc.). We therefore assume that the risks that we are exposed to are no greater than the risks of an individual providing the same data to a friend for social purposes.
​
Email usage
The Chairman, responsible for mass emails across the membership, has a Gmail account (desfordallotments1@gmail.com) used for the purpose which has a strong password. All email traffic to the Chairman is on this account and not on a personal email account. This account contains members’ email data. Mass emails to the membership are sent blind (Bcc) so that addresses are not exposed.
​
Encryption and passwords.
The data is held in documents on committee members’ personal computers. The members are expected to take the usual precautions regarding security. The documents themselves, mostly spreadsheets, are not encrypted.
There is sometimes a need to transmit a copy of all the data between committee members. Under these circumstances any document will be encrypted and the password communicated by telephone. This is to mitigate the risk that the document is sent to the wrong recipient.
Mobile (“smart”) phones are sometime used for email purposes. Phones are vulnerable to loss and theft so if they are used for Association business they must at least use a 4-character PIN.
Spreadsheets containing multiple records will not be kept on phones.
​
Who is responsible for the implementation of this policy?
A nominated member of the committee is responsible for ensuring that this policy is adhered to. The current nominee is Derek Poulton (Chairman)
Revision Final (May 2018)