Data Privacy & GDPR compliance

SECTION  19  –  PRIVACY  POLICY

GDPR Compliance

 By joining or renewing membership of the Teulada – Moraira U3A members agree that information members provide to the U3A will be stored on computers and servers in Spain and abroad.

Their data will be used only to communicate with members and manage their membership and its use will be restricted within the U3A and not communicated to third parties under any circumstances.

If members leave the U3A or do not renew their membership, their data will be removed from our IT systems, although it may be retained in our archival records.

Members can ask to view, amend or delete  the information we hold about themselves at any time by emailing the Membership Secretary: membership@u3amoraira-teulada.org

Data Protection Procedures

  • The  Membership Secretary maintains the membership database.
  • A full copy of the membership list is sent to the Travel Group Coordinator each month.
  • An abridged version (excluding email addresses and telephone numbers) is also sent to the Groups Coordinator for onward distribution to Group leaders and the Facebook administrator to enable them to check that members of their groups are members of Teulada – Moraira U3A.  The abridged version is also sent to the Social Events Organiser from time to time when membership needs to be checked for participation in social events.
  • A subscriber list is also held securely on the U3A’s email system for those members who have provided email addresses in order to be sent communications.
  • Application  forms are held for a minimum of 6 years.
  • Group leaders maintain lists of the membership of their own groups for the sole purpose of communication about the group’s activities. Such information is required to be held securely.
  • Communications  via email with members or members of groups must be done so that members’ email addresses are not disclosed.  This is achieved by sending emails using bcc (blind copy)
  • When  group leaders relinquish their position, they must give the membership information to the incoming group leader and the Groups Coordinator.  They must also delete the information from any of their devices.
  • When any other members hold contact details, they must delete the information from all their devices when their official purpose has come to an end.
  • Official U3A email accounts should not be used for personal correspondence. Emails sent to U3A, its groups or officials can be accessed by the addressee and/or other officials. Web administrators have access to mail servers and email accounts.
  • From time to time photographs are taken at U3A events or meetings. If you do not wish your photograph to be published please contact the Membership Secretary.

Monitoring the policy

The Vice President is the person responsible for monitoring the effectiveness of this policy and its contents

Data Breach Monitoring

Any breach of this policy or procedures must be notified to the President.

The President shall contact the relevant U3A members to inform them of the data breach and action taken to resolve the breach.

The President shall also notify the relevant authorities if the breach is a notifiable event as described under the law.

If a data breach occurs, action shall be taken to minimise the harm by ensuring all Committee Members are aware that a breach has taken place and take steps to identify how the breach has occurred. The Committee shall then seek to rectify the cause of the breach as soon as possible to prevent any further breaches.

The Committee will assess the risk( if any ) caused to any of its members by the breach