u3a

Rayleigh Grange

Privacy Policy

Rayleigh Grange U3A Data Protection and Privacy Policy


ABOUT THIS POLICY


This policy applies to the Rayleigh Grange U3A (referred to as ‘the U3A’).

Rayleigh Grange uses the Third Age Trust “Beacon” system.

Beacon is a management system designed by U3As, for U3As and is GDPR compliant.

It provides a simple interface for managing members, groups and finances establishing roles and responsibilities to assure appropriate data access by U3A officers.


USING PERSONAL INFORMATION

New members to the U3A will be asked to provide the following personal information at registration time, including:

  • Name
  • Home address
  • Email address (if you have one)
  • Telephone numbers (Home and Mobile as appropriate)
  • ICE telephone number/s and names & consent for information given
    Provision of this information by the member will imply consent from GDPR perspective.
  • Personal information will be used:
  • To provide U3A activities and services to members.
  • For administration, planning and management of the U3A.
  • Liaison with the Third Age Trust for the distribution of the Third Age Matters and Sources (members may explicitly withhold
    consent if they do not wish to receive external U3A communications).
  • To monitor, develop and improve the provision of U3A activities.
  • To keep members fully informed of activities via the Monthly Newsletter. We may send messages by email, telephone, and post,
    to advise of U3A activities.

  • HOW LONG DO WE KEEP MEMBER PERSONAL INFORMATION?
    As Rayleigh Grange U3A uses the Beacon management system, records are retained within it until no longer required.
  • In the case of financial (HMRC), data information about your membership will generally not be stored for longer than 7 years after you have
    left the U3A or you withdraw your consent.

  • HOW MEMBER INFORMATION IS UPDATED OR CORRECTED
    Members can provide amendment to their personal information as and when necessary which will be updated and reflected
    throughout the Beacon system.
  • The annual renew process provides the Membership Secretary with the opportunity to validate member information.
  • Members may request the Membership Secretary to provide details of the personal information held on file by the U3A.
  • The information will be provided within 28 days of receipt of request.

  • ANCILLIARY USE OF PERSONAL INFORMATION
  • Images on the website/newsletter: - To make our website/newsletter as interesting and informative as possible, we often include
    photographs taken by members which may include other members. Where group photographs are being taken, if any member of
    the group does not wish to be in the photograph, please move out of shot.
  • Copyright Notice: - We make every effort on our website/newsletter to ensure that we only use our own images or copyright-free
    infringement of copyright, please contact the Website Editor/Newsletter Editor through the “Contact“ page of the website or in
    writing and the item will be removed immediately and without question.

  • AVAILABILITY AND CHANGES TO THIS POLICY
    This policy is available: -
  • On the Rayleigh Grange U3A website on the bottom of every page.
  • In a downloadable PDF format from the same page on the website.
  • By request in writing or email from the Membership Secretary through the “Contact” page of our website.
  • CONTACT
    If you have any queries about this policy or about the U3A’s privacy practices, please contact a member of the committee.
  • EMAILS
    Keeping Emails Private:
  • Much of the member communication to members is now done via Beacon which provides personal data privacy.
  • Where members or U3A officers send emails outside of the Beacon system we advise that they use the .bcc (blind copy) option of email applications when including multiple addressees.
    This will protect the personal data of other members in the address list.
  • In most cases, small groups opt to share email addresses and everyone is happy with this as they may wish to contact individuals for whatever reason.
  • However, you should consider when replying to an email whether everyone needs to know what you are saying, especially in large groups.
  • For example, if a member is given information about an event and the Group Leader asks the member to respond to confirm, the member should consider using just the REPLY option rather than the REPLY TO ALL option.


  • What happens if you don’t use email?
  • We understand that not everyone wishes or is able to use email. This is a personal choice.
    However, it is becoming increasingly difficult for the U3A to communicate effectively to members who do not use email.
  • We will try but we are all volunteers. You can help us by trying to agree an “email partner” (a friend or another member who uses email) –
    to keep you informed about what is going on.
  • Telephone numbers on the website:
  • We do not allow any telephone numbers on our website.
  • If you have any questions regarding email, please contact the Website Editor.

  • GUIDELINES FOR COMMITTEE MEMBERS AND GROUP LEADERS
  • Data should not be shared informally or outside of the U3A.
  • When extracting personal data from the Beacon system to manage external trips or performing analysis actions, for example, the personal data must continue to be controlled per GDPR requirements.
  • The U3A will provide training to Committee Members and Group Leaders to help them understand their responsibilities when handling personal data.
  • Where passwords are required, they must be strong and not easily guessable.

    GDPR DATA PROTECTION PRINCIPLES
    The General Data Protection Regulation identifies the following data protection principles.
  • Principle 1 - Personal data shall be processed lawfully, fairly and in a transparent manner.
  • Principle 2 - Personal data can only be collected for specified, explicit and legitimate purposes and
    not further processed in a manner that is incompatible with those purposes.
  • Principle 3 - The collection of personal data must be adequate, relevant and limited to what
    is necessary compared to the purpose for which it was collected.
  • Principle 4 – Personal data held should be accurate and, where necessary, kept up to date.
    Every reasonable step must be taken to ensure that personal data that is inaccurate
    is erased or rectified without delay.
  • Principle 5 – Personal data which is kept in a form which permits identification of individuals shall not
    be kept for longer than is necessary.
  • Principle 6 - Personal data must be processed in a manner that ensures appropriate security of
    the personal data, including protection against unauthorised or unlawful processing
    and against accidental loss, destruction or damage, using appropriate technical
    or organisational measures.
  • Principle 7 – Processes are in place to provide evidence of compliance to policy (Accountability).
  • Principle 8 - Any data on a contact form will be kept for 90 days
  • 26 May 2024
    Rayleigh Grange U3A GDPR policy.docx