General Data Protection Regulation 2018 (supersedes the Data Protection Act 1998)

 

This policy explains how NYR IndyApp collects, stores and uses member data. It explains how the digital platform operates in relation to the constraints of the Regulation.

 

Member Data

​

a) Contact and member data is essential to the platform in order for us to be able to register users on our platform and communicate with our users. The data we require in order to do this consists of the following essential information:

 

b) Full Name: This allows users of the IndyApp platform to be identified by fellow members. The ‘Mute function’ gives each user complete control over the private messages they do or do not receive from other IndyApp registered users.

 

c) E-mail: This will be used for each user’s 'Forgot password' reset function. As a security precaution (and only when requested) an automatically generated ‘Reset password link’ will be sent to this email.

 

d) User ID: This matches your email and is created when first registering to allow the IndyApp platform to recognise each user as a unique individual.

 

e) Password: This is required to ensure security for each individual IndyApp user. It is used in conjunction with your unique user name (email) each time you login afresh. NYR cannot access this. Though a reset can be performed.

 

f) Postcode: This is used for the purpose of tailoring a user’s group search area. It allows the NYR IndyApp platform a general understanding of the distribution of its membership countrywide. This ability is important, as it allows us to match IndyApp membership distribution to the IndyApp’s existing local Indygroup network. We can then use this information to encourage new local group formation wherever there is the potential local IndyApp support to sustain such groups. This will obviously help increase the campaigning power and local reach of the movement, especially during the heat of the new IndyRef campaigning.

 

In the future: combining this with the IndyApp’s private messaging function also allows participating groups the ability to stay in contact with all those pro Indy supporters that download the IndyApp and are located within each particular group’s general catchment area.

 

 

As this information contains some personal data, we comply with the GDPR guideline for not-for-profit organisations so that your privacy is protected.

 

These details are collected from user registration forms, and are provided by the user. We do not seek out user data or accept it from any other source.

 

i) NYR IndyApp will retain this contact data for the duration of membership, which is continuous until either the NYR IndyApp is dissolved or a user leaves. In either of these cases, contact data will be deleted immediately.

 

ii) A member can access their data we hold and edit it using Change Details in User Options. All users remain in ultimate control of their information.

 

iii) Members can remove themselves from the platform and have their data removed by using the ‘Delete Yourself’ function, this will be deemed to terminate the membership. This function automatically deletes all the user’s private information and cancels any local group memberships. A notification will be displayed to confirm this. Also, requests to delete member data should be sent by email to the Secretary at info@indyapp.scot

 

iv) User content such as sent private messages, public forum posts and campaign resource button recommendations which have been voluntarily shared on the platform prior to activation of the 'Delete Yourself’ function will remain published, but user’s source data file will be deleted.

 

 

Data Storage

 

a) In accordance with the GDPR, all member data will be stored in a secure, password-protected database, which is accessible only to the NYR IndyApp.

 

b) Users that have removed themselves, or been removed, may have their information preserved and accessed for a longer time period if it’s related to any of the following:

​

A legal obligation to comply with applicable Scots law

​

An investigation of possible violations of our terms or policies

To prevent harm

​

For safety, security and integrity purposes

​

To protect ourselves, including our rights, property or products

 

If it’s needed in relation to a legal claim, complaint, litigation or regulatory proceedings

 

In some cases, we may preserve your information based on the above reasons even after you request deletion of your account or some of your content. We may also preserve information from accounts that have been disabled and content that has been removed for violations of our terms and policies. This is expected to be no longer than the statute of limitations required under Scots Law and then deleted in full.

 

 

Data Use

 

a) NYR IndyApp will only use member data to contact our users on matters relating to the platform’s cause, which is to achieve independence. This will consist of information about meetings, events, materials, news and anything else we feel members may need to know in order to help achieve independence.

 

b) Member data will be used solely by NYR IndyApp, and will in no circumstances be shared with any other parties outside the IndyApp community.

 

c) For security reasons NYR Indyapp servers in various countries outside of UK and EU will be used to hold user’s data. 

​

​

Data Access Requests

 

a) Members have the right at any time to see the data held by NYR IndyApp about them. To view this information at anytime in the IndyApp select: Info & Settings, then ‘Change Details’, enter your password and all the data we hold on you will be displayed. You can view it or update it. 

 

b) Also a request for this info can be sent by email to the NYR IndyApp Data Protection Officer at info@indyapp.scot Requests will be complied with promptly and timeously.

 

c) Any user has the right to lodge a complaint with the Information Commissioner’s Office, https://ico.org.uk/make-a-complaint/

 

 

 

As a small, not-for-profit organisation NYR IndyApp is not required to be a registered Data Controller with the Information Commissioner's Office (ICO), however our associate Lynn Christian Hastie holds registration (ICO reg. number: ZA470674). For further information on you GDPR rights visit the ICO website at -               https://ico.org.uk