Privacy Policy Morpeth U3A
Privacy Policy
1 Introduction
1.1 Privacy
Morpeth U3A (we or us) treats your privacy rights seriously. This Privacy Policy sets out the basis on which we collect and use personal data about you.
1.2 Personal Data
In this Privacy Policy, where we use the words personal data we use these words to describe information that is about you and which identifies you.
1.3 In this Privacy Policy:
1.3.1 the word Trust means The Third Age Trust (charity number 288007)
1.3.2 the word TATTL means Third Age Trust Trading Limited (company number 11899419) and
1.3.3 the Beacon System means the membership data system operated by TATTL.
1.4 This Policy describes:
1.4.1 who is responsible for the personal data that we collect about you;
1.4.2 the personal data we collect about you;
1.4.3 how we will use it;
1.4.4 who we may disclose it to; and
1.4.5 your rights and choices in relation to your personal data.
This is to make sure you have a full picture of how we collect and use your personal data.
2 Who is responsible for the personal data that we collect?
We are the data controller for the purposes of data protection law, in respect of your personal data collected and used by us.
3 What personal data do we hold about you?
3.1 Collection and use
We collect and use personal data about you for the purpose of communicating with you as representative of your U3A. The personal data we hold includes:
3.1.1 Information that you provide to us / we collect from you
The information that you provide to us / we collect from you may include the following:
Type of Personal Data
General - Contact information
Examples: When you express an interest in becoming a member of Morpeth U3A you will be asked to provide certain information. This includes:
• your name
• home address
• email address
• telephone number
General - Marketing
Subscription Preferences
Examples: Details of any marketing preferences that you express including any opt outs you provide.
General - Other
Online activity information (to the extent that it constitutes personal data)
Examples: Technical information, through your internet browser or electronic device: Certain information is collected by most websites or automatically through your electronic device, such as your IP address (i.e. your computer’s address on the internet), screen resolution, operating system type (Windows or Mac) and version, internet browser type and version, electronic device manufacturer and model, language, time of the visit and pages visited.
Examples: Technical information, using cookies and online tracking: Cookies are pieces of information stored directly on the device you are using to access our Website. Cookies allow us to recognise your device and to collect information such as IP address, internet browser type, time spent using the Website and the pages visited.
This information may be provided:
(a) in the course of communications between you and us (including by phone, email or otherwise);
(b) when you provide personal data via our Websites or using other systems which we provide to you;
4 Information about third parties
4.1 Third parties
In the course of us communicating with you, you may provide us with personal data relating to third parties.
4.2 Consent and third parties
We will use this personal data in accordance with this Privacy Policy. If you are providing personal data to us relating to a third party, you confirm that you have the consent of the third party to share such personal data with us and that you have made the information in this Privacy Policy available to the third party.
5 How do we use the personal data we collect about you?
5.1 Purposes
We use your personal data for a variety of different purposes during the course of us providing services to you. The purposes for which we use your personal data are set out below. Under data protection law, we can only use your personal data if we have a legal basis to do so. Examples of where we have a legal basis to process your personal data, includes when:
5.1.1 we have your consent;
5.1.2 it is necessary to enter into or perform a contract we have with you (or to take steps at your request prior to entering into that contract);
5.1.3 it is necessary to comply with a legal obligation; or
5.1.4 it is in our legitimate interests to process your personal data.
5.2 Legal Basis
We have set out our reasons for using your personal data in the table below under the heading Legal Basis. Where we rely on our legitimate interests, we have set out those interests in the table below.
Purpose
To set up and manage your membership Legal Basis - Contract/Legitimate interests
To manage membership information on the Beacon system Legal Basis - Contract/Legitimate interests
To share with the Trust and TATTL to manage, develop and make improvements to the Beacon system Legal Basis - Legitimate interests
To administer, plan and manage our U3A Legal Basis - Legitimate interests
To monitor, develop and improve the provision of our U3A activity Legal Basis - Legitimate interests
To communicate with you about our U3A products, services, activities and events Legal Basis - Contract/Legitimate interests
To communicate with you about Trust products, services, activities and events Legal Basis - Contract/Legitimate interests
To deliver Trust publications including Third Age Matters Legal Basis - Contract/Legitimate interests
To comply with any legal or regulatory obligations (including in connection with a court order Legal Basis - Legal obligation
To enforce or apply the agreements concerning you (including agreements between you and us). Legal Basis - Contract/Legitimate interests
To manage any issues, complaints, feedback and enquiries. Legal Basis - Consent/Contract/Legitimate interests
6 Automated processing
We do not use your personal data to make any automated decisions that might affect you.
7 Who may we disclose your Personal data to?
7.1 We may share your personal data with:
7.1.1 the Third Age Trust and
7.1.2 Third Age Trust Trading Limited and
7.1.3 our service providers and business partners.
For more information please refer to Schedules 1 and 2.
7.2 We may also disclose your personal data to other third parties, for example:
7.2.1 if we or substantially all of our assets are acquired by a third party (or are subject to a reorganisation within our corporate group), personal data held by us will be one of the transferred assets; and
7.2.2 if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our the agreements concerning you (including agreements between you and us).
8 Where will we transfer your personal data?
If we transfer personal data outside the UK or the European Economic Area (EEA), we will implement appropriate and suitable safeguards to ensure that such personal data will be protected as required by applicable data protection law.
9 How long will we keep your personal data?
9.1 Retention periods
We will keep your personal data for different periods depending on the nature of the information, the purpose for which it was collected, any legal obligation and/or business reason to retain.
