Difference between revisions of "GDPR"

From Leicester Hackspace
Jump to: navigation, search
 
(12 intermediate revisions by the same user not shown)
Line 1: Line 1:
 
==Why and What Data is Collected==
 
==Why and What Data is Collected==
New members data is collected via a membership application form.
+
New members fill out  a membership application form with the following fields:
 +
*Title
 +
*First name
 +
*Surname
 +
*Postal Address
 +
*Email Address
  
 
The Hackspace is set up as a “Company Limited by Guarantee” and one of the legal requirements is for current and past members postal addresses to be stored for 10 years.
 
The Hackspace is set up as a “Company Limited by Guarantee” and one of the legal requirements is for current and past members postal addresses to be stored for 10 years.
Line 6: Line 11:
 
For ease of operation the Hackspace communicates with members using email via mailchimp and the Slack Social media App.
 
For ease of operation the Hackspace communicates with members using email via mailchimp and the Slack Social media App.
  
All of the above is mandatory for the Hackspace to operate.
+
All of the captured data  is necessary for the Hackspace to operate.
  
 
There is an optional field on the form for interests so that the Hackspace can put new members in contact with existing members having a similar interest.
 
There is an optional field on the form for interests so that the Hackspace can put new members in contact with existing members having a similar interest.
Line 13: Line 18:
 
The Hackspace membership form allocates a membership number.
 
The Hackspace membership form allocates a membership number.
  
 +
New members ID is confirmed by two pieces of ID, one being a Photo ID and the second a letter with their address on. There is a field on the form to capture this information.
  
 
==Data Processing ==
 
==Data Processing ==
Line 89: Line 95:
 
HMIS processes the bank statement and flags payments from new members and members for which no payment has been received.
 
HMIS processes the bank statement and flags payments from new members and members for which no payment has been received.
  
 +
Some members pay using Paypal, the above process is repeated for the Paypal statement.
  
 
New members then receive a welcome email from the Hackspace gmail account with instructions on how to gain access to the Hackspace, and an invitation to join Slack. Their name and email address is entered into mail chimp to receive emails from the Hackspace, e.g. calling notices for meetings.
 
New members then receive a welcome email from the Hackspace gmail account with instructions on how to gain access to the Hackspace, and an invitation to join Slack. Their name and email address is entered into mail chimp to receive emails from the Hackspace, e.g. calling notices for meetings.
Line 104: Line 111:
  
 
==Server Physical location==
 
==Server Physical location==
some of the following is not for this section but needs documenting somewhere for new Directors
+
Currently the Hackspace has access to 3 servers
 +
*Obsidian located in germany
 +
**The Obsidian server currently hosts the live copy of HMIS and the mail exploder. JP has access to this server and knows how to edit and update the Mail exploder which uses Postfix?
  
*how many?
+
*Linode located in London
 +
**There are currently two machines app1 and app2.This is currently used to host a test copy of HMIS incorporating changes for RFID access. The plan is to port the software from Obsidian to Linode.
 +
 
 +
*Ahmeds Server
 +
**This currently hosts the website, the Wiki was closed down due to a large number of spam users.
 +
 
 +
== IT ==
 +
This section attempts to list all of the IT activities, detailing where accounts are needed , what services are paid for and how.
 +
 
 +
The domain name leicesterhackspace.org.uk is registered with '''''?''''' This has to be paid for every '''''x''''' years by '''''?''''' It points to an IP address hosted by '''''DNSimple''''' which is again a paid for service, has to be paid every '''''? years by ?'''''
 +
 
 +
When an email address of the form anything@leicesterhackspace.org.uk on the internet it is routed through to the mailexploder currently residing on the Obsidian server. For every "anything" tag there is a list of email addresses which the email is then forwarded to. As an example, directors@leicesterhackspace.org.uk would be forwarded to the email address of every current director.
 +
 
 +
===hackspaceleicester google group===
 +
A google group hackspaceleicester has been created to enable storage of documents and transmission of hackspace emails. The user login and password is shared by the directors.
 +
 
 +
A google calendar is created from ? not this account?
 
*HMIS?
 
*HMIS?
 
*RFID access
 
*RFID access
 
*WIKI?
 
*WIKI?
 
*website
 
*website
*www.leicesterhackspace.org site, is this a google group?
+
*
*hackspaceleicester google group
+
 
*email exploder
 
 
*bank account
 
*bank account
 
*paypal account
 
*paypal account
 
*mailchimp
 
*mailchimp
 +
*generation of new membership form

Latest revision as of 09:23, 5 July 2018

Why and What Data is Collected

New members fill out a membership application form with the following fields:

  • Title
  • First name
  • Surname
  • Postal Address
  • Email Address

The Hackspace is set up as a “Company Limited by Guarantee” and one of the legal requirements is for current and past members postal addresses to be stored for 10 years.

For ease of operation the Hackspace communicates with members using email via mailchimp and the Slack Social media App.

