Policy/GDPR
Reading Makerspace Ltd Privacy Policy
| Change to GPDR Policy for COVID-19 Crisis
The CCTV system has now been connected for remote monitoring and access logs may be shared with NHS contact tracing, please see sections highlighted in BOLD for changes from the previous version of this document. |
The legal bases of our data collections[edit]
Reading Makerspace Ltd collects and holds data to facilitate the effective running of the hackspace under two of the six legal bases set out in the General Data Protection Regulations:
- The majority of the data that we collect and hold is on the basis of legitimate interest - we require this data in order to maintain the security of the building and its contents, the safety and security of our members, and the financial viability of the hackspace.
- In addition, we collect a limited amount of data on the basis of consent. This is not required for the running of the hackspace, so we seek members’ consent first.
Personal data holdings[edit]
Below there is a list of the personal data that we collect and our basis for doing so. The following sections provide information on data security, access and retention policies for the data. Annex A contains Legitimate Interests Assessments (LIAs) for the data that we hold on that basis.
Personal data is held in four repositories.
Membership database[edit]
When someone joins the hackspace, the electronic form used to collect their personal details indicates which fields are associated with each basis. From May 25th 2018, we will seek explicit consent to collect the data that is provided on the basis of consent. The consent of existing members will be sought and if not provided, we will delete that data.
| Data processed on the basis of legitimate interest: | Data processed on the basis of consent: |
|---|---|
|
|
Financial records[edit]
Records of financial transactions between Reading Makerspace Ltd and members are held for the purposes of compiling our accounts, reimbursing expenditure made on our behalf, and determining who should be provided with access to the building.
| Data processed on the basis of legitimate interest: | Data processed on the basis of consent: |
|---|---|
|
|
Access control system[edit]
We maintain an electronic record of attempts to access the building with the electronic door lock, and to use access-controlled tools. Our access control systems store NFC card identification numbers, which may, if required, be reconciled against the card numbers held in the membership database.
| Data processed on the basis of legitimate interest: | Data processed on the basis of consent: |
|---|---|
|
|
CCTV system[edit]
The building is equipped with a CCTV system.
| Data processed on the basis of legitimate interest: | Data processed on the basis of consent: |
|---|---|
|
|
Equipment Monitoring Cameras[edit]
Some tools are equipped with cameras that record and display the tool's work area.
| Data processed on the basis of legitimate interest: | Data processed on the basis of consent: |
|---|---|
|
|
Data security[edit]
We take the security of our members’ personal data very seriously and take the following steps to ensure that it is stored securely.
The membership database is stored on a dedicated server. The server instance is in the UK and can only be accessed via HTTPS by the Data Protection Officer (Tony Short). Access to the contents of the database is via a web-portal and requires an authorised user account and password. User accounts are provided by the Data Protection Officer to the directors of Reading Makerspace Ltd and three members who manage and maintain the door and tool access control system. In addition, access to the membership card and tool induction data is also provided by an API, which requires a 32-byte key.
Financial records are stored on the Xero online accounting system, and a limited number of legacy direct debits on the GoCardless online payment system. Access to the two systems is controlled via user accounts with passwords. New user accounts are authorised by Mark Morris and are limited to the directors of Reading Makerspace Ltd and an additional member who assists in reconciling direct debit payments.
Access at the front door of the building, and to some of the tools inside, is controlled by computers equipped with RFID readers. The computers maintain logs of access attempts. The access control computers may only be accessed with SSH keys. Distribution of these keys is limited to directors of Reading Makerspace Ltd and members who manage and maintain the access control systems. The access control systems have software installed that can be used to access a limited set of fields in the membership database via the API.
Footage from the CCTV system is stored securely in a digital format on a dedicated system accessible from on-site via a username and password and accessible off-site via a secured SSH connection used in conjunction with a username and password. Access is limited to the directors of Reading Makerspace Ltd.
Live images taken from the equipment monitoring cameras are available publicly on the wiki. Full video streams are available from these cameras but access is controlled via username and password supplied over an encrypted connection. User accounts are limited to directors of Reading Makerspace Ltd and one additional member who administers the system.
Data retention[edit]
The period for which we retain personal data varies by type of data and purpose.
- Data held within our membership database is held indefinitely unless a member requests that their details are deleted;
- Financial records are retained indefinitely;
- Access control records are stored for a period of up to 54 weeks from the time of collection;
- CCTV footage is retained for a period of up to 30 days from the time of collection unless needed for an investigation in which case they may be retained until the investigation and any action stemming from it is complete; and
- Images from the equipment monitoring cameras are not retained by us.
Your information rights[edit]
Under the provisions of the General Data Protection Regulations, you have the rights:
- to request access the data that we hold on you;
- to request the erasure of your personal data; and
- to object to the processing of the data that we hold on the basis of legitimate interest on grounds relating to your particular situation.
