top of page
Image by Kenan Kitchen

Data Protection

February 2023

The data that members provide the Association are kept in documents that are held and processed electronically. Under GDPR we have responsibilities of care to uphold. This document outlines our policies.

Get in Touch

Data Protection Policy


The data that members provide the Association are kept in documents that are held and processed electronically. This means that the Association is subject to the General Data Protection Regulation 2016 (GDPR) which came into force in the UK on 25th May 2018. It replaces the Data Protection Act 1998 and will harmonise data protection law throughout Europe. Under GDPR we have responsibilities of care to uphold. This document outlines our policies.

What sort of data we hold and how are they held?
What data do we keep?

We are only allowed to keep data that are necessary for our Association activities. We keep some or all the following:

  1. Name

  2. Plot number

  3. Email address

  4. Postal address

  5. Landline phone number and/or mobile phone number

  • The Association uses electronic spreadsheets to manage personal data (including membership and finances). These spreadsheets are held securely on cloud servers or on individual Committee members’ computers and may be emailed between Committee members on a need-to-know basis.

  • When you pay money to us (for example, your annual plot rental), we may keep a record of your payment and what it was for, together with your plot number and name (or payment reference).

  • Committee meetings are held at least monthly. Committee minutes, which may include member names and plot numbers, are hand written by the secretary. However, these minutes are redacted to remove personal data.

  • The minutes of the Association AGM, not including names of attendees, are posted on our social channels, including WhatsApp, emails and website when requested.

  • Our bank account is with Natwest. Committee members who are signatories on the bank account are able to see Natwest statement of members’ electronic payments.

Confidential or sensitive information
  • Members may occasionally disclose confidential information to the Committee, for example if illness or family problems are making it difficult to maintain their plot, or where financial problems are making payment difficult.

  • This information is only shared between Committee members, and only on a ‘need to know’ basis verbally.

  • You are the source of your own personal information, initially from when you joined the Association, and then changes that you notify us about.

  • We will endeavour to maintain accurate records, but we rely on members keeping us up-to-date.

  • All information is checked annually when plot rents are due for renewal.

Email usage
  • The Association uses email to handle most administration and communication tasks.

  • The Membership Secretary, who is responsible for bulk emails has an email accounts used for this purpose ( All initial email traffic to the committee is on this account and not now on a personal email account.

  • These accounts contain members email data.

  • In cases of bulk emailing (e.g. to send out notice and paperwork for the AGM), we make sure to use the Blind Carbon Copy (Bcc:) function to ensure other members email addresses are not visible.

  • Sometimes the use of MailChimp for bulk emailing is used.

What are the data used for?

The data are only used for legitimate Association uses; these include:

  • Communication between committee members and other members as part of the daily running of the Association

  • Notification of Association meetings and the minutes of those meetings

  • Provision of news to Association members.

What are the data NOT used for?
  • We will not disclose your data to other members or to third parties or use it on behalf of third parties.

  • For example, members may sometimes be lobbied to advertise a service or product that might be useful to other members of the association.

  • We will not use your addresses to do this (no “spam” allowed).

Our legal basis on which we hold your personal data
  • GDPR data protection law has six possible bases on which to hold personal data, including Obtaining Consent, and as Legitimate Interests.

  • Like other membership organisations we hold your personal data on the basis of ‘Legitimate Interests’.

  • This is defined as meaning in ways one would reasonably expect … and which have a minimal privacy impact, or where there is a compelling justification for the processing, such as being able to communicate with our members, eg we cannot rent plots to members with whom we have no way to communicate.

  • See:Â basis-for-processing/legitimate-interests/ ).

Who can hold, process or access personal data and how long are data retained?
Who has access to the data?
  • Only those who need access to the data have access and they do not share it with anyone else.

  • The following Committee members have access to the full membership data: Chair, Membership Secretary, Treasurer.

  • The names of all Committee members are in the public domain. It is occasionally necessary for their contact details to be shared with outside bodies, for example, for the purposes of insurance.

How do we protect the data?
  • Data are held as documents on password-encrypted computers and data is stored on a GDPR-compliant Cloud server.

  • Mobile phones are sometime used for email purposes. Phones are vulnerable to loss and theft so if they are used for Association business they must at least use a 4-character PIN.

  • Spreadsheets containing multiple records will not be kept on phones.

What happens when a member leaves the Association?
  • We do not keep data that is not needed for operation of the Association. The data for members who leave is usually held for at most 6 months, after which time it will be deleted from our records.

  • We keep the data for a short period in the event that we need to communicate with a member who has recently left, and only for the purpose of resolving any outstanding matters.

  • We aim to retain limited non-identifiable data to monitor how well we operate as a community resource

The purposes for which we hold personal data

The key purpose for holding your personal data is for the administration of the Association and the management of the allotment site. In practice, this means:

  • Dealing with prospective members (initial/follow-up contact, waiting list, site tours, site access codes …)

  • The offer of a plot, and acceptance of a plot. Any moves from one plot to another, additional plots. Relinquishing of plots, and termination of membership.

  • Payment for membership, the plot and associated sundries.

  • Management of permissions associated with the plot (e.g. shed and tree permissions).

  • Communication about the site and plots (e.g. social events, working parties, policy reminders, gardening advice,…). Communication on individual circumstances affecting the plot holder or plot. Communication about the Association (e.g. AGM). Communication about SAAAG (Sefton Allotment Association Action Group, Sefton’s allotment umbrella group), to which the Association belongs.

  • Issues with plots, and enforcement of site and plot rules, including any follow-up required with individual members and co-workers, within and outside of the regular audit process.

  • Urgent contact for plot or site problems.

  • Management of the Site and Association as a whole, for example, meeting minutes, analysis of plot vacancies, late payments, working party hours.

Data Policy Implementation
  • A nominated member of the committee is responsible for ensuring that this policy is adhered to.

  • The GDPR Data Controller is the Membership Secretary who will undertake this role.

  • Other Committee members act as GDPR Data Processors e.g. from new tenants or at rent renewal time.

Your rights
  • Data protection law gives you certain rights. Full details are available on the Information Commissioner’s website.

  • For a small organisation like ours with relatively simple records, the relevant rights are for you to see your record and to correct any errors in it. Members can at any time ask the Chair or Membership Secretary for a copy of their recorded data. To request this, send an email to

  • When you come to pay the plot rent in February of each year you can check the information we hold on you is correct.

  • You also have a right to complain to the supervising authority, ie. to The Information Commissioner’s Office (

bottom of page