So Make It holds members names and addresses as a requirement under the Companies Act, along with members email addresses, as a means of communicating with its members. As well as this, the members system holds details of payments made by the members as a membership fee.
Uses of personal data from the members system:
- Statutory Register and access under Companies Act 2006
- Confirming identity for signing up a new member
- Creation of new key fobs or adding members to a team
- Members inspecting their own records
- Reimbursing members for purchases made on behalf of So Make It
- Allowing members to access specific equipment via the members system API
- Tracking entry to the space via RFID tags
- As necessary for the running of the makerspace
- To contact members when necessary for the running of the space (e.g. general meetings, members meetings, unpaid membership fees, etc)
Notes on members system:
The statutory register (names and addresses of all current and past members) may be provided to any person with a legal reason to inspect or have a copy of it. The directors will only comply with requests for the register when they believe they are required to do so by law.
Individual members’ details may be viewed by a designated person if they have a legitimate need, primarily if a person wishes to become a member (and thus has their details checked), a new key fob needs to be issued, or if a person asks for confirmation that their membership is still active. Members may see their own records by logging into members.somakeit.org.uk
The directors appoint these designated people. In general, they are the members of the IT and membership (admin) teams, along with the directors themselves. Records will be kept in the members system of who has what access and where this is not practical, the directors will keep a record in the trustees Google Drive.
The IT team will only be allowed to view personal data in cases of a data breach or in a data migration, in which the integrity of the data is questioned.
Names and email addresses may be used for the creation of other internal accounts, to allow members to use space infrastructure. These details may be shared with third party systems to facilitate this, but accounts on third party systems will only be created upon request of that member.
Access logs and CCTV footage will be used:
- For security, such as in cases of suspected theft or destruction of property
- Ascertaining the cause of broken or missing equipment
- Ascertaining who has left the space in an untidy, unclean or dangerous state
- To monitor or confirm any reported misdeeds
- For insurance or law enforcement purposes
Data provided for the purposes of reimbursement will, by necessity, be provided to and saved with whichever payment provider is used (usually Barclays), and may be used again for future reimbursements. Receipts from reimbursements are stored in the Trustees Google drive and are only accessible to the trustees. These may be shared with HMRC and accountants in case of an audit.
Bank statements, sometimes containing names and details of members along with their membership ID, will be shared with a third party accounting software package and the accountants to facilitate the production of the annual accounts and any tax returns.
Completed Junior members’ forms will be kept in the safe or in the Google drive.
Surveys will have a short statement of how data is to be processed. Results should always be anonymised.
This does not cover the use of Slack, as it is the position of So Make It that this is covered by Slack’s policies. However, So Make It will not use or export non-public data from Slack unless required to do so by law.
The Wiki and any other services not authenticated through the Members System shall have their own policy, prepared by the IT team and authorised by a members meeting, or the directors where this is not practical.