Policy/GDPR

From rLab Wiki

Reading Makerspace Ltd Privacy Policy


The legal bases of our data collections

Reading Makerspace Ltd collects and holds data to facilitate the effective running of the hackspace under two of the six legal bases set out in the General Data Protection Regulations:

  1. The majority of the data that we collect and hold is on the basis of legitimate interest - we require this data in order to maintain the security of the building and its contents, the safety and security of our members, and the financial viability of the hackspace.
  2. In addition, we collect a limited amount of data on the basis of consent. This is not required for the running of the hackspace, so we seek members’ consent first.


Personal data holdings

Below there is a list of the personal data that we collect and our basis for doing so. The following sections provide information on data security, access and retention policies for the data. Annex A contains Legitimate Interests Assessments (LIAs) for the data that we hold on that basis.

Personal data is held in four repositories.

Membership database

When someone joins the hackspace, the electronic form used to collect their personal details indicates which fields are associated with each basis. From May 25th 2018, we will seek explicit consent to collect the data that is provided on the basis of consent. The consent of existing members will be sought and if not provided, we will delete that data.

Data processed on the basis of legitimate interest: Data processed on the basis of consent:
  • Name
  • Address
  • Email address
  • Telephone number
  • Photograph of member
  • Current and previous access card numbers
  • Type of identification provided at sign-up
  • Tools on which a member has been inducted
  • Previous name if required to reconcile identity with proof of identity provided
  • Membership status (current, lapsed, archived)
  • Gender
  • Ad-hoc notes relating to membership

Financial records

Records of financial transactions between Reading Makerspace Ltd and members are held for the purposes of compiling our accounts, reimbursing expenditure made on our behalf, and determining who should be provided with access to the building.

Data processed on the basis of legitimate interest: Data processed on the basis of consent:
  • Financial transactions between members and Reading Makerspace Ltd
  • None

Access control system

We maintain an electronic record of attempts to access the building with the electronic door lock, and to use access-controlled tools. Our access control systems store NFC card identification numbers, which may, if required, be reconciled against the card numbers held in the membership database.

Data processed on the basis of legitimate interest: Data processed on the basis of consent:
  • NFC card numbers used to access or attempt to access the building
  • NFC card numbers used to access or attempt to access the access-controlled tools
  • None

CCTV system

The building is equipped with a CCTV system.

Data processed on the basis of legitimate interest: Data processed on the basis of consent:
  • Footage from CCTV cameras in each of the main rooms of the building and the immediate surroundings.
  • None



Data security

We take the security of our members’ personal data very seriously and take the following steps to ensure that it is stored securely.

The membership database is stored on a dedicated server. The server instance is in the UK and can only be accessed via HTTPS by the Data Protection Officer (Tony Short). Access to the contents of the database is via a web-portal and requires an authorised user account and password. User accounts are provided by the Data Protection Officer to the directors of Reading Makerspace Ltd and three members who manage and maintain the door and tool access control system. In addition, access to the membership card and tool induction data is also provided by an API, which requires a 32-byte key.

Financial records are stored on the Xero online accounting system, and a limited number of legacy direct debits on the GoCardless online payment system. Access to the two systems is controlled via user accounts with passwords. New user accounts are authorised by Andrew Jacobs and are limited to the directors of Reading Makerspace Ltd and an additional member who assists in reconciling direct debit payments and another member performing expense claim entry for faciltities improvement projects.

Access at the front door of the building, and to some of the tools inside, is controlled by computers equipped with RFID readers. The computers maintain logs of access attempts. The access control computers may only be accessed with SSH keys. Distribution of these keys is limited to directors of Reading Makerspace Ltd and members who manage and maintain the access control systems. The access control systems have software installed that can be used to a limited set of fields in the membership database via the API.

Footage from the CCTV system is stored securely in a digital format on a dedicated and non-networked system. Access is limited to the directors of Reading Makerspace Ltd.


