West Cumbria U3A

Data Protection

West Cumbria U3A Data Protection Policy

The following policy summarises how data is gathered stored and managed in West Cumbria U3A.

Access toWest Cumbria u3a membership data is limited to those committee members and group leaders who need to communicate with or provide a service to theWest Cumbria u3a members.
Membership data is kept secure and protected by strong passwords. All users have a user-id assigned to them and each user sets his/her own password. Passwords must never be shared.
With exception of specific and agreed reasons such as applying for grants or information required by the national U3A body, membership data is not shared outsideWest Cumbria u3a without prior consent of the Executive Committee.

West Cumbria u3a membership data is never used for the dissemination of marketing and/or promotional materials from external service providers.
Individual member’s rights to be informed, to access their own data, to rectify errors, to erasure, to restrict processing and to object will be protected at all times.

Any Member can request to examine the dataWest Cumbria u3a holds on him/her.
When a committee member or group convenor relinquishes his or her role, s/he must delete the data from their own storage systems.
Committee members and group leaders are made aware of their responsibilities in remaining compliant with data protection regulations at the AGM.

Privacy

Membership data collection is limited to Names, addresses, email addresses, telephone numbers, subscription preferences, Gift Aid information, group membership and next of kin.
Membership data is only used by the committee and group leaders to facilitate participation in u3a activities or where there is a legal or regulatory reason.
Blind courtesy copy (Bcc) should be used whenever sending bulk or group emails unless those being emailed have given permission to do otherwise.
Written permission must be obtained before any personal data such as email addresses and phone numbers can be published on any documents issued byWest Cumbria u3a, including our website. Permission can be given by email.
If group leaders require contact information they should request it from their group members.

Legitimate Interest Assessment: Next of Kin

As part of its duty of care towards its membership, West Cumbria u3a may require contact details for members’ next of kin so that the committee and/or group conveners know who to contact in the event of an emergency.West Cumbria u3a only utilises next of kin information provided by members in the event of a serious incident/accident. This data is not processed for any other purpose

Photographs.

Photographs are classed as personal data.
Where group photographs are taken, members who do not wish to be photographed will be asked to step aside.
Members are asked to consent to individual photographs and are informed of how they will be displayed or used.
Any member, at any time, who wishes for his/her photograph to be removed from display can inform the Chair or any committee member that they wish their photograph to be removed.
Notification of Data Breaches
All data breaches must be reported to the Chair as soon as they are discovered.
All data breaches must be investigated to determine- how many members are potentially affected by the breach,what personal information has been exposed, how the breach occurred and how West Cumbria U3A should deal with the data breach.

This policy will be reviewed in 2 years time - Autumn 2026