1. Reasons for keeping data:
To keep all who support York People’s Assembly informed and up to date, through agendas, minutes, invitations to events, appeals and general information pertaining to the issues York People’s Assembly raises.
2. Types of data kept: Names and email addresses.
3. Storage of information:
York People’s Assembly does not store personal information, except where necessary for the administration of events or petitions, in which cases the information is kept for the minimum time.
York People’s Assembly uses Third Party web-based services (MailChimp, GoogleGroups, Eventbrite, Paypal and others it chooses from time to time) to store and handle data, including credit/debit card payments. Each of these services is governed by its own Privacy Notice, which can usually be found on that service’s website.
York People’s Assembly does not pass information on to other people or bodies without the individual’s consent, unless it is a legal or regulatory requirement to do so.
Where York People’s Assembly collects personal information on a petition or through any similar campaign activity, this data will be shared ‘as is’ with the relevant target, as indicated. An example of this would be an MP or Government Minister, who may make contact with the participant as allowed by law.
4. Consent to receiving communications.
York People’s Assembly will only add email addresses to its contact lists where it has the explicit consent of the individual to do so (explicit opt-in).
York People’s Assembly may contact those who have supplied an email as part of event registration, where the communication is directly relevant to the proceeding of the event, and once after the event for the purposes of feedback.
Individuals may remove themselves from lists by use of the automated ‘unsubscribe’ feature included in every email. Where this proves difficult, individuals may contact York People’s Assembly directly to request this, at which point they shall be removed without further question as soon as practicable.
5. Security of data
The personal information that York People’s Assembly stores is kept in password-protected accounts. York People’s Assembly has no access to credit/debit card information provided through Third Party web services. Where information is recorded on paper, it is stored securely and destroyed as soon as it is transferred to a password-protected web service or (for events) the event has taken place.
6. Data breaches.
York People’s Assembly takes the safeguarding of data very seriously, and acts to protect data from loss whether by accident or criminal activity. If a breach occurs, where data is accessed or could be accessed by a party not allowed access, The Data Controller, on behalf of York People’s Assembly, will report the incident as required by the GDPR regulations, within 72 hours.