The Association uses GDPR 2018 Article 6.1.(f) as the authority to process the personal data of its members. This states: “processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the subject is a child.

This document identifies the basis in the GDPR (General Data Protection Regulations) system which supports HBAGA’s use of personal data and outlines how our use complies with that definition. As the GDPR system is still being developed this will need regular review.

It is a technical document for reference in support of our other documentation. The term ‘data subject’ means one of our members, the term ‘controller’ means the Association.

This ‘legitimate interest’ approach is one of the possible ways of justifying use of personal data. As a result there is no need to obtain specific consent from members unless it is proposed to use their data in a way which is not what they would reasonably expect. This possibility is unlikely to occur.


The legitimate interests of the Association which could require the use of or inter-act with a member’s data are:-


Administration of the annual leases through which members rent their plots. This will include the collection of rents and the enforcement of the Association’s plot rules.


Administration of annual Associate Memberships.


Enforcement of the Association’s Constitution including reference to an independent arbitration system to deal with appeals against an Association decision.


Interaction with members who choose to take part in the Association’s social activities or to make use of the facilities of the Association’s Shop.


Ieraction with members who choose to take part in the Association’s social activities or to make use of the facilities of the Association’s Shop.


Legitimate requirements of Canterbury City Council or other authorities.


The data held about members comprises:


Name and contact details (postal address, phone, email)


Plot numbers for plot-holders and records of annual plot rents and membership fees


Details of Shop orders and participation in Social events


Records of interactions with members (such as when dealing with plot problems)

There is other information which is open to us (such as car registration numbers, bank details shown on cheques and health problems) but such details are not recorded.


Storage and Access to data is controlled by the Committee as agreed by the membership at a General Meeting as part of the usual management process. This includes how and where data is held and its privacy and security, plus who has access to the data.


Our documentation ensures that members are aware of how we handle their data and the way in which they exercise control of the information they give us.


Members have a right to ask for a copy of the information we hold about them in a digital form. We are obliged to provide that information in a timely manner at no cost to the member.

 GDPR has a comment on this right. Where requests from a data subject are manifestly unfounded or excessive, in particular because of their repetitive character, the controller may either:

* charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested;

* refuse to act on the request.

The controller shall bear the burden of demonstrating the manifestly unfounded or excessive character of the request.

HBAGA 008 Data Management Authority

Document Agreed:

Go to top of the Page

Return to Association Page

Document Ageed by Committee:05/04/19