The Tea & Tech CIC (hereafter the Club) has a data protection policy which is reviewed regularly. In order to help us uphold the policy, we have created the following procedures which outline ways in which we collect, store, use, amend, share, destroy and delete personal data.
These procedures cover the main, regular ways we collect and use personal data. We may from time to time collect and use data in ways not covered here. In these cases we will ensure our Data Protection Policy is upheld.
Data will be stored securely. When it is stored electronically, it will be kept in password protected files. When data is stored on paper, it will be filed carefully in a locked filing cabinet. When it is stored online in a third-party website, we will ensure the third party comply with the GDPR.
The only third-party we currently use is Mailchimp. Mailchimp's web site gives extensive guidance both on how users should go about achieving GDPR compliance and how it achieves GDPR compliance (see https://mailchimp.com/en-gb/gdpr/ accessed 02/12/22). Mailchimp’s policy for achieving compliance with UK and European data protection law is described in a document Data Processing Addendum, effective 01/01/2023 (URL https://mailchimp.com/en-gb/legal/data-processing-addendum-preview/ accessed 02/12/2022).
When we no longer need data, or when someone has asked for their data to be deleted, it will be deleted securely. We will ensure that data is permanently deleted from computers, and that paper data is shredded.
We will keep records of consent given for us to collect, use and store data. These records will be stored securely.
We will maintain a mailing list in Mailchimp. This will include the names and contact details of people who wish to receive publicity and fundraising appeals from the Club. Contact details will include at a minimum, first name, surname, email address, and London Borough. and at least one telephone number (fixed or mobile). Members have the option to fill in post code.
When people sign up to the list we will explain how their details will be used, how they will be stored, and that they may ask to be removed from the list at any time. We will ask them to give separate consent to receive publicity and fundraising messages, and will only send them messages which they have expressly consented to receive. We will keep our privacy notice under regular review, and we will make new versions available on the email giving notice of the next meeting.
We will not use the mailing list in any way to which the individuals on it have not explicitly consented.
We will provide information about how to be removed from the list with every mailing.
We will use mailing list providers who store data within the EU.
The club normally holds a weekly meeting to which all members are invited by email and optionally, also by a WhatsApp message. The meeting can be face-to-face, or remote (currently utilising Zoom), or both.
The designated attendance marker at a face-to-face meeting will ask any member on arrival for their name (if not personally recognised); and, in the case of a long absence, might check whether a contact detail (phone or email) was still correct. Any non-member turning up without notice would be asked to fill in contact details. The attendance record would be deemed to show simply whether a member was present or not at a meeting. No attempt would be made to track actual arrival and departure times.
The meeting format can optionally include presentations on topics of interest, but always provides the opportunity for members to ask for help on their computer problems. This help can be provided at the meeting by the host assigning one or more volunteers with relevant experience to the problem and, if run remotely, putting them with the member in a breakout room. Additionally, outside the meeting individuals can ask for help, either via email or by using the Club's WhatsApp group. The individual must give explicit consent for their contact details to be made available to a volunteer. This help can be provided at a subsequent meeting as above or by email or phone by a volunteer who has agreed to take on the problem.
Personal data relating to problems will be stored securely by a volunteer, and not shared with other volunteers, unless necessary for the purpose of providing the support requested. We will not keep information relating to an individual’s problem's for any longer than is necessary for the purpose of providing them with the support they have requested.
Details relating to individual’s circumstances will be treated as strictly confidential. From time to time it may be necessary for the Club to justify its funding by reporting details of the services it has provided for its members. Any such information would be given in an anonymous manner.
Local people volunteer for the Club in several ways. We will maintain a list of contact details of our recent volunteers. We will share volunteering opportunities and requests for help with the people on this list. People may be removed from the list if they have not volunteered for the group for 12 months.
When contacting people on this list, we will provide a privacy notice which explains why we have their information, what we are using it for, how long we will keep it, and that they can ask to have it deleted or amended at any time by contacting us.
To allow volunteers to work together to organise for the group, it is sometimes necessary to share volunteer contact details with other volunteers. We will only do this with explicit consent.
The committee need to be in contact with one another in order to run the organisation effectively and ensure its legal obligations are met. Committee contact details will be shared among the committee. Committee members will not share each other’s contact details with anyone outside of the committee or use them for anything other than Club business, without explicit consent.
If members wish to complain about the Club's Data Protection Procedures they should first complain to the Club's Data Protection Officer. This can be done by sending an email to firstname.lastname@example.org for their attention. If they are still not satisfied, they can complain to the Information Commissioner’s Office at www.ico.org.uk.
These procedures will be reviewed every two years
Signature (Co-ordinator): Toni Koppel
Signature (Secretary): Desmond Cronin
Our GDPR policy and procedures
Learners are reminded that the Club is run by volunteers, giving their time freely and with every intention of helping them to the best of their ability and knowledge. The Club cannot be held responsible for any damage, loss, costs or expenses arising from learners using any of our resources, either online or in-person.
© 2022 Tea and Tech Club CIC (Five Bells Computer Club)