Questions and requests to access, erase or restrict processing of your personal data should be addressed to the Data Protection Officer.
Annex-A - Legitimate Interests Assessment[edit]
This annex provides our assessment of the balance of interests associated with the different data processing activities that we do. In making these assessments we have sought to strike an appropriate balance between what we perceive as the privacy concerns of individual members, and the legitimate interests of Reading Makerspace Ltd and the members of the hackspace as a group.
Processing associated with the access control systems[edit]
Description of processing:
We control access to the building with NFC access control cards on the basis of a ‘white-list’ of authorised cards. To construct that list, we maintain a record of which cards have been issued to which members, and periodically one of the directors performs a reconciliation with payments made to Reading Makerspace Ltd to determine which cards should be on the white-list. The white-list (but not member details) is then held for reference on the front-door’s access control system. No information about financial payments or the member is held on the card. The door system maintains a log of card numbers associated with attempts to open the door. The logs are kept for maximum of 54 weeks before being erased.
Similarly, we control access to some of the tools in the hackspace with the same NFC cards. If a member would like to use one of these tools, the card is inserted into the reader, and the control system checks whether the member has been inducted on the tool before permitting use. That check is performed by either (a) checking against a local copy of member’s tool induction data, or (b) by directly querying the membership database. The database query yields the member’s name and whether they should be granted access to the tool. No other personal data is provided to the tool access control system.
The access control systems require management, maintenance and development. A small team of members has access to the systems in order to (i) periodically test that the systems are working as intended, (ii) resolve any issues, and (iii) further develop their functionality (e.g. develop new tools to the support the directors in implementing this policy and satisfying Subject Access Requests). In order to make sense of the logs they use software tools which query the members associated with different card numbers, and the card numbers associated with different members, from the membership database. No other personal data is provided for these purposes. The results of those tests are not stored and, at rest, the logs are stored in the form of a pseudonymised list of card numbers.
We would not share a list of card log entries, reconciled with members’ identities or otherwise, with any other third party unless required to do so by warrant or unless requested by NHS contact tracing service
Assessment:
There are considerable financial costs associated with running the hackspace, and it is a legitimate expectation of the membership that only people who are making a contribution to meeting those costs are able to use the facilities. We allow some scope for members to vary their payment according to their ability to pay and recognise that (a) for some, their limited means may be a source of embarrassment, and (b) others may be embarrassed by their ability to make a larger contribution. For these reasons we strictly limit access to the accounting platform that provides access to the record of payments.
We recognise that in keeping a log of attempts to enter the hackspace we are also capturing a record that locates an individual at a given time (insofar as it could be proven that they were in possession of their membership card at that time). However, we also consider the card-based door access control system, which allows unattended 24/7 access to our facilities, to be a significant part of the attraction of membership and also, therefore, the financial viability of the hackspace. In addition, we consider the maintenance of a correctly functioning door access control system to be essential for the financial sustainability of the hackspace because members will only continue to contribute to the costs associated with the hackspace if they are satisfied that other users are also making a contribution. On balance we have concluded that the processing of that personal data, as described in the section above, to be in the legitimate interest of the hackspace and its membership.
A similar set of considerations applies to the case of the access control systems fitted to some of the tools. The logs that are kept by these tools could, similarly, locate an individual at a given time (insofar as it could be proven that they were in possession of their membership card at that time). However, in making a regular financial contribution to the running of the hackspace, and therefore the purchase of the tools, members have a reasonable expectation that those tools will be used considerately and safely and that steps will be taken to protect the value of the tools as assets. We consider the induction of members in use of the tools, and the limitation of use to inducted members, to be legitimately in the interests of the hackspace and its members.
In light of the need to control the outbreak of COVID-19 infection in the area we consider that there is an overwhelming public interest in NHS contact tracing service being able to gather information from our access logs to locate people who may have been in contact with an infected person. As such we will provide NHS contact tracing service with limited information gathered from the access logs upon their request. This will continue to be the case only for the duration of government guidance on the control of SARS-CoV-2.
Other processing associated with the membership database[edit]
Description of processing:
At the point of sign-up, we ask members to provide the details listed in section 2 of the main body of this document. Most of this data is collected and held on the basis of legitimate interest (see assessment below), with consent being sought for some other processing. The section above sets out how we process data associated with members’ access cards, and their induction on access-controlled tools. This section addresses the processing associated with the other fields in the database that is conducted on the basis of legitimate interest.
When joining the hackspace, members are asked to show a form of identification with a photograph, for the purposes of verifying their identity and, if necessary, their age. The form of identity shown is recorded in the database. The member’s previous name may also be recorded if necessary to reconcile between the name provided on the form, and the name on the identification documents.
The email addresses in the database are held for the purposes of (a) maintaining a means of contacting members with important information and essential updates about the hackspace, and (b) providing the directors with a means of contacting individual members. The telephone numbers are only used for contacting members urgently. The postal addresses are used in the event that other means of communication have failed.
