Hockering Residents' Association
Website Privacy Policy & Procedures
Privacy Policy
1) Definitions
-
Personal data is information about a person which is identifiable as being about them. It can be stored electronically or on paper, and includes images and audio recordings as well as written information.
-
Privacy is about how HRA, as an organisation, ensures the protection of the rights and privacy of individuals, and complies with the law, when collecting, storing, using, amending, sharing, destroying or deleting personal data.
2) Responsibility
-
Overall and final responsibility for data protection lies with the HRA Officers, who are responsible for overseeing activities and ensuring this policy is upheld. The Committee will appoint a Data Protection Officer from amongst their members, who will be responsible for data protection and ensuring HRA conforms to and follows current legislation.
-
All HRA Committee members are responsible for observing this policy, and related procedures, in all areas of their work for the members and residents of the Hockering Estate.
3) Overall policy statement
-
The Officers of HRA are required to keep personal data about its Trustees, Committee, members, and residents in order to carry out group activities.
-
HRA will collect, store, use, amend, share, destroy or delete personal data only in ways which protect people’s privacy and complies relevant legislation
-
HRA will only collect, store and use the minimum amount of data that is needed for clearly communicated purposes, and will not collect, store or use data that is not needed.
-
HRA will only collect, store and use data for:
-
purposes for which the individual has given explicit consent, or
-
purposes that are in the HRA’s legitimate interests, or
-
relating to contracts with the individual whose data it is, or
-
to comply with legal obligations, or
-
to perform public tasks.
-
-
HRA will provide individuals with details of the data HRA have about them when requested by the relevant individual.
-
HRA will delete data if requested by the relevant individual, unless HRA need to keep it for legal and operational reasons.
-
HRA will endeavour to keep personal data up-to-date and accurate, whilst recognising that it is members’ responsibility to keep the Committee informed of changes.
-
HRA will store personal data securely.
-
HRA will keep clear records of the purposes of collecting and holding specific data, to ensure it is only used for these purposes.
-
HRA will not share personal data with third parties, including other HRA members, without the explicit consent of the relevant individual, unless legally required to do so.
-
HRA will endeavour not to have data breaches. In the event of a data breach, HRA will make every effort to rectify the breach by retrieving any lost or shared data and will evaluate our processes to understand how to avoid it happening again. Serious data breaches which may risk someone’s personal rights or freedoms will be reported to the individual concerned as soon as possible, followed up with a report to the Information Commissioner’s Office within 72 hours.
-
To uphold this policy, HRA will maintain a set of Privacy Procedures for HRA Officers and Committee to follow, which will be subject to review annually or more frequently if needed by other changes in legislation.
4) Review
This policy will be reviewed every two years
Updated 21/6/19
Privacy Procedures
1) Introduction
-
The HRA has a Privacy Policy which is reviewed regularly. In order to help uphold the policy, HRA have created the following procedures which outline ways in which HRA collect, store, use, amend, share, destroy and delete personal data.
-
These procedures cover the main, regular ways we collect and use personal data. We may from time to time collect and use data in ways not covered here. In these cases we will ensure our Privacy Policy is upheld.
2) General procedures
-
Data will be stored securely. When it is stored electronically, it will be kept in password protected files. When it is stored online in a third party website (e.g. Google Drive) HRA will ensure the third party comply with the GDPR. When it is stored on paper it will be filed carefully in a locked cabinet or room.
-
When data is no longer needed, or when someone has asked for their data to be deleted, it will be deleted securely. HRA will ensure that data is permanently deleted from computers, and that paper data is shredded.
-
HRA will keep records of consent given for us by Residents to collect, use and store data. These records will be stored securely
-
A Data Protection Impact Assessment will be carried out if a significant change is introduced in the processing of personal data.
3) Master List
-
HRA will maintain a master list of residents’ details. This will include the names and contact details of people (members and tenants) who wish to receive notifications, newsletters, AGM minutes etc from the Committee.
-
The authority to keep a Master List comes from the Constitution (clause 3c) where there is specific reference to the data to be held and also what it is used for, namely the Honorary Secretary will keep a register of members and voting members and enter in it the names and addresses of all persons who are members and voting members. This is the core source of all data used by the Committee and provided by members.
-
The key things related to keep this data safe are
-
to strictly limit the number of places where this master list is held and/or who has access to it – currently the Honorary Secretary, Treasurer and Chairman
-
to ensure that any broadcast,or email communications sent out using the contact data is sent out under bcc/undisclosed recipient cover
-
if Committee members need to send a message to groups or individual members, the Hon. Secretary provides this forwarding service and HRA will never disclose an individual member’s details etc.
-
-
When people sign up to the list, HRA will explain how their details will be used, how they will be stored, and that they may ask to be removed from the list at any time. HRA will ask them to give separate consent to receive publicity and fundraising messages and will only send them messages which they have expressly consented to receive.
-
HRA will not use the master list in any way or for any purpose that the individuals on the list have not explicitly given consent
-
HRA will provide information about how to be removed from the list with every notification.
-
The Chairman and Hon. Secretary will keep the master list and store the data to comply with the GDPR legislation.
4) Planning matters and supporting individual residents
-
The HRA will from time to time, need to contact the council regarding planning applications as part of the HRA’s business.
-
Part of the general consent to use any personal details will include the need to use residents’ data in this way in order to communicate with the council about a planning application.
-
HRA will request explicit, signed consent before sharing any personal details with the council or any other relevant third party.
-
HRA will not keep information relating to an individual’s personal situation for any longer than is necessary for the purpose of providing them with the support they have requested.
-
Personal data relating to any issues regarding Residents properties will be stored securely by a member of the Committee, and not shared with the rest of the Committee or with other residents unless necessary for the purpose of providing the help requested.
-
Details relating to individual’s circumstances and their properties will be treated as strictly confidential.
-
Historical planning files are maintained together with correspondence and agreements regarding applications and developments on the Hockering, which are treated as confidential.
5) Web Site
-
The HRA operates a website for the benefit of the residents of the Hockering Estate.
-
A designated resident acts as Webmaster.
-
This Webmaster will not share any details with anyone outside of the HRA Committee or use any data for anything other than the running of the website, without explicit consent.
-
The data will be stored by the company we use to host the website, which will be compliant with GDPR regulations
-
All data requirements will be kept to a minimum and any resident’s data will be deleted on request by that resident. Data added by the resident in response to an invitation to attend an HRA social event or enter a residents’ discussion will be the responsibility of the resident
6) Contacting HRA Committee members
-
The Committee need to contact one another in order to manage the business of the Association effectively and ensure its legal obligations are met.
-
Committee contact details will be shared among the Committee, and with the members of the Association living on the Estate.
7) Review
These procedures will be reviewed every two years
Updated 19/10/19