Data Use & Protection: Difference between revisions
Jc4freegle (talk | contribs) No edit summary |
Jc4freegle (talk | contribs) No edit summary |
||
Line 14: | Line 14: | ||
| 1. The Freegle System || The majority of data freegle has is kept in the system we call Freegle Direct see [http://ilovefreegle.org].<br> This is where all groups are held (apart from those in Norfolk [http://www.norfolkfreegle.org/] and the few groups still only on Yahoo groups) and the freegle posts are shown. As Freegle Direct works with Yahoo groups where they can co-exist then Yahoo does keep other data that Freegle itself doesn't keep. Also Freegle Direct allows users to login using their Google, Yahoo or Facebook credentials that are authenticated by those services, so the data kept and the compliance of those companies with the legislation is up to them.|| Membership Details (email and Postcode)<br> Address Book (Postcode & user supplied directions text) | | 1. The Freegle System || The majority of data freegle has is kept in the system we call Freegle Direct see [http://ilovefreegle.org].<br> This is where all groups are held (apart from those in Norfolk [http://www.norfolkfreegle.org/] and the few groups still only on Yahoo groups) and the freegle posts are shown. As Freegle Direct works with Yahoo groups where they can co-exist then Yahoo does keep other data that Freegle itself doesn't keep. Also Freegle Direct allows users to login using their Google, Yahoo or Facebook credentials that are authenticated by those services, so the data kept and the compliance of those companies with the legislation is up to them.|| Membership Details (email and Postcode)<br> Address Book (Postcode & user supplied directions text) | ||
|- | |- | ||
| 2. National | | 2. National volunteers || The national volunteers who run things for Freegle that aren't directly for a local groups, they keep data about their areas such as finance, media and IT development etc. We surveyed these volunteers and essentially they keep limited personal data such as email addresses and in some cases postal addresses. These tend to be kept in local or group email accounts and in Google docs with restricted access. || Email contacts (email address)<br> Board Member & Shareholders postal details | ||
|- | |||
| 3. Local groups volunteers || Local volunteers tend to only have personal data of local members such as their email addresses for when they are dealing with queries and other may keep information about how the group is running. We are currently (Sept 2017) looking into what local groups typically keep so we can advise them and come up with the appropriate guidance and policy. | |||
Line 54: | Line 54: | ||
| Right to Access & Data Portability || You can obtain confirmation from an organisation if they are processing your personal data. You also have the right to get a copy of any personal data held in a standard electronic format, so you can transfer it to other organisations. || Freegle will be adding in a function under the settings tab to enable you to download all of your personal data and settings. | | Right to Access & Data Portability || You can obtain confirmation from an organisation if they are processing your personal data. You also have the right to get a copy of any personal data held in a standard electronic format, so you can transfer it to other organisations. || Freegle will be adding in a function under the settings tab to enable you to download all of your personal data and settings. | ||
|- | |- | ||
| Right to be forgotten || This means that you have the right to have your personal data erased on request, or if it is no longer relevant to the processing that consent was given for. || Freegle will enable you to have erased the personal data in the Address Book function. However if you want to erase your membership data then it will mean that your membership login will be deleted. | | Right to be forgotten || This means that you have the right to have your personal data erased on request, or if it is no longer relevant to the processing that consent was given for. || Freegle will enable you to have erased the personal data in the Address Book function. However if you want to erase your membership data then it will mean that your membership login will be deleted. In addition policy and guidance will ensure that we keep the minimum data needed only for the time its appropriate. | ||
|- | |- | ||
| Privacy by Design || This means that the systems your data is held on need to be designed to keep the minimum data necessary for the completion of its duties (data minimisation), as well as limiting the access to personal data to those needing to act out the processing. || Freegle already has access protection in for its Freegle Direct system and keeps the least personal data possible to deliver the Freegle services. | | Privacy by Design || This means that the systems your data is held on need to be designed to keep the minimum data necessary for the completion of its duties (data minimisation), as well as limiting the access to personal data to those needing to act out the processing. || Freegle already has access protection in for its Freegle Direct system and keeps the least personal data possible to deliver the Freegle services. | ||
Line 82: | Line 82: | ||
== What about users of TrashNothing? == | == What about users of TrashNothing? == | ||
Trashnothing is a system that fronts Freegle and other systems such as Freecycle. If you have | Trashnothing is a system that fronts Freegle and other systems such as Freecycle. If you have a TrashNothing account then the TrashNothing system keeps your membership details (email address & Postcode) and any Freegle group in connects you with also has this data. Trashnothing has its own Data Protection mechanisms, for more information see here [https://trashnothing.com/privacy]. | ||
== Useful Links == | == Useful Links == |
Revision as of 18:19, 15 September 2017
This page is to explain what personal data Freegle keeps, why it keeps it and what it does with it, it terms of processing, protecting and deleting it. Hopefully this is a straight forward explanation for freegle volunteers and members. There is also a link to our Data Protection Policy which is more detailed and it so we can show our compliance to relevant data protection legislation.
