This document identifies the basis in the regulations which supports HBAGAs use of

personal data and outlines how our use complies with that definition. As the GDPR

system is still being developed this will need regular review.

It is a technical document for reference in support of our other documentation.

1. The Association uses GDPR 2018 Article 6.1.(f) as the authority to process the

personal data of its members. This states: processing is necessary for the purposes of the

legitimate interests pursued by the controller or by a third party, except where such interests are

overridden by the interests or fundamental rights and freedoms of the data subject which require

protection of personal data, in particular where the subject is a child.

This ‘legitimate interest’ approach is one of the possible ways of justifying use of personal

data. As a result there is no need to obtain specific consent from members unless it is

proposed to use their data in a way which is not what they would reasonably expect. This

possibility is unlikely to occur.

2.        The legitimate interests of the Association which could require the use of or inter-act

with a members data are:-

2.1     Administration of the annual leases through which members rent their plots. This

will include the collection of rents and the enforcement of the Associations plot rules.

2.2     Administration of annual Associate Memberships.

2.3     Enforcement of the Associations Constitution including reference to an independent

arbitration system to deal with appeals against an Association decision.

2.4     Interaction with members who choose to take part in the Associations social

activities or to make use of the facilities of the Associations Shop.

2..5    Interaction with members who take an active part in the running of the association.

2.6     Legitimate requirements of Canterbury City Council or other authorities.

3.       The data held about members comprises:

3.1     Name and contact details (postal address, phone, email)

3.2     Plot numbers for plot-holders

3.3     Records of annual plot rents and membership fees

3.4     Details of Shop orders and participation in Social events

3.5     Records of interactions with members (such as when dealing with plot problems)

3.6     There is other information which is open to us (such as car registration numbers,

bank details shown on cheques and health problems) but such details are not recorded.

4.       Storage and Access to data is controlled by the Committee as agreed by the

membership at a General Meeting as part of the usual management process. This includes

how and where data is held and its privacy and security, plus who has access to the data.

5.      Our documentation ensures that members are aware of how we handle their data

and the way in which they exercise control of the information they give us.

6.      Members have a right to ask for a copy of the information we hold about them in a digital form. We are obliged to provide that information in a timely manner at no cost to the member.

  GDPR has a comment on this right. Where requests from a data subject are manifestly

unfounded or excessive, in particular because of their repetitive character, the controller

may either:

* charge a reasonable fee taking into account the administrative costs of providing the

information or communication or taking the action requested;


* refuse to act on the request.

 The controller shall bear the burden of demonstrating the manifestly unfounded or

excessive character of the request.


                                                                                                                                                     Dated 20/10/18