All of the captured data is necessary for the Hackspace to operate.

There is an optional field on the form for interests so that the Hackspace can put new members in contact with existing members having a similar interest.


The Hackspace membership form allocates a membership number.

New members ID is confirmed by two pieces of ID, one being a Photo ID and the second a letter with their address on. There is a field on the form to capture this information.

Data Processing

The GPDR states that data may not be processed unless there is at least one lawful basis to do so. There are two statements which apply to the Hackspace:


Processing is necessary for compliance with a legal obligation to which the controller (Hackspace) is subject.

  • Retention of members postal address for 10 years

Processing is necessary for the purposes of the legitimate interests pursued by the controller. (Hackspace)

  • Processing of payments and communication via email


This means that the Hackspace does not have to explicitly obtains members consent to store and process their information. ( However, the latest membership application form does have two tick boxes which inform the member that their information will be stored on a computer system and that they agree to receive occasional emails from the Hackspace.)


As a reminder, the Hackspace does not pass members email addresses onto any third parties .


Also, if you want to see a copy of your information stored in the Hackspace Management Information System (HMIS), email directors@leicesterhackspace.org.uk .


If you want to know how your data is stored , processed etc, then read on!

Where is my information stored?

The original paper membership forms are stored in the Hackspace in a locked filing cabinet.

Only directors and any member involved with the registration of new members have access to the filing cabinet.


All information captured on the application form is stored in HMIS. For the physical location of the HMIS server see later section.


HMIS is updated if any members information is changed, the original paper copies are not updated.


Email addresses, Given name, Surname and membership number are stored in Mailchimp for important communications to all members.


Access to HMIS and Mailchimp is restricted to Directors and members of the IT team.

Social Media


The Hackspace uses Slack for communications between members, new members email addresses are added to Slack and members invited to join. This is the preferred communication means between members on a regular basis. There are a number of channels which members can subscribe to, according to their interests. As a minimum it is recommended that members subscribe to

general - used for ad hoc communication events - used to inform members of internal and external events where help may be required. A specific channel may then be created for a particular event, e.g. creat-a-con Calendar - the Calendar on the website automatically posts to this channel


Facebook, Meetups and Twitter are used to publicise events to the general public. Membership of these groups is optional and initiated by the Hackspace member.


With their agreement event hosts may have their email address published on any of the above Social Media and the Hackspace website via the Google Calendar on the Diary page.


Members photographs may appear on the website if they have attended events where the Hackspace has participated.

Google Group was used in the early days of the Hackspace for member communication. Membership was voluntary. It has been suggested that this is closed down as it has been superseded by Slack .

Processing of Members Information

When an approved application form is received, all of the details are entered into HMIS.

On a monthly (more frequently if new members have joined) basis the membership secretary downloads the bank statement and imports it into HMIS.


HMIS processes the bank statement and flags payments from new members and members for which no payment has been received.

Some members pay using Paypal, the above process is repeated for the Paypal statement.

New members then receive a welcome email from the Hackspace gmail account with instructions on how to gain access to the Hackspace, and an invitation to join Slack. Their name and email address is entered into mail chimp to receive emails from the Hackspace, e.g. calling notices for meetings.


Members who fail to pay will be contacted by the membership secretary. If they have left the Hackspace their status is set to former.


Former members will have their details deleted from HMIS after 10 years.

How can my data be deleted?

As stated above, postal address can only be deleted 10 years after a member has left the hackspace. A former member will however be deleted from Slack and mailchimp.

Server Physical location

Currently the Hackspace has access to 3 servers

  • Obsidian located in germany
    • The Obsidian server currently hosts the live copy of HMIS and the mail exploder. JP has access to this server and knows how to edit and update the Mail exploder which uses Postfix?
  • Linode located in London
    • There are currently two machines app1 and app2.This is currently used to host a test copy of HMIS incorporating changes for RFID access. The plan is to port the software from Obsidian to Linode.
  • Ahmeds Server
    • This currently hosts the website, the Wiki was closed down due to a large number of spam users.

IT

This section attempts to list all of the IT activities, detailing where accounts are needed , what services are paid for and how.

The domain name leicesterhackspace.org.uk is registered with ? This has to be paid for every x years by ? It points to an IP address hosted by DNSimple which is again a paid for service, has to be paid every ? years by ?

When an email address of the form anything@leicesterhackspace.org.uk on the internet it is routed through to the mailexploder currently residing on the Obsidian server. For every "anything" tag there is a list of email addresses which the email is then forwarded to. As an example, directors@leicesterhackspace.org.uk would be forwarded to the email address of every current director.

hackspaceleicester google group

A google group hackspaceleicester has been created to enable storage of documents and transmission of hackspace emails. The user login and password is shared by the directors.

A google calendar is created from ? not this account?

  • HMIS?
  • RFID access
  • WIKI?
  • website
  • bank account
  • paypal account
  • mailchimp
  • generation of new membership form