Sustainable Living Initiative (SLI) – Data Protection Policy

Personal Data held, how it is used, where it is stored, who accesses it and how, amending your data, removing data no longer needed.

Introduction

This policy describes how members’ data is held and used by the SLI. The policy has been agreed by trustees and forms part of the society’s compliance with the General Data Protection Regulation. We are not registered data holders – see Information Commisioner’s Office website here.

Personal Data Held

In order to provide membership services, SLI hold all or part of the following personal information on a computer:

  • Member’s ID – a numeric identifier to avoid confusion over similar names.
  • Member’s name
  • Postal delivery address
  • Member’s email address
  • A phone number. (Optional but kept if provided)
  • Membership type (eg “Grower at Bluebell”, “Grower at Marlpit”, “Grower at Home”, “Volunteer” or “Member only”)
  • Date of most recent payment
  • Amount of payment received
  • Preferred relevant activities or skills

We also collect anonymous data for equal opportunity monitoring.

How We Use Personal Data

The primary purpose of holding this data is for the SLI to fulfil its obligation to inform members of events and news at the email address they supplied.
Postal addresses are help for financial security reasons.
The SLI will not use its membership list to supply third parties with address lists or other information unless required to do so under UK law. Nor will the SLI use the data for fund-raising or direct marketing.

Storage of Personal Data

The membership data is held in a speadsheet on a personal computer. The computer is password protected and kept permanently in a locked office. The computer has up to date anti-virus protection software.
Encrypted backup copies are made on other media. Access to that data is only available to Officers of the Society who can demonstrate a need to access it and with whom access has been shared. Back up data will only be used to restore corrupted or lost primary data.
The membership details are held for just long enough after membership has ceased to validate accounts. Thereafter the record of every ex-member is deleted and a note added to a history archive recording only that fact.

Access to Personal Data

Only the nominated manager of the data “Data Manager” (normally the Secretary of SLI) may access the data and only for official SLI business. If the Data Manager is indisposed the Chairman of the SLI Trustees may appoint a Trustee or other resposible person to take on that role.
Members may request in writing access to their own details for their own purposes. Proof of identity will be required before passing this information on. (For example if a request is received the email address or postal address must match those we hold).
We will respond within the statutory limit of 40 days.

Changes to Personal Data

Members can request changes such as address changes in writing and must include proof of identity such as providing the old address or by sending from the email address we hold.

Deletion of Personal Data

If a member dies or resigns or when membership has lapsed the details of the member will be deleted after two years. This is to allow family members to continue membership.
If a valid request to delete a membership record is received, this will be done as soon as it is confirmed by the member.

13/09/2017