You can see and download a printable version of this page here.
Any personal information you provide to us is held on the understanding that the information should not be divulged to any person or organisation unless solely necessary for the operation of this U3A. We comply with the Data Protection Act and - in particular - the data protection principles as well as the UK General Data Protection Regulation (GDPR).
We hold very little personal information - only that which is necessary for the operation of Hayling Island U3A. Specifically we do not hold personal bank, credit card or debit card data, nor do we hold any data classified as 'Special' under the General Data Protection Regulation; for example: racial, religious, medical, political, sexual orientation and trade union membership.
In the following section we describe how we handle your personal data. The final section describes how you can:
- Find out more
- Exercise your data protection rights
Click any heading preceded with a triangle like this: to see more information.
How we handle your personal data
Lawful basis of processing
The GDPR sets out several reasons why we might be able to hold data about you. The U3A Trust advise us that we have a right under the 'Contract' provision.
We note that we also have a 'legitimate interest' in holding your data, specifically:
- Our interest in administering Hayling Island U3A
- Members' interests:
- Being kept informed
- Allowing them to communicate with each other, subject to their own choices
- Notifying emergency contacts if necessary
This is the information held about Hayling Island U3A members. If you are a member you can see it in your personal profile page.
We need the following pieces of information about members in order to operate the web site:
- The type of membership, i.e. Full, Associate or Honorary
- The date the member joined
- An indication of:
- whether a group leader, or not
- who is allowed to see the member's contact information
- whether the member has retired as a member of HIU3A and, if so, the reason
- whether the member has asked us to gift aid their subscriptions
- whether we should arrange for the member to get the U3A Trust newsletter
- whether the member has opted not to receive the printed version of the Hayling Island U3A newsletter
- Email preferences
Members may also provide:
- An email address (which can be an address shared with a spouse or partner)
- A postal address (required for members who want to receive a printed version of the Hayling Island U3A newsletter)
- Home telephone number
- Emergency contact(s)
The membership secretary can also maintain administrative notes relating to a member.
Keeping basic data up-to-date
Members can also ask the Membership Secretary to change details on their behalf.
The Membership Secretary updates details of members who have retired from HIU3A - usually following a failure to renew subscriptions or notification of a member's death.
Access to basic data
The following have access to elements of basic data:
... can see:
- A member's name if it is mentioned in a page or if they are a group leader, committee member, or other officer
- A member's phone number but only if they provide one and they are a group leader
- A link to email a member if:
- They are a group leader
- They are a committee member or other officer
The link does not disclose the email address and cannot be re-used after a short time has elapsed (preventing spammers from repeatedly mailing the member).
Member contact details will also appear to the public in the text of pages but only with their agreement or at their request. Typically this will be because they are administering some activity involving the public.
Note that we can adapt page content based on whether the person viewing is logged in as a member, or not. It is therefore possible members will see additional information on public pages that is not available to the general public.
Hayling Island U3A members
Members of Hayling Island U3A that are logged in to the site with their personal username and password can see other members' contact details, but only if:
- The member has opted to make their details visible to all other HIU3A members; or
- The member has opted to make them visible to fellow group members in which case they are shown to members of groups to which they belong
Members cannot see contact details for members who have retired from HIU3A.
Leaders of HIU3A groups can see emergency contact details for any member of their group provided they have logged-in with their personal username and password. Leaders of the Visits group can see emergency details for all members that book onto a visit.
The Membership Secretary, the Interest Groups Co-ordinator and the Web site editor can see all basic data.
Retention of basic data
We keep data about members for the duration of their membership.
When we detect a member has retired from HIU3A we mark the member's record. From that point on:
- The public and HIU3A members cannot use the web site to send emails to the member
- The member is no longer shown as a member of any groups
- The member's contact details are no longer available to other members (except site administrators) - instead they are told the member has retired, but not the reason
In effect, retired members are removed from the web site. We retain their details for up to a year, however, in case of misunderstandings or a decision to rejoin. In that case we can remove the retired flag from the member's record to reinstate them.
Note that removal of a retired member's details from the web site is subject to any legal constraints. Specifically we are required to retain a member in the database for seven years after a gift aid subscription.
We hold the following information about group members:
- Which groups the member belongs to so group leaders can keep track of who is in their group and can easily keep them up-to-date with what's happening in the group.
- Which member or members lead each group. That's so people can get in touch to find out more about the group.
