DataProtection Policy:

1) Definitions

Personal data is information about a person which is identifiable as being about them. It can be stored electronically or on paper, and includes images and audio recordings as well as written information.

Data protection is about how we, as an organisation, ensure we protect the rights and privacy of individuals, and comply with the law, when collecting, storing, using, amending, sharing, destroying or deleting personal data.

2) Responsibility

Overall and final responsibility for data protection lies with the management committee, who are responsible for overseeing activities and ensuring this policy is upheld. To this end the committee will appoint an individual to beData Protection Officer with day-to-day responsibility for enforcing the DataProtection Policy.

All volunteers are responsible for observing this policy, and related procedures, in all areas of their work for the group.

3) Overall policy statement

TheTea & Tech CIC needs to keep personal data about its committee, members, volunteers and supporters in order to carry out group activities.

We will collect, store, use, amend, share, destroy or delete personal data only inways which protect people’s privacy and comply with the General Data ProtectionRegulation (GDPR) and other relevant legislation.

We will collect, store and use only the minimum amount of data that we need for clear purposes, and will not collect, store or use data we do not need.

We will only collect, store and use data for:

·  purposes for which the individual has givenexplicit consent, or

·   purposes that are in our group’s legitimateinterests, or

·   to comply with legal obligations.

We will

·     provide individuals with details of the data wehave about them when requested by the relevant individual.

·     delete data if requested by the relevantindividual, unless we need to keep it for legal reasons.

·     endeavour to keep personal data up-to-date andaccurate.

·     store personal data securely.

·     keep clear records of the purposes of collectingand holding specific data, to ensure it is only used for these purposes.

·     not share personal data with third partieswithout the explicit consent of the relevant individual, unless legallyrequired to do so.

We will endeavour not to have data breaches. In the event of a data breach, we will endeavour to rectify the breach by retrieving any lost or shared data. We will evaluate our processes and understand how to avoid it happening again. Serious data breaches which may risk someone’s personal rights or freedoms will be reported to the Information Commissioner’s Office within 72 hours, and to the individual concerned.

To uphold this policy, we will maintain a set of data protection procedures for our committee and volunteers to follow.

4) Review

This policy will be reviewed every two years

Signature (Co-ordinator):  Toni Koppel  
Signature (Secretary):    Desmond Cronin

Date: 28/11/24

Data Protection Procedures

1) Introduction

The Tea & Tech CIC (hereafter the Club) has a data protection policy which is reviewed regularly. In order to help us uphold the policy, we have created the following procedures which outline ways in which we collect, store, use, amend, share, destroy and delete personal data.

These procedures cover the main, regular ways we collect and use personal data. We may from time to time collect and use data in ways not covered here. In these cases we will ensure our Data Protection Policy is upheld.

2) General Procedures

Data will be stored securely. When it is stored electronically, it will be kept in password protected files. When data is stored on paper, it will be filed carefully in a locked filing cabinet. When it is stored online in a third-party website, we will ensure the third party comply with the GDPR.

We currently use Mailchimp to store our Club data. Mailchimp's web site gives extensive guidance both on how users should go about achieving GDPR compliance and how it achieves GDPR compliance, see https://mailchimp.com/en-gb/gdpr/ and https://mailchimp.com/help/about-the-general-data-protection-regulation/and https://mailchimp.com/legal/data-processing-addendum/, all accessed 23/11/24.

When someone has asked for their data to be deleted, it will be deleted securely. We will ensure that data is permanently deleted from computers, and that paper data is shredded.

We will keep records of consent given for us to collect, use and store data. These records will be stored securely.

3) Mailing List

We will maintain a mailing list in Mailchimp. This will include the names and contact details of people who wish to receive publicity and fundraising appeals from the Club. Contact details will include at a minimum, first name, surname, email address, and London Borough. and at least one telephone number (fixed or mobile). Members have the option to fill in post code.

When people sign up to the list we will explain how their details will be used, how they will be stored, and that they may ask to be removed from the list at any time. We will ask them to give separate consent to receive publicity and fundraising messages, and will only send them messages which they have expressly consented to receive. We will keep our privacy notice under regular review, and we will make new versions available on the email giving notice of the next meeting.

We will not use the mailing list in any way to which the individuals on it have not explicitly consented.

We will provide information about how to be removed from the list with every mailing.

We will use mailing list providers who store data within the EU.

