This document identifies the basis in the regulations which supports HBAGA’s use of
personal data and outlines how our use complies with that definition. As the GDPR
system is still being developed this will need regular review.
It is a technical document for reference in support of our other documentation.
1. The Association uses GDPR 2018 Article 6.1.(f) as the authority to process the
personal data of its members. This states: “processing is necessary for the purposes of the
legitimate interests pursued by the controller or by a third party, except where such interests are
overridden by the interests or fundamental rights and freedoms of the data subject which require
protection of personal data, in particular where the subject is a child.
This ‘legitimate interest’ approach is one of the possible ways of justifying use of personal
data. As a result there is no need to obtain specific consent from members unless it is
proposed to use their data in a way which is not what they would reasonably expect. This
possibility is unlikely to occur.
2. The legitimate interests of the Association which could require the use of or inter-
with a member’s data are:-
2.1 Administration of the annual leases through which members rent their plots. This
will include the collection of rents and the enforcement of the Association’s plot rules.
2.2 Administration of annual Associate Memberships.
2.3 Enforcement of the Association’s Constitution including reference to an independent
arbitration system to deal with appeals against an Association decision.
2.4 Interaction with members who choose to take part in the Association’s social
activities or to make use of the facilities of the Association’s Shop.
2..5 Interaction with members who take an active part in the running of the association.
2.6 Legitimate requirements of Canterbury City Council or other authorities.
3. The data held about members comprises:
3.1 Name and contact details (postal address, phone, email)
3.2 Plot numbers for plot-
3.3 Records of annual plot rents and membership fees
3.4 Details of Shop orders and participation in Social events
3.5 Records of interactions with members (such as when dealing with plot problems)
3.6 There is other information which is open to us (such as car registration numbers,
bank details shown on cheques and health problems) but such details are not recorded.
4. Storage and Access to data is controlled by the Committee as agreed by the
membership at a General Meeting as part of the usual management process. This includes
how and where data is held and its privacy and security, plus who has access to the data.
5. Our documentation ensures that members are aware of how we handle their data
and the way in which they exercise control of the information they give us.
6. Members have a right to ask for a copy of the information we hold about them in a digital form. We are obliged to provide that information in a timely manner at no cost to the member.
GDPR has a comment on this right. Where requests from a data subject are manifestly
unfounded or excessive, in particular because of their repetitive character, the controller
* charge a reasonable fee taking into account the administrative costs of providing the
information or communication or taking the action requested;
* refuse to act on the request.
The controller shall bear the burden of demonstrating the manifestly unfounded or
excessive character of the request.