This policy outlines how Dorset Community Energy collects, uses and protects personal data and information in compliance with the General Data Protection Regulations.
What personal data?
Personal data is information that can be used to help identify an individual, such as name, address, phone number or email address. Dorset Community Energy holds three types of personal data which are stored and processed separately:
1. Our membership database
which includes full names, e mail addresses, postal addresses value of shares held and members bank details. This information is supplied when members apply for shares and is updated by the Dorset Community Energy secretary when notified of changes. The information is not disclosed to 3rd parties, unless there is a legal obligation to do so (e.g. to HMRC in certain circumstances). The data is processed by Dorset Community Energy in order to comply with our registered rules and statutory obligations such as payment of interest to members, notification of the AGM etc.
Our IT systems are protected by anti-virus and security software including automated file back-up. As additional security our membership database is stored electronically off-line.
At a future date the Dorset Community Energy directors may appoint an external organisation to maintain our membership database and make interest payments to members. For example, this may be necessary and cost effective if there are a larger number of members due to future share offers for new projects. If so, existing members will be consulted and the organisation appointed will be fully compliant with current data protection legal requirements.
PLEASE NOTE THAT EXISTING MEMBERS OF DORSET COMMUNITY ENERGY DO NOT HAVE TO GIVE PERMISSION FOR THEIR DATA TO BE USED FOR DORSET COMMUNITY ENERGY STATUTORY PURPOSES, INCLUDING PAYMENT OF INTEREST, NOTIFICATION OF AGM’S ETC. THIS WILL CONTINUE AS USUAL.
2. Newsletter subscription information
We use an online service called Mailchimp to send our quarterly newsletter. It handles all of the data we need for this. Mailchimp is part of The EU-US data privacy shield agreement, and is fully compliant with the General Data Protection Regulation – you can read more in the Mailchimp Privacy Statement.
You can unsubscribe from the newsletter at any time and remove your data completely by following the unsubscribe link at the bottom of every newsletter, or e mail us at firstname.lastname@example.org and we will do it for you.
Temporary Share Offer 2019 newsletter
We are also using Mailchimp to send specific updates for our Community Share Offer 2019. There will be four updates. You can read about the Share offer on its page.
These updates will be sent to members and quarterly newsletter subscribers, and others who subscribe to this list specifically. We will remove all the email addresses and delete this list at the end of the campaign. You can unsubscribe from the Community Share Offer 2019 mailing list by following the unsubscribe link at the bottom of every newsletter, or e mail us at email@example.com and we will do it for you.
What we collect using the Mailchimp forms
- Your name
- Your email
- Time of subscription
- IP address
- Opt-in confirmation
How we use the Mailchimp information
- Send you the newsletter
- Track newsletter ‘opens’ so we know how many people opened it
- Track newsletter ‘clicks’ so we know what they read
3. Website tracking
Like millions of other websites we use Google Analytics. Google Analytics is a piece of software that grabs data about our visitors (you). It’s something like an advanced server log.
What does Google Analytics record?
- What kind of computer you’re using
- What pages you visit
- What website you came from to get here
- How long you stay for
What do we do with your data?
We use a plugin ‘Google Analytics Dashboard for WordPress’, and have taken all the recommended steps to fully anonymise all of the data it uses as outlined in this excellent article.
The tracking information allows us to better understand the kind of people who come to the site, what computers they are using, and what content they’re reading. This allows us to make better decisions about design and writing.
Occasionally, we will compile aggregate statistics about the number of visitors this site receives and browsers being used. No personally identifying data is included in this type of reporting.
All of our activity falls within the bounds of the Google Analytics Terms of Service.
How do I prevent the website tracking?
Our installation of Google Analytics supports and respects Do-Not-Track settings you might have set in your browser, if you have specified in your browser that you do not want to be tracked then we will not track you.
If you want to prevent this tracking as an anonymous user of the site you can either set your browser up to send Do-Not-Track headers, see the Firefox, Safari and Internet Explorer instructions or install the Ghostery plugin, which available for Firefox, Safari, Google Chrome and Internet Explorer and which has an option to block Google Analytics.
Dorset Community Energy complies with the GDPR (General Data Protection Regulations) which come into effect from 25th May 2018.
The General Data Protection Regulations give you certain rights over your data and how we use it. These include:
- the right in certain circumstances to have inaccurate personal data rectified, blocked, erased or destroyed
- the right to prevent your data being used for direct marketing
- the right of access to a copy of the information we hold about you (known as a subject access request)
If you wish to exercise any of these rights please contact the secretary, Dorset Community Energy, The Old House at Home, Salisbury Street, Dorchester DT1 1JU
For more information about your rights under GDPR go to the website of the Information Commissioner’s Office.