Wissey U3A Data Protection and Privacy Policy
1 What is Data Protection?
In today`s digital world, many of us use our laptops, computers and phones to
communicate, browse the internet for information, and carry out other transactions eg
banking, shopping, making appointments and reservations. Many of us also use social media
such as Twitter and Facebook to keep in touch with friends and family.
Every time we do this, information about us is stored electronically by the organisations and
companies we connect with. Whilst most are reputable there is a risk that some of our
personal data could be used by unscrupulous individuals to hack into our devices, stealing
private information thus breaching our confidentiality and risking financial loss.
For this reason, the Government introduced new regulations - the General Data Protection
Regulations - to help protect our personal data online and placing a duty on all companies
and organisations to hold data legitimately and securely. The Regulations also give everyone
legal rights about how their personal information is managed.
2 The Scope of this Policy
This policy document sets out how the Wissey U3A will comply with the GDP Regulations in
the way it collects, stores and manages your personal information for membership
purposes. Also, how we will be open and transparent about what information we collect
and why and how we will use it and not use it. It also sets out the steps we will take to keep
personal information safe to avoid the risk of a data breach.
The policy also sets out your rights to know what information we hold about you, your right
to correct anything that’s wrong and to withdraw your consent for its use.
This policy document is an ‘Easy to read’ summary of the full Wissey U3A Data Protection
and Privacy https://www.u3a.org.uk/edocman-downloads/data-protection
3 Data Protection principles
For the purposes of data protection law, the Wissey U3A is the data controller for all
personal information collected and used by us.
There are six data protection principles the Wissey U3A needs to follow:
• Personal data must be processed lawfully, fairly and in a transparent way
• Personal data must be collected for specified, explicit and legitimate purposes only and
not processed further
• Personal data must be limited to what is adequate and strictly necessary
• It must be accurate and kept up to date
• It must be kept for only as long as is necessary (although some information can be
archived or kept for historical records)
• Personal data must be stored and processed in a secure way to avoid accidental loss,
destruction or damage
4 How we will collect and manage your personal data
We ask for certain personal information because you are, or want to become, a member of
the Wissey U3A. We need this to communicate with you about Wissey U3A events, send you
newsletters, keep you up to date on news and our activity groups. We also need this
information to keep our database up to date, manage the annual renewal process and send
information to National U3A.
On our application form we ask for details of
• your name, status and how you wish to be addressed
• your postal address
• your email address if you have one
• your telephone contact details
• whether you wish your membership fee to be treated for HMRC gift aid purposes
• whether you wish to receive the Third Age Matters magazine for which there is a
small extra subscription
We ask you to sign and date the form and agree that this information can be used by us to
communicate with you about Wissey U3A matters and so that Group Leaders can
communicate with you about any activity groups you decide to join.
We will pass information onto HMRC for those members wanting to use Gift Aid and to the
Third Age Matters distribution company for those wishing to subscribe to the magazine.
Occasionally there may be times when we need to ask for additional personal data eg,
health and disability issues and next of kin details if we are organising a specific trip or
event, in the interests of health and safety. We will carry out as assessment to ensure this is
necessary and will always ask you for your specific consent first.
We will also always ask for your specific consent to take and display photographs of Wissey
U3A events and groups for publicity and newsletter purposes. You have the right not to be
included in any photos and to request that photos of yourself are not used.
We have a responsibility to keep your personal data up to date so please let us know of any
changes as soon as details change or at the annual membership renewal time.
5 Who has access to your data?
Only members of the Wissey U3A Committee and Group Leaders will have access to your
personal data.
The Committee and Group Leaders will receive training on Data Protection and Privacy
requirements from time to time and keep up to date with good practice and any changes in
legislation.
The member database will be held on the main WisseyU3A laptop which is password
protected, has up to date virus protection and is managed by the Membership Secretary.
Information will be shared with other committee members and Group leaders as needed for
their roles. This will be held on their laptops or computers with strong passwords and up to
date virus protection. Passwords will not be shared between Committee members and
Group Leaders.
We will not share your personal data with another member without first seeking your
consent eg if someone asks for your phone number
We will not share data with third parties for marketing and promotional purposes and
neither will we pass their information onto our members
6 Your rights
You are entitled to request details of any information we hold about you. You should make
your request in writing to the Membership Secretary and we will respond within one month.
You are also entitled to correct any information that is out of date ,inaccurate or to have
your information erased. You are entitled to withdraw your consent for us to use your data
at any time. You also have the right to complain to the Information Commissioner Office if
you feel unhappy about how we are managing your information or dealing with any issues
you raise
7 What happens if there’s a Data breach?
If there is a data breach, the Committee will take action to minimise any harm and rectify
the matter as quickly as possible. The Chairman will liaise with National U3A to seek advice
and determine the seriousness of the breach and whether it should be reported to the
Information Commissioner Office. The committee will also inform any U3A members
affected and of action being taken/needed.
If a member of the U3A believes there has been a breach of data then they should advise
the Chairman and provide details immediately so the matter can be investigated. The
member will be notified of the outcome and any action taken and advised they can report
the matter to the Information Commissioner Office if they remain dissatisfied.
This policy will be reviewed annually.