Data retention

The period for which we retain personal data varies by type of data and purpose.

  • Data held within our membership database is held indefinitely unless a member requests that their details are deleted;
  • Financial records are retained indefinitely;
  • Access control records are stored for a period of up to 54 weeks from the time of collection; and
  • CCTV footage is retained for a period of up to 30 days from the time of collection.

Your information rights

Under the provisions of the General Data Protection Regulations, you have the rights:

  • to request access the data that we hold on you;
  • to request the erasure of your personal data; and
  • to object to the processing of the data that we hold on the basis of legitimate interest on grounds relating to your particular situation.

Questions and requests to access, erase or restrict processing of your personal data should be addressed to the Data Protection Officer.


Annex-A - Legitimate Interests Assessment

This annex provides our assessment of the balance of interests associated with the different data processing activities that we do. In making these assessments we have sought to strike an appropriate balance between what we perceive as the privacy concerns of individual members, and the legitimate interests of Reading Makerspace Ltd and the members of the hackspace as a group.

Processing associated with the access control systems

Description of processing:

We control access to the building with NFC access control cards on the basis of a ‘white-list’ of authorised cards. To construct that list, we maintain a record of which cards have been issued to which members, and periodically one of the directors performs a reconciliation with payments made to Reading Makerspace Ltd to determine which cards should be on the white-list. The white-list (but not member details) is then held for reference on the front-door’s access control system. No information about financial payments or the member is held on the card. The door system maintains a log of card numbers associated with attempts to open the door. The logs are kept for maximum of 54 weeks before being erased.

Similarly, we control access to some of the tools in the hackspace with the same NFC cards. If a member would like to use one of these tools, the card is inserted into the reader, and the control system checks whether the member has been inducted on the tool before permitting use. That check is performed by either (a) checking against a local copy of member’s tool induction data, or (b) by directly querying the membership database. The database query yields the member’s name and whether they should be granted access to the tool. No other personal data is provided to the tool access control system.

The access control systems require management, maintenance and development. A small team of members has access to the systems in order to (i) periodically test that the systems are working as intended, (ii) resolve any issues, and (iii) further develop their functionality (e.g. develop new tools to the support the directors in implementing this policy and satisfying Subject Access Requests). In order to make sense of the logs they use software tools which query the members associated with different card numbers, and the card numbers associated with different members, from the membership database. No other personal data is provided for these purposes. The results of those tests are not stored and, at rest, the logs are stored in the form of a pseudonymised list of card numbers.

We would not share a list of card log entries, reconciled with members’ identities or otherwise, with any other third party unless required to do so by warrant.

Assessment:

There are considerable financial costs associated with running the hackspace, and it is a legitimate expectation of the membership that only people who are making a contribution to meeting those costs are able to use the facilities. We allow some scope for members to vary their payment according to their ability to pay and recognise that (a) for some, their limited means may be a source of embarrassment, and (b) others may be embarrassed by their ability to make a larger contribution. For these reasons we strictly limit access to the accounting platform that provides access to the record of payments.

We recognise that in keeping a log of attempts to enter the hackspace we are also capturing a record that locates an individual at a given time (insofar as it could be proven that they were in possession of their membership card at that time). However, we also consider the card-based door access control system, which allows unattended 24/7 access to our facilities, to be a significant part of the attraction of membership and also, therefore, the financial viability of the hackspace. In addition, we consider the maintenance of a correctly functioning door access control system to be essential for the financial sustainability of the hackspace because members will only continue to contribute to the costs associated with the hackspace if they are satisfied that other users are also making a contribution. On balance we have concluded that the processing of that personal data, as described in the section above, to be in the legitimate interest of the hackspace and its membership.

A similar set of considerations applies to the case of the access control systems fitted to some of the tools. The logs that are kept by these tools could, similarly, locate an individual at a given time (insofar as it could be proven that they were in possession of their membership card at that time). However, in making a regular financial contribution to the running of the hackspace, and therefore the purchase of the tools, members have a reasonable expectation that those tools will be used considerately and safely and that steps will be taken to protect the value of the tools as assets. We consider the induction of members in use of the tools, and the limitation of use to inducted members, to be legitimately in the interests of the hackspace and its members.

