Privacy Policy and GDPR

Last updated: 2 August 2020 at 8:10 - NHS test and trace service for Covid-19
Shortlink: https://bit.ly/camlets-privacy

The General Data Protection Regulation (GDPR) is an important step in protecting the fundamental right of privacy for European citizens, and raises the bar for data protection, security and compliance in the industry. It becomes enforceable on May 25, 2018. The GDPR seeks to strengthen the security and protection of ‘person identifying data’ in the EU and serve as a single piece of legislation for all of the EU. It will replace the EU Data Protection Directive and all the local laws relating to it.

CamLETS hold and process data for the purpose of administering and hosting the trading scheme, enabling trade between members, communicating events and social information.

In order to comply with GDPR, we must have legal grounds to hold and process your information. We will continue to hold and process information according to contract and legal agreement (by virtue of your membership and yearly subscription), and vital interests of the organisation.

CamLETS is in an unusual position in that members generally wish to disclose and share personal information about themselves for the purpose of trading with other members. Personal information viewable by other members includes: your name/joint member, member number, telephone number, email address, neighbourhood, a short self-written biography, balance and trade history. Your full address can be seen only by yourself and the Core Group of CamLETS, including the member secretary and web manager.

Principles of GDPR - You and CamLETS

We, as the Core Group, acting on behalf of CamLETS, promise not to share the information we hold about you with anyone outside of the organization without your informed consent. As a CamLETS member, you have access to the contact and trade information of other members, and must agree to be held to equivalent standards as the Core Group in terms of proper handling of private information. Your annual membership renewal is an indication that you will abide by the Constitution and membership agreement.

You are required to be considerate, and must not share with any person outside of CamLETS the personal data of another member in any format (directories, printouts, email) , unless you receive that member’s permission.

You must use your best endeavours to keep your site login details safe, so as not to risk the security of your own and other members’ personal information. In particular:

  • Do not share your password with anyone. If you use the password reset facility on the site, be sure to change your password immediately afterwards. A good password should be easy to remember but difficult to guess - there are some helpful tips HERE on the internet
  • Do not include your email or telephone number in any offers or wants; the place for it is in your profile to ensure that only logged in members have access.
  • Do not share directories, printouts or other materials that have person identifying data of other CamLETS members with anyone outside of CamLETS.

CamLETS as Data Controller

We review our storage and processes regularly. The information below is correct as of May 2018. Please get in touch with the web manager at admin@camlets.org.uk or the chair at chair@camlets.org.uk with any concerns or for more information.

Data storage, processing and access

Website

Your details and data from trades are stored online in a database, and is accessible from http://camlets.org.uk by current members with a valid member ID and password. The website is managed and hosted by letslink.org in London UK.

Digital backups for website

The data is backed up at regular intervals, is stored in a secure encrypted location by the web manager for no more than one year, and is accessible only by them. This is to protect CamLETS from data loss should anything happen to the primary hosting server.

Development website

To help with website development and improvement, the data from the website is pseudonymised before use on the development server and protected by the same or better security as the live site.

Newsletters and website - hosting trade events, news articles

If you host an event in your home, you must give permission to us to distribute among other members your name, physical address and other contact details within newsletters, reminder emails, and the website. After the event has finished, the website will be updated and the address removed. However, your details will remain in email records of the members and in the archived newsletters on the website, and stored by the newsletter editor.

If you are a recent member, or have written or been included in an article, then some details may be included in the newsletter (name, member number, neighbourhood, email), and informed and specific permission will be asked for.

Membership records

Person identifying data for CamLETS members exist in documents both online and offline, ie in digital and print format. This data is stored securely and accessed by Core Group members authorised to manage the affairs of CamLETS as an organisation, including but not limited to membership subscriptions, trade activation, managing consent, sending newsletters and settling CAMS and sterling accounts.

Email updates, event reminders - use of your email address for communication

We send emails to all online members to communicate offers, wants and information about trade and social events.

Printed updates for offline members

We have a small number of members who choose not to use the website or email communication. We are committed to supporting them by periodically sending them the same information in a similar format as is available to members on the website and by email.

Printed member directory, offers and wants lists

The directory provides information to both online and offline members in a convenient printed format.

The member directory contains your full name, member number, neighbourhood, first part of postcode, telephone number, email address. The offers and wants booklet provides cross-reference via member number and full name.

This is an opt-in only directory. We will ask for your consent. You can withdraw your consent any time by contacting admin@camlets.org.uk.

NHS Test and Trace for Covid-19

We are required by the Government to request and keep details of all attendees of CamLETS social and trading events. We will only hold your data for the required 21 days. This data is will be stored in paper form, and then will be destroyed. Access to this data is restricted to the CamLETS core group in line with GDPR guidelines, and communicated with Test and Trace programme in case of a local outbreak.

More information about NHS Test and trace.

Your rights as subjects under GDPR

For full details and an explanation of your rights as data subject, please see https://gdpr-info.eu/chapter-3/

Article 15: Right of access

The information we hold is YOUR data. You can request access to your personal data held by CamLETS and to information about how it is processed.

Article 16: Right of rectification

If you believe any information we hold of yours is inaccurate – such as address, contact details,or trades – we will investigate and correct it. Please contact the website manager at admin@camlets.org.uk .

Article 17: Right of erasure

If you wish to terminate your membership of CamLETS, you will be asked how you would like to preserve your account data. Your account will be made inactive, and although records of your trading will remain in the database and in backups, they will not be viewable on the website by members. Your Cams balance will be dealt with according to the membership agreement.

However, it is your ‘right to be forgotten’ (https://gdpr-info.eu/art-17-gdpr/) and you may choose to have your information removed from the system and our records. We will do so in a way that will not jeopardise the integrity of the data, by using an anonymous marker, but without your name, email, or any contact information.


About CamLETS | Joining and costs | Constitution | Members' agreement | Privacy policy and GDPR | [Apply now]

Page last updated 2/08/20 by CT