A photograph of the member is stored in the database to aid identification of the member by the directors, and may be displayed on a screen in the hackspace to allow members to recognise whether someone is a member or not.
No other processing is conducted on this data. We would not share this information with any third party unless required to do so by warrant or unless requested by NHS contact tracing service.
Assessment:
We recognise and acknowledge our individual members’ desire to protect their privacy, and therefore strictly limit both access to their personal information, and the extent to which we contact them. However we also consider it in the members individual and collective interest for us to have a means of contacting them for the purposes of (a) providing them with important information about the hackspace, (b) establishing membership, and (c) attempting to return any possessions left in the hackspace.
In addition, in providing access to the hackspace’s facilities (tools, chemicals and computing) we intend that they should be used for good. However, we also recognise that, in the wrong hands, they are also capable of being used for criminal ends. We therefore consider that it is legitimate and proportionate, and in the interests of the personal security of our membership, to ask members to provide these personal details. This acts as a deterrent against criminal activity on the grounds that, in such an event, we would be able to assist the authorities, if required by some lawful means, in identifying the perpetrator.
We also consider that the option of displaying a member’s photograph on a screen in the hackspace adds to the personal security of members, particularly those that may feel more vulnerable around strangers. As our community has grown over the years, we have now passed the point when any individual member is able to recognise members from strangers and be able to immediately tell whether or not someone should be in the building or not. Having photographs of members on display in the building (in a place that is not visible from outside of the building) will allow members to discern between members from strangers, and feel secure in the knowledge that they are in the company of people who are known to the directors and other members.
In light of the need to control the outbreak of COVID-19 infection in the area we consider that there is an overwhelming public interest in NHS contact tracing service being able to gather information from our membership database in order to contact people who may have been exposed to an infected person. As such we will provide limited contact details for member to the NHS contact tracing service upon request. This will continue to be the case only for the duration of government guidance on the control of SARS-CoV-2.
Processing CCTV footage[edit]
Description of processing:
CCTV footage is collected solely for the purposes of ensuring the security and safety of the space, of members and of the directors. The footage will only be reviewed:
- At the request of the police or equivalent authority bearing a warrant, or
- In the event of a serious criminal act within the space, or
- In the event of a serious complaint by a member or other person about conduct in the space, or
- In the event of a serious health and safety incident, or
- By the directors to check that the system is operating properly.
- By the directors in order to manage compliance with government guidance on the control of SARS-CoV-2
Assessment:
Whilst recognising the desire of members and other visitors to protect their privacy, we consider the CCTV cameras to play an important role in ensuring the security of the building and contents, and the members and directors.
When footage is reviewed the images captured by the system may reveal the location of a member at a given time. For this reason, directors will only review footage for the purpose of establishing that the system is operating properly in private, with no other members present.
In the event of a request from the police, a serious criminal act, or a serious complaint being made about conduct, the footage may be used to establish innocence (or otherwise) of members or to identify potential witnesses.
In order to manage safe operation of rLab while complying with the current government guidance on control of infection related to SARS-CoV-2 it is necessary to verify compliance with the new rules on use of the lab. The CCTV system can provide this information more reliably than any other means currently available and installed. For this reason a director may review the live footage from the CCTV system in private in order to verify that the rules are being followed. This will continue to be the case only for the duration of government guidance on the control of SARS-CoV-2.
We also consider that the presence of a CCTV system deters misconduct and criminal activity in the hackspace, including theft. in making a regular financial contribution to the running of the hackspace, and therefore the purchase of the tools, members have a reasonable expectation that the assets of the hackspace will be protected from damage and theft.
On these bases, we consider that the capture of footage to be, on balance, in the interests of our members.
Processing equipment monitor footage[edit]
Description of processing:
Equipment monitoring footage is collected to allow members to determine if a tool is in use before making a trip to rLab. The last image gathered by the cameras is made publicly available on the wiki at any time but is not stored by us.
Assessment:
Whilst recognising the desire of members and other visitors to protect their privacy, we consider the equipment monitoring cameras provide an important service to members to enable them to avoid making wasted trips to the rLab, which is especially important in light of the COVID-19 outbreak.
The cameras have been adjusted in order to minimise the amount of information gathered and to only display the working area of specific tools. Still it is possible in rare circumstances for images captured by the system to reveal the location of a member at a given time and owing to the publicly accessible nature of the images, to reveal it to the wider public
The cameras are in easy view within the space and knowledge of their fields of view (either from looking at images themselves or from seeing the cameras) is readily available to all members, as such members can reasonably avoid any identifying characteristics being seen by the cameras if they choose to, even while using those tools.
We consider that the presence of the equipment monitoring cameras provide a substantial benefit to our members by enabling them to avoid unnecessary trips and so expense while providing only very limited, occasional and temporary information about the location of members.
On these bases, we consider that the capture and display of footage to be, on balance, in the interests of our members.