Data protection law requires us to tell you why we hold personal data, what we hold, the source of the data, who can access it, and how long we keep it for. We also have to let you know your rights with regard to your personal data. This document sets out those details. It is mainly about Members, including Committee Members, but also applies to others whose contact information we hold (e.g. contractors, landlord, neighbours, environmental agencies). 

Some definitions may be useful. The law is called the ‘General Data Protection Regulation’ or ‘GDPR’. There is a lot of information about it on the Information Commissioner’s website (https://ico.org.uk/).

Thomson Terrace Allotments C.I.C.(‘TTACIA), ‘the Association’, or ‘us’ is what is known as a ‘Data Controller’. ‘Personal data’ means as any information by which you can be identified individually, for example, your name or phone number.

We may make changes to this Policy from time to time, to reflect any changes to our use of personal data, or to comply with changes in the Law or regulatory requirements. Substantive changes will be agreed by the Committee and Members will be informed.

If you have any questions about personal data that are not answered below, please contact the Association Secretary and data protection lead, Secretary@ttacic.org

Members: The Data we hold and how we hold it

Before you become a member there is usually email contact between you and a Committee Member. If you do not take up membership, it is not practical to delete these emails but they are not used.

Once you become a member, the main personal data we hold is your

• Name
• Address
• Phone number (landline and/or mobile)
• Email address
• Plot number

You are the source of this information, initially from your Membership Subscription Agreement, then changes

you notify us about. We keep this information in our electronic Membership file. The Secretary keeps the spreadsheet up to date with changes notified by you. Once a year, at membership subscription renewal/AGM time, members are prompted to let the Secretary have any changes to their details. The information held is also printed on the annual invoice sent individually to members, with a reminder to let the Secretary know if it is out of date.

A copy of your original, signed Membership Agreement is retained on paper in a file at the home of the Secretary or delegated Committee member.

As well as the Membership file, we use other electronic files to manage our finances and audits. All these files are held on the responsible Committee members’ computers or on secure ‘Cloud’ storage (Microsoft OneCloud) to which the Secretary and Treasurer have access to.

They may also be emailed between Committee members on a need-to-know basis.

We use WhatsApp and email to handle one-to-one administration and communication. For bulk emailing (usually AGM, EGM and rent notices), we use a group email via Outlook and never sell your data.

When you come to a working party, we record your name and plot number on paper, which is subsequently transcribed and circulated around the Committee by email.

The Committee holds a management meeting once a month. Electronic committee minutes, which may refer to member names and plot numbers, are emailed to Committee members. In the future, we intend to store minutes securely in the ‘Cloud’.

Once a year, TTACIC holds an AGM. The minutes of the AGM, including names and plot numbers of attendees, are posted on our website.

Our bank account is with Metro Bank. Committee members who are signatories on the bank account are able to see Metro Bank statement of members’ electronic payments.

When you end your membership there is likely to be a period during which TTACIC still need to contact you, for example, about returning key deposits and clearing your plot. We may therefore continue to use your contact details after your membership ends, but only for the purpose of resolving any outstanding matters.

Non-members: the data we hold and how we hold it.

Members of the Committee hold personal data (largely names and contact information) about non- Members, for example contractors who do work for us onsite, suppliers and other agencies and stakeholders of various kinds (Oxford City Council, RHJYC, ODFAA, environmental agencies, those whose venues we book…) They may be held electronically and access from home computers, or via Smartphones, or on paper. Where such informatioon is not in the public domain, and has been provided only to manage TTACIC business, its use is limited to that business and will be viewed only by the Committee. The retention period will depend on the nature of the relationship with TTACIC and whether further contact is likely to be necessary. In the case of data linked to contractual arrangements, it will normally be 6 years.

The Legal basis on which we hold personal data

Data protection law has six possible bases on which to hold personal data. Membership data is held on the basis of ‘Legitimate Interests’. This means in ways one would ‘reasonably expect…and which have a minimal privacy impact, or where there is a compelling justification for the processing’ (see https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulationgdpr/ lawful-basis-for-processing/legitimate-interests/).

The data we hold on non-members, such as contractors and other agencies, may be on the basis of legitimate interests or on a contractual basis.

The Purposes for which we hold personal data

The over-arching purpose for holding personal data is the administration of the Association and the custodianship of the Thomson Terrace Allotments C.I.C (‘the Site’). In detail, this means

• The management of prospective members (waiting list, site tours…).
• The offer of a plot, acceptance of a plot and associated terms. 
• Any moves from one plot to another, additional plots. 
• Relinquishing of plots, and termination of membership.
• Payment for membership, the plot and associated sundries. 
• The management of key deposits. 
• Payment for services.The management of permissions associated with plots (e.g. shed and tree permissions).
• Communication about the site and plots (e.g. social events, working parties, policy reminders, gardening advice, shop opening hours…). Communication on individual
• circumstances affecting the plot holder or plot. 
• Communication about the Association (e.g.AGM). 
• Communication about ODFAA (Oxford and District Federation of Allotment Associations, Oxford’s allotment umbrella group), to which TTACIC belongs.
• Communication about contracts, leases, insurance and so on.
• Issues with plots, and enforcement of site and plot rules, including any follow-up required with individual members and co-workers, within and outside of the regular audit process.
• Urgent contact for plot or site problems.
• Recording the history of plots over time, including characteristics and problems associated with that plot.
• Recording of sales at the Trading Shed/Shop.
• Recording Working Party attendance.
• Management of the Site and Association as a whole, for example, meeting minutes, analysis of plot vacancies, late payments, working party hours.
• Engaging and managing external suppliers, service providers and contractors.
• Relationships with key stakeholders (e.g. landlord, insurers, neighbours, environmental agencies) so that we can work together on necessaray joint arrangements, handle issues etc.

Your Rights Who can access personal data and how long is it kept for ordinary members 

If you are an ordinary member (i.e. not a Committee member), the only people who have access to your personal details are Committee Members.

Our files are kept for up to 6 years (we have had membership and payment queries after many years). After this, they are destroyed.

When a Committee member stands down, they hand over their files to their successor. It is not practical for all old emails to be deleted, but they are not used.

Committee Members

The names of all Committee members are in the public domain. It is occasionally necessary for their contact details to be shared with outside bodies, for example, for the purposes of insurance.

Confidential and sensitive information

Members may from time to time share confidential information with the Committee, for example if illness or family problems are making it difficult to maintain their plot, or where financial problems are making payment difficult. This information is only shared between Committee members, and only on a ‘need to know’ basis.

Data protection law gives you certain rights. Full details are available on the Information Commissioner’s website. For a small organisation like ours with relatively simple records, the relevant rights are for you to see what data we hold about you and to correct any errors in it. For

Members, when we send you your annual subscription notice, we include the address and email details that we hold, so that you can check they are correct.

You can contact the Secretary (Secretary@ttacic.org) at any time to confirm what details we hold on record for you.

You also have a right to complain to the supervising authority, ie. to The Information Commissioner’s Office (ico.org.uk)