4) Supporting Individuals

The club normally holds a weekly meeting in term time to which all members are invited by email and optionally, also by a WhatsApp message. The meeting can be face-to-face, or remote (currently utilising Zoom), or both.

The designated attendance marker at a face-to-face meeting will ask any member on arrival for their name (if not personally recognised); and, in the case of a long absence, might check whether a contact detail (phone or email) was still correct. Any non-member turning up without notice would be asked to fill in contact details. The attendance record would be deemed to show simply whether a member was present or not at a meeting. No attempt would be made to track actual arrival and departure times.

5) The Meeting Format

The meeting format can optionally include presentations on topics of interest, but always provides the opportunity for members to ask for help on their computer problems. This help can be provided at the meeting by the host assigning one or more volunteers with relevant experience to the problem and, if run remotely, putting them with the member in a breakout room. Additionally, outside the meeting individuals can ask for help, either via email or by using the Club's WhatsApp group. The individual must give explicit consent for their contact details to be made available to a volunteer. This help can be provided at a subsequent meeting as above or by email or phone by a volunteer who has agreed to take on the problem.

Personal data relating to problems will be stored securely by a volunteer, and not shared with other volunteers, unless necessary for the purpose of providing the support requested. We will not keep information relating to an individual’s problem's for any longer than is necessary for the purpose of providing them with the support they have requested.

Details relating to individual’s circumstances will be treated as strictly confidential. From time to time it may be necessary for the Club to justify its funding by reporting details of the services it has provided for its members. Any such information would be given in an anonymous manner.

6) Digital Workshops

The Good Things Foundation provided funding for the Club’s series of DigitalWorkshops. Their privacy procedures, use of cookies and GDPR compliance are described at https://www.goodthingsfoundation.org/policies/privacy-policy.html, and terms and conditions at https://www.goodthingsfoundation.org/what-we-do/who-we-are/policies/terms-conditions/(all accessed 23/11/24) .

The Club used Ticket Tailor to provide the booking tickets for the DigitalWorkshops and the details are passed to the Good Things Foundation. . TicketTailor details its GDPR compliance at https://www.tickettailor.com/legal/gdpr and https://www.tickettailor.com/legal/privacy-policy, with its Terms and Conditions for providing its service at https://www.tickettailor.com/legal/terms-and-conditions (all accessed 23/11/24)

TheGood Things Foundation runs the Learn My Way company and it was a fundingrequirement for attendees to register for the lessons on the Learn My Waywebsite and to complete at least one lesson. The data required to register was name, email address or mobile numberand London borough. The Club was also required to get attendees to fill infeedback forms after each Workshop and make them available to the Good ThingsFoundation. Learn My Way details its privacy policy and GDPR compliance at https://www.learnmyway.com/privacy,its Terms and Conditions at https://www.learnmyway.com/terms-and-conditions(all accessed 23/11/24).

The Club is also required to keep documents providing proof of delivery andspending for potential inspection: attendance records must be kept for 6 monthsand financial records for up to 7 years. The Club is willing to provide atestimonial based case study abouthow the grant has benefitted it and, if required, will get prior writtenconsent from all users identified in it.

7) Contacting Volunteers

Local people volunteer for the Club in several ways. We will maintain a list of contact details of our recent volunteers. We will share volunteering opportunities and requests for help with the people on this list. People may be removed from the list if they have not volunteered for the group for 12 months.

When contacting people on this list, we will provide a privacy notice which explains why we have their information, what we are using it for, how long we will keep it, and that they can ask to have it deleted or amended at any time by contacting us.

To allow volunteers to work together to organise for the group, it is sometimes necessary to share volunteer contact details with other volunteers. We will only do this with explicit consent.

8) Contacting Committee Members

The committee need to be in contact with one another in order to run the organisation effectively and ensure its legal obligations are met. Committee contact details will be shared among the committee. Committee members will not share each other’s contact details with anyone outside of the committee or use them for anything other than Club business, without explicit consent.

9) Complaints Procedure

If members wish to complain about the Club's Data Protection Procedures they should first complain to the Club's Data Protection Officer. This can be done by sending an email to fivebells.computerclub@gmail.com for their attention. If they are still not satisfied, they can complain to the Information Commissioner’s Office at www.ico.org.uk.

10) Review

These procedures will be reviewed every two years

Signature (Co-ordinator):  Toni Koppel  
Signature (Secretary):    Desmond Cronin

Date: 28/11/2024