- Which members can, for a given group, edit:
- The main group page
All members of a group can see a list of the other members of that group. They can also use a link to email other group members but the link does not disclose the email address.
Group leaders can add or remove members for their groups, They can also add or remove their group editors. The Membership Secretary, the Interest Groups Co-ordinator and the Web site editor can add or remove group members, leaders and editors.
In addition to basic data and group memberships, the web site holds information about:
We hold details of payments to:
- Keep track of who has paid and who hasn't
- Administer payments via different methods, i.e. cash, cheque or bank transfer
- Administer recovery of tax via the Gift Aid scheme
We will retain payment details for seven years in order to ensure we can respond to queries from HMRC and the Charities Commission.
We hold information about which members have booked for a given visit and (if different) the person that registered their booking. The information includes whether the visit has been paid for, the requested pick-up point and any special requirements.
The information is available to Visit group leaders and site administrators.
The data held for a member is anonymised automatically when we delete that member's basic details.
In any case, we anonymise all booking data after five years have elapsed.
Registrations for other events
We also have the capability to record registrations for other events. We introduced it for the 10th birthday celebration lunch and will use it for similar, future events. It simply records who has registered and any special requirements.
Booking data will be provided to the event's administrators.
We will retain the data for up to one year after each event.
Registrations of interest
Members of the public and HIU3A members can register interest in joining a group. The leader(s) of the relevant group and the Interest Group Co-ordinator are automatically emailed with details of each registration. They can also access the list of registrations via the web site. We hold the details provided by the registrant which includes, for members of the public, their name and email address.
Group leaders and site administrators can delete registrations at any time. We will also delete registrations on request from the registrant or, in any case, after five years.
We do not retain any information from the 'Contact us' or 'Contact U3A members' forms. Instead, the forms generate emails to the target individual(s) with an optional copy to the person sending the email.
Data provided to third parties
- Name and address information for relevant members to the U3A Trust for circulation of the U3A Trust newsletter
- Name, address and payment details to HMRC to justify our claim under the Gift Aid scheme
- Addressed envelopes containing HIU3A newsletters to voluntary organisations prepared to distribute them on our behalf (typically at Christmas)
- Name, email address and mobile phone data to Square (our payment provider) to allow us to:
- connect members and the payments they make to us
- generate automated receipts delivered by text or email
Otherwise we undertake not to provide information to any third party unless legally obliged to do so.
Copies of data held on computer or paper
From time to time, officers of HIU3A will make copies of data held in the web site database because:
- It is required for a legitimate process; for example: the Gift Aid notification to HMRC has to be prepared as a spreadsheet
- It is expedient for some aspect of HIU3A's administration; for example, group leaders can take details of their group's emergency contact details with them when meetings are not at a member's home
- To provide a backup to the web site and additional reassurance should we be audited by HMRC or the Charities Commission
Data copies will be deleted or shredded as soon as they are no longer needed.
Securing web site data
We keep a number of backups of web site data:
- We assume that our Internet Service Provider, keeps backup copies but we don't rely on them.
- We make a backup copy every day which is stored, encrypted, in a OneDrive folder belonging to the web site editor and made available to site administrators.
Apart from those pages available to the general public, access to the site is restricted to Hayling Island U3A members who log in with their personal username and password. Passwords are encrypted before they are stored in such a way that no-one, not even site administrators, can retrieve the password (we use a process known as one-way encryption).
All traffic between our web site and web browsers is encrypted automatically using industry-standard https protocols.
Access to web site programming and site administration details is restricted to the Web site editor and a WordPress developer who has agreed to be a backup for the Web site editor if needed.
How you can exercise your rights
You have rights under data protection legislation. The relevant ones being:
- The right to be informed about our collection and use of your personal data. This document helps us satisfy that right. Please let us know if:
- You have any questions about how we handle your data or what we hold
- Right of access to information we hold about you. If you want to see that information please contact the Membership Secretary.
- Right of rectification. It's in everyone's interest that we hold accurate information. You can get your information corrected:
- Online if the incorrect information is part of your web site profile (for example: your: name; address; email address; and phone numbers)
- Via group leaders if we show your group membership incorrectly
- Via the web site editor if the content of a web page is incorrect
- Otherwise (or if you have a problem with any of the above), contact the Membership Secretary
- Right to erasure. Note that this is not an absolute right. If you request deletion of all your data you can no longer remain a member of Hayling Island U3A. We will remove your data from the web site immediately on your request subject to our data security and retention policies described above. To request erasure of your personal data, contact the Membership Secretary.