Where does Freegle keep data?
There are three areas that we need to consider when we talk about where the Freegle organisation keeps personal data:
Area | Description | Personal Data types held | |||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
1. The Freegle System | The majority of data freegle has is kept in the system we call Freegle Direct see [1]. This is where all groups are held (apart from those in Norfolk [2] and the few groups still only on Yahoo groups) and the freegle posts are shown. As Freegle Direct works with Yahoo groups where they can co-exist then Yahoo does keep other data that Freegle itself doesn't keep. Also Freegle Direct allows users to login using their Google, Yahoo or Facebook credentials that are authenticated by those services, so the data kept and the compliance of those companies with the legislation is up to them. |
Membership Details (email and Postcode) Address Book (Postcode & user supplied directions text) | |||||||||||||||||||||||||||||
2. National volunteers | The national volunteers who run things for Freegle that aren't directly for a local groups, they keep data about their areas such as finance, media and IT development etc. We surveyed these volunteers and essentially they keep limited personal data such as email addresses and in some cases postal addresses. These tend to be kept in local or group email accounts and in Google docs with restricted access. | Email contacts (email address) Board Member & Shareholders postal details | |||||||||||||||||||||||||||||
3. Local groups volunteers | Local volunteers tend to only have personal data of local members such as their email addresses for when they are dealing with queries and other may keep information about how the group is running. We are currently (Sept 2017) looking into what local groups typically keep so we can advise them and come up with the appropriate guidance and policy.
What Personal Data does Freegle keep on its system?Freegle keeps little personal data, and nothing that would be called sensitive. Personal Data on Freegle Direct :
Although this information may not directly identify an individual, it may do if their real name was in their email address.
How does Freegle ensure it complies with Data Protection Law?Freegle relies on trust to continue to work. Therefore it takes its responsibilities seriously around data protection. We fully comply with current UK law in this area, even though we are not required by the Information Commissioner's Office to register. We are currently reviewing what we do to ensure that we are compliant with the new EU laws called the General Data Protection Regulation, commonly known as GDPR [3] for short that takes effect from 25th April 2018. The UK government have stated that they will be transferring GDPR into UK law, so it will be relevant post any Brexit decisions. Key Elements of GDPR and what Freegle are doing
What about groups that are on Yahoo GroupsThere are two types of groups that use the Yahoo Groups system. 1. Freegle groups that use Yahoo Groups system only - These groups come under the policies of Yahoo in terms of compliance with Data Protection Laws, however we expect the Freegle volunteers who run these groups to comply with any policies and guidance for Data Protection published by the Freegle board. So for instance Yahoo would need to supply a way of users having access to their records (Right to access), however we would expect the group volunteers to deal with issues such as ensuring members were notified about a breach if Yahoo were first to tell group owners. 2. Freegle groups that are linked to the Freegle System - These groups will utilise the functions of both Yahoo and Freegle systems to comply with the regulations. This may cause some members a little confusion if they are registered with both systems. So volunteers will be asked to ensure that policy and guidance is followed in instances such as deleting data (The right to be forgotten) that members are reminded to delete from both systems. Where practical the Freegle system will take deletions made in Yahoo as a signal to remove the user data from the Freegle system, however this does not work the other way around. What about groups on the Norfolk Freegle system?The Norfolk system is a separate system from the main Freegle system. Therefore, it will have its own mechanisms to satisfy the Data Protection laws whilst coming under the general Freegle Data Protection policies. For more information on the Norfolk system you can click here [4] What about users of TrashNothing?Trashnothing is a system that fronts Freegle and other systems such as Freecycle. If you have a TrashNothing account then the TrashNothing system keeps your membership details (email address & Postcode) and any Freegle group in connects you with also has this data. Trashnothing has its own Data Protection mechanisms, for more information see here [5]. Useful Links
|