Member Privacy Policy for Manchester Women’s Empowerment Group CIC
- Introduction
Purpose: This policy outlines how the Manchester Women’s Empowerment Group CIC (MWEG) collects, uses, and protects the personal data of its members in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
Scope: This policy applies to all MWEG members, including those who sign up for any of our membership plans and those who interact with our online platforms, such as our website and social media pages.
2. Data Collection
Types of Data Collected:
- Personal Information: We collect the minimum personal data necessary for membership purposes, including your name, contact details, date of birth, and emergency contact information. You may voluntarily provide additional information in your member profile.
- Membership Information: This includes details of your chosen membership plan, start date, renewal date, payment information, and communication preferences.
- Engagement Data: We may collect information about your interactions with MWEG, such as event attendance, forum posts, survey responses, and online platform activity. This may include your IP address, device information, and browsing activity on our website.
- Special Category Data: We only collect special category data, such as health or disability information, with your explicit consent and where necessary to make reasonable adjustments for your participation in our activities.
3. Lawful Basis for Processing
We process your personal data based on the following lawful bases:
- Contract: Processing is necessary for the performance of your membership contract.
- Legitimate Interests: Processing is necessary for our legitimate interests, such as improving our services, conducting research, and promoting MWEG activities, provided your interests and fundamental rights do not override these interests.
- Consent: We rely on your consent for specific processing activities, such as sending marketing communications or processing special category data. You can withdraw your consent at any time.
- Legal Obligation: Processing is necessary for compliance with our legal obligations.
4. Use of Data
We use your personal data for the following purposes:
- Membership Management: To administer your membership, provide benefits, and communicate with you about your membership.
- Service Delivery: To deliver MWEG services, including events, workshops, and online resources.
- Communication: To keep you informed about MWEG activities, news, and opportunities.
- Service Improvement: To analyze member data to understand needs and preferences, improve our services, and personalize your experience.
- Research and Analysis: To conduct research to better understand our members and inform our service development.
- Legal Compliance: To comply with our legal obligations, such as maintaining financial records and responding to legal requests.
5. Data Sharing
- Internal Sharing: Data is shared internally on a need-to-know basis for the purposes outlined in this policy.
- Third-Party Processors: We use carefully selected third-party processors to provide services such as payment processing, email marketing, and website hosting. We have contracts with these processors that ensure your data is protected.
- Legal Requirements: We may disclose your data to comply with legal obligations.
- With Your Consent: We will only share your data with other organizations or individuals with your explicit consent.
6. Data Security
We implement appropriate technical and organizational security measures to protect your personal data against unauthorized access, loss, destruction, or alteration. These measures include:
- Encryption: We use encryption to protect sensitive data both in transit and at rest.
- Access Controls: We restrict access to personal data to authorized personnel on a need-to-know basis.
- Security Assessments: We conduct regular security assessments and vulnerability scans to identify and address potential risks.
- Staff Training: We provide data protection training to our staff to ensure they understand their responsibilities.
7. Data Retention
We retain your personal data for no longer than necessary for the purposes for which it was collected and in accordance with our data retention schedule. We consider legal obligations, contractual requirements, and the legitimate interests of MWEG when determining retention periods.
8. Your Data Protection Rights
You have the following rights in relation to your personal data:
- Right of Access: You have the right to request access to your personal data.
- Right to Rectification: You have the right to request correction of any inaccurate or incomplete personal data.
- Right to Erasure: You have the right to request deletion of your personal data in certain circumstances, subject to exemptions.
- Right to Restriction of Processing: You have the right to request restriction of processing of your personal data in certain circumstances.
- Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.
- Right to Object: You have the right to object to the processing of your personal data based on legitimate interests or direct marketing.
9. Membership Cancellation
Upon cancellation of your membership, we will securely delete or anonymize your personal data according to our data retention schedule, unless we are required to retain it for legal or legitimate business purposes.
10. Contact Information
If you have any questions about this policy or wish to exercise your data protection rights, please contact our Privacy Officer/Legal Counsel at legal@womenempoweredmcr.org.
11. Policy Updates
We may update this policy from time to time. We will notify you of any significant changes.
Effective Date: 30/10/2024