9.2 Extensions
Please note that the above retention period may be extended where we need to preserve and use personal data for the purposes of bringing or defending a legal claim. In such cases, we will continue to hold and process your personal data for as long as is necessary to deal with the legal proceedings.
10 Your rights
You have certain rights with respect to your personal data. The rights will only apply in certain circumstances and are subject to certain exemptions. Please see the table below for a summary of your rights. Details of who to contact to exercise these rights can be found in
paragraph 14.
Summary of your rights
Right of access to your personal data
Summary of your rights - You have the right to receive a copy of your personal data that we hold about you and information about how we use it, subject to certain exemptions.
Right to rectify your personal data
Summary of your rights - You have the right to ask us to correct your personal data that we hold where it is incorrect or incomplete.
To ensure the information we hold is accurate and up to date, member's need to inform the U3A as to any changes to their personal information. You can do this by contacting the membership secretary on morpethu3a.membership@gmail.com
On an annual basis you will have the opportunity to update your information, as required, via the membership renewal process. Should you wish to view the information that the U3A holds on you, you can make this request by contacting the membership secretary. There may be certain circumstances where we are not able to comply with this request. This would include where the information may contain references to other individuals or for legal, investigative or security reasons. Otherwise we will usually respond within one month of the request being made.
Right to erasure of your personal data
Summary of your rights - You have the right to ask that your personal data be deleted in certain circumstances. For example:
• where your personal data is no longer necessary in relation to the purposes for which it was collected or otherwise used;
• if you withdraw your consent and there is no other legal ground for which we rely on for the continued use of your personal data;
• if you object to the use of your personal data (as set out below);
• if we have used your personal data unlawfully; or
• if your personal data needs to be erased to comply with a legal obligation.
Right to restrict the use of your personal data
Summary of your rights - You have the right to suspend our use of your personal data in certain circumstances. For example:
• where you think your personal data is inaccurate but only for so long as is required for us to verify the accuracy of your personal data;
• the use of your personal data is unlawful and you oppose the erasure of your personal data and request that it is suspended instead;
• we no longer need your personal data, but your personal data is required by you for the establishment, exercise or defence of legal claims; or
• you have objected to the use of your personal data and we are verifying whether our grounds for the use of your personal data override your objection.
Right to data portability
Summary of your rights - You have the right to obtain your personal data in a structured, commonly used and machine-readable format and for it to be transferred to another organisation, where it is technically feasible. The right only applies:
• to personal data you provided to us;
• where we rely on the following legal bases:
consent; or
for the performance of a contract; and
• when the use of your personal data is carried out by automated (i.e. electronic) means.
Right to object to the use of your personal data
Summary of your rights - You have the right to object to the use of your personal data in certain circumstances and subject to certain exemptions. For example:
• where you have grounds relating to your particular situation and we use your personal data for our legitimate interests (or those of a
third party);
• if you object to the use of your personal data for direct marketing purposes; and
• where we use your personal data to take a decision which is based solely on automated processing where that decision produces a legal
effect or otherwise significantly affects you.
Right to withdraw consent
Summary of your rights - You have the right to withdraw your consent at any time where we rely on consent to use your personal data.
Right to complain to the relevant data protection authority
Summary of your rights - You have the right to complain to the relevant data protection authority, which is in the case of us, the Information Commissioner's Office (ICO), where you think we have not used your personal data in accordance with data protection law. The ICO's contact details are:
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
11 Third party links
Our Website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for how they handle your personal data. When you leave our Website, we encourage you to read the privacy notice of every website you visit.
12 Cookies
The Website uses cookies to distinguish you from other users of the Website. This helps us to provide you with a good experience when you browse the Website and also allows us to improve the Website.
13 Changes to our privacy policy
This Privacy Policy is available on the Morpeth U3A website. This policy may change from time to time. Members will be informed via the newsletter and the monthly meetings when any material changes are made to Morpeth U3As policies and procedures.
14 Queries
14.1 Queries regarding this policy or use of data
If you have any questions regarding this Privacy Policy or the way we use your personal data, please contact us by clicking CONTACT at the head of this page and send a email to the Chairman.
15 Adoption and Review
This policy was adopted on 4 November 2020
Policy review date: 4 November 2022
SCHEDULE 1
WHO IS PERSONAL DATA SHARED WITH?
Type of third party Examples
General - Our service providers and business partners
Examples - Our business partners, suppliers and sub-contractors for the performance of any contract we enter into with you (see Schedule 2)
General - Our professional advisers
Examples - Including accountants, lawyers and other professional advisers that assist us in carrying out our business activities.
General - Government authorities and third parties involved in court action
Examples - External agencies and organisations (including the police and other law enforcement agencies) for the purpose of complying with applicable legal and regulatory obligations.
Law Enforcement and Regulation
Police and law enforcement agencies
Examples - We may share personal data with the police and other law enforcement agencies in connection with the prevention and detection of crime
Regulatory bodies
Examples - We may share personal data with third parties if we are under a duty to disclose or share your personal data in order to comply with any legal obligation or instructions of a regulatory body (including in connection with a court order), or in order to enforce or apply the terms of any agreements we have with or otherwise concerning you (including agreements between you and us) or to protect our rights, property or safety of our clients, employees or other third parties
SCHEDULE 2
OUR SERVICE PROVIDERS AND BUSINESS PARTNERS
Name of third party Third Age Trust
Purpose - For Third Age Trust to provide membership support, advice and guidance
Name of third party Third Age Trust Trading Limited
Purpose - For Third Age Trust Trading Limited to provide various services