Other processing associated with the membership database

Description of processing:

At the point of sign-up, we ask members to provide the details listed in section 2 of the main body of this document. Most of this data is collected and held on the basis of legitimate interest (see assessment below), with consent being sought for some other processing. The section above sets out how we process data associated with members’ access cards, and their induction on access-controlled tools. This section addresses the processing associated with the other fields in the database that is conducted on the basis of legitimate interest.

When joining the hackspace, members are asked to show a form of identification with a photograph, for the purposes of verifying their identity and, if necessary, their age. The form of identity shown is recorded in the database. The member’s previous name may also be recorded if necessary to reconcile between the name provided on the form, and the name on the identification documents.

The email addresses in the database are held for the purposes of (a) maintaining a means of contacting members with important information and essential updates about the hackspace, and (b) providing the directors with a means of contacting individual members. The telephone numbers are only used for contacting members urgently. The postal addresses are used in the event that other means of communication have failed.

A photograph of the member is stored in the database to aid identification of the member by the directors, and may be displayed on a screen in the hackspace to allow members to recognise whether someone is a member or not.

No other processing is conducted on this data. We would not share this information with any third party unless required to do so by warrant.

Assessment:

We recognise and acknowledge our individual members’ desire to protect their privacy, and therefore strictly limit both access to their personal information, and the extent to which we contact them. However we also consider it in the members individual and collective interest for us to have a means of contacting them for the purposes of (a) providing them with important information about the hackspace, (b) establishing membership, and (c) attempting to return any possessions left in the hackspace.

In addition, in providing access to the hackspace’s facilities (tools, chemicals and computing) we intend that they should be used for good. However, we also recognise that, in the wrong hands, they are also capable of being used for criminal ends. We therefore consider that it is legitimate and proportionate, and in the interests of the personal security of our membership, to ask members to provide these personal details. This acts as a deterrent against criminal activity on the grounds that, in such an event, we would be able to assist the authorities, if required by some lawful means, in identifying the perpetrator.

We also consider that the option of displaying a member’s photograph on a screen in the hackspace adds to the personal security of members, particularly those that may feel more vulnerable around strangers. As our community has grown over the years, we have now passed the point when any individual member is able to recognise members from strangers and be able to immediately tell whether or not someone should be in the building or not. Having photographs of members on display in the building (in a place that is not visible from outside of the building) will allow members to discern between members from strangers, and feel secure in the knowledge that they are in the company of people who are known to the directors and other members.

Processing CCTV footage

Description of processing:

CCTV footage is collected solely for the purposes of ensuring the security of the space, of members and of the directors. The footage will only be reviewed:

  • At the request of the police or equivalent authority bearing a warrant, or
  • In the event of a serious criminal act within the space, or
  • In the event of a serious complaint by a member or other person about conduct in the space, or
  • By the directors to check that the system is operating properly.

Assessment:

Whilst recognising the desire of members and other visitors to protect their privacy, we consider the CCTV cameras to play an important role in ensuring the security of the building and contents, and the members and directors.

When footage is reviewed the images captured by the system may reveal the location of a member at a given time. For this reason, directors will only review footage for the purpose of establishing that the system is operating properly in private, with no other members present.

In the event of a request from the police, a serious criminal act, or a serious complaint being made about conduct, the footage may be used to establish innocence (or otherwise) of members or to identify potential witnesses.

We also consider that the presence of a CCTV system deters misconduct and criminal activity in the hackspace, including theft. in making a regular financial contribution to the running of the hackspace, and therefore the purchase of the tools, members have a reasonable expectation that the assets of the hackspace will be protected from damage and theft.

On these bases, we consider that the capture of footage to be, on balance, in the interests of our members.