GDPR and Privacy Policy

The Organization

This is the data privacy policy for Nottingham Hackspace Ltd.

Nottingham Hackspace are classified as a small organisation and do not have a dedicated data protection officer but the trustees will respond to any data enquiries and requests.

General enquiries should be send to:

trustees@nottinghack.org.uk

or posted to Nottingham Hackspace Limited registered office address:

Trustees, Nottingham Hackspace
Unit F6, Roden House,
Roden St,
Nottingham,
NG3 1JH

Your Rights

You may have the right at any time to request access to, rectification or erasure of your personal data; to restrict or object to certain kinds of processing of your personal data; to the portability of your personal data, and to complain to ICO about the processing of your personal data.

Standard exemptions to this policy apply - more information is available on the ICO website: https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/exemptions/a-guide-to-the-data-protection-exemptions/

Data Colleciton and Processing

Definitions

Member - an active, paying individual who may access the hackspace.

Individual - a person who may become, is currently, or has been in the past a member of the hackspace.

Account removal - an explicit request to decouple information from personally identifiable information (PII).

Membership Data

When you join the Hackspace, we collect, process and store certain personal information for the following reasons:

  • Legal Obligation - When applying to join the Hackspace your address will be checked to see that it is a valid address. As a Company Limited by Guarantee, we are required to keep up to date names and addresses for all members for at least ten years of remaining a member.

  • Contractual - Your Email Address is the primary method we will use to contact you about company-related information, such as Events, Elections and General Meetings, or if there is a problem. We also store your phone number, which is used if we cannot get in touch by email, or in the event of an emergency. You may be contacted by a trustee or member of the membership team.

  • Legitimate Interest - You may be contacted if there is misuse of the Hackspace, tools, storage, if there is a complaint about you, or if you were using the space at the time of a complaint. We store as minimal information pertaining to a member as practical, while retaining the ability to offer access to the hackspace. We store information about rule infractions and complaints about members necessary for enforcing the Hackspace Rules.

Membership Data Deletion

  • We will store enough information to identify a permanently banned individual from the Hackspace for the length of their ban plus the ten years defined by our legal obligations.

  • We will store rule infraction / complaint information for as long as the individual wishes to retain their account, plus the ten years defined by our legal obligations.

  • All personal information will be held indefinitely for as long as the member wishes to have an account. This enables an individual to rejoin the hackspace at any time in the future without needing to re-attend a tour. Removal of this information may be requested by contacting the trustees, except for name and address, which we are legally obligated to retain for a further ten years.

  • RFID entry logs are retained indefinitely unless a request for account deletion is made.

Space Access

When you access the Hackspace we collect, process and store information to identify who has entered the space and at what time.

  • Legitimate Interest - We log timed RFID door openings to the Hackspace indefinitely, for security reasons in case of unauthorized entry, investigations into a complaint, aggregated membership statistics (available on HMS), and to allow us to resolve any issues with the entry system.

  • Legitimate Interest - We may post the details of banned members to the Hackspace Management System, and near the doors to help identify people who should no longer be using the space.

  • Legitimate Interest - Most of the Hackspace Doors log access time and RFID used, and we may use these logs to help identify members who were in the space if there is space or tool misuse, or complaints.

  • Legitimate Interest – If you disclose accessibility requirements to us, they will be documented. This is to cover exceptions to normal rules, such as the location of your member’s box.

RFID Controlled Tool Usage

When you use an RFID controlled tools we collect, process and store information to identify who has accessed the tool, at what time and for how long.

  • Legitimate Interest - We collect and store information about tool bookings. If you book tools your booking information is available to others about the time of the booking via the tool booking calendar.

  • Legitimate Interest - We log user access to RFID controlled tools for tool-maintenance and statistics (how much use it’s had), health and safety (whether the member has been inducted), and investigative purposes (in the event of a breach of rules or complaint). This information is retained indefinitely to guide future tool purchasing decisions, but may be decoupled from an individual upon receiving a request for account removal.

  • Legitimate Interest – We store information about the member usage of tools and the machine settings in use where this can show tool misuse.

  • Legal Obligation - We log user access to RFID controlled tools for billing purposes. This is retained by the Hackspace for at least 7 years as required by HMRC for business tax purposes.

Membership Payment Data

We do not store or process payment card information. Membership payments are made by standing order. The payment amount is reconciled against an account using a unique, randomly generated payment reference taken from the transaction’s description.

  • Legitimate Interest – Membership Payments are stored indefinitely for accounting purposes and may be decoupled from PII after 7 years upon a request for account removal. Historic payments are required to determine the status of an account if they wish to resume a lapsed membership to the hackspace.

  • Legal Obligation – We retain all membership payment transactions for the purposes of accounting. This is required to be retained at least 7 years, as required by HMRC for business tax purposes. This information may be anonymised after 7 years from the transaction’s date, upon a request for account removal.

  • Legal Obligation - Details of payments that are less than the membership threshold are stored, even if hackspace membership is not granted.

  • Legitimate Interest - We may contact you regarding the amount or frequency of membership payments to the space.

Internal Communication

The hackspace is run entirely by volunteers - this includes the trustees volunteering their time to coordinate the running of the hackspace. Occasionally it is necessary for a trustee or volunteer to refer to a specific member by their name or username.

  • Legitimate Interest - We may refer to you by your full name of HMS username in internal communications during organisational processes. This includes, but is not limited to, our grievance and complaints policy.

Snackspace and Donations Payment Data

Snackspace allows members to purchase items from vending machines, membership boxes and tool time in advanced. We rely on an external service (Stripe, Inc.) for handling payment processing of top-ups of Snackspace balance, or occasional donations to the space using the Hackspace Management System.

  • Legitimate Interest – Snackspace transactions are held indefinitely to enable use of paid tools, the purchase of items from vending machines, and purchasing of a member’s box.

  • Legal Obligation - We retain all snackspace transactions for the purposes of accounting. This is required to be retained at least 7 years, as required by HMRC for business tax purposes. This information may be anonymised after 7 years from the transaction’s date, upon a request for account removal.

Wiki Data

The hackspace provides a publicly available wiki which members can use to share information relating to the hackspace or projects.

  • Legitimate Interest – Contributions to the Wiki are made at member’s own risk and retained indefinitely to preserve the history of edits. An individuals contribution history may be anonymised and decoupled from their account by requesting an account removal.

Shared Storage and Shell Access

The hackspace provides a shared storage space (e.g. “JARVIS”) for convenient transfer of files between computers within the hackspace. An individual member is responsible for any information they chose to store in this location. When used from a shared PC within the hackspace, uploaded files are not associated with any individual’s account (everything is stored as an anonymous user) - for this reason, it is not possible to handle deletion requests for information stored using this service.

  • Legitimate Interest - We provide shell accounts over the SSH protocol, enabling access without being physically inside the hackspace. This is useful if you need to transfer some files to the hackspace from your home, so that they may be accessed next time you visit the hackspace. Files uploaded or generated over SSH are inherently associated with your hackspace username. If you choose to end your membership at the hackspace, you must remove these files. We will process explicit requests for removal of files if you have already left the space - this can be done by emailing the trustees.

Concerns and Complaints

The trustees would like concerns and compliance regarding data protection issues to be raised with them first using the email address or postal address at the top of this document. Complaints can also be addressed to the Information Commissioners Office at:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF.

You can also contact them by telephone on 01625 545 745 or via their website at https://www.ico.org.uk.