Date of Policy approval by Wissey U3A Committee : October 2023
Date of review : October 2024
1 What is Data Protection?
In today`s digital world, many of us use our laptops, computers and phones to
communicate, browse the internet for information, and carry out other transactions eg
banking, shopping, making appointments and reservations. Many of us also use social media
such as Twitter and Facebook to keep in touch with friends and family.
Every time we do this, information about us is stored electronically by the organisations and
companies we connect with. Whilst most are reputable there is a risk that some of our
personal data could be used by unscrupulous individuals to hack into our devices, stealing
private information thus breaching our confidentiality and risking financial loss.
For this reason, the Government introduced new regulations - the General Data Protection
Regulations - to help protect our personal data online and placing a duty on all companies
and organisations to hold data legitimately and securely. The Regulations also give everyone
legal rights about how their personal information is managed.
2 The Scope of this Policy
This policy document sets out how the Wissey U3A will comply with the GDP Regulations in
the way it collects, stores and manages your personal information for membership
purposes. Also, how we will be open and transparent about what information we collect
and why and how we will use it and not use it. It also sets out the steps we will take to keep
personal information safe to avoid the risk of a data breach.
The policy also sets out your rights to know what information we hold about you, your right
to correct anything that’s wrong and to withdraw your consent for its use.
This policy document is an ‘Easy to read’ summary of the full Wissey U3A Data Protection
and Privacy https://www.u3a.org.uk/edocman-downloads/data-protection
3 Data Protection principles
For the purposes of data protection law, the Wissey U3A is the data controller for all
personal information collected and used by us.
There are six data protection principles the Wissey U3A needs to follow:
• Personal data must be processed lawfully, fairly and in a transparent way
• Personal data must be collected for specified, explicit and legitimate purposes only and
not processed further
• Personal data must be limited to what is adequate and strictly necessary
• It must be accurate and kept up to date
• It must be kept for only as long as is necessary (although some information can be
archived or kept for historical records)
• Personal data must be stored and processed in a secure way to avoid accidental loss,
destruction or damage
4 How we will collect and manage your personal data
We ask for certain personal information because you are, or want to become, a member of
the Wissey U3A. We need this to communicate with you about Wissey U3A events, send you
newsletters, keep you up to date on news and our activity groups. We also need this
information to keep our database up to date, manage the annual renewal process and send
information to National U3A.
On our application form we ask for details of
• your name, status and how you wish to be addressed
• your postal address
• your email address if you have one
• your telephone contact details
• whether you wish your membership fee to be treated for HMRC gift aid purposes
• whether you wish to receive the Third Age Matters magazine for which there is a
small extra subscription
We ask you to sign and date the form and agree that this information can be used by us to
communicate with you about Wissey U3A matters and so that Group Leaders can
communicate with you about any activity groups you decide to join.
We will pass information onto HMRC for those members wanting to use Gift Aid and to the
Third Age Matters distribution company for those wishing to subscribe to the magazine.
Occasionally there may be times when we need to ask for additional personal data eg,
health and disability issues and next of kin details if we are organising a specific trip or
event, in the interests of health and safety. We will carry out as assessment to ensure this is
necessary and will always ask you for your specific consent first.
We will also always ask for your specific consent to take and display photographs of Wissey
U3A events and groups for publicity and newsletter purposes. You have the right not to be
included in any photos and to request that photos of yourself are not used.
We have a responsibility to keep your personal data up to date so please let us know of any
changes as soon as details change or at the annual membership renewal time.
5 Who has access to your data?
Only members of the Wissey U3A Committee and Group Leaders will have access to your
personal data.
The Committee and Group Leaders will receive training on Data Protection and Privacy
requirements from time to time and keep up to date with good practice and any changes in
legislation.
The member database will be held on the main WisseyU3A laptop which is password
protected, has up to date virus protection and is managed by the Membership Secretary.
Information will be shared with other committee members and Group leaders as needed for
their roles. This will be held on their laptops or computers with strong passwords and up to
date virus protection. Passwords will not be shared between Committee members and
Group Leaders.
We will not share your personal data with another member without first seeking your
consent eg if someone asks for your phone number
We will not share data with third parties for marketing and promotional purposes and
neither will we pass their information onto our members
6 Your rights
You are entitled to request details of any information we hold about you. You should make
your request in writing to the Membership Secretary and we will respond within one month.
You are also entitled to correct any information that is out of date ,inaccurate or to have
your information erased. You are entitled to withdraw your consent for us to use your data
at any time. You also have the right to complain to the Information Commissioner Office if
you feel unhappy about how we are managing your information or dealing with any issues
you raise
7 What happens if there’s a Data breach?
If there is a data breach, the Committee will take action to minimise any harm and rectify
the matter as quickly as possible. The Chairman will liaise with National U3A to seek advice
and determine the seriousness of the breach and whether it should be reported to the
Information Commissioner Office. The committee will also inform any U3A members
affected and of action being taken/needed.
If a member of the U3A believes there has been a breach of data then they should advise
the Chairman and provide details immediately so the matter can be investigated. The
member will be notified of the outcome and any action taken and advised they can report
the matter to the Information Commissioner Office if they remain dissatisfied.
This policy will be reviewed annually.
Date of Policy approval by Wissey U3A Committee : October 2023
Date of review : October 2024