Skip to content

Data Protection Policy

0.1 This policy outlines how the directors, employees, volunteers and members of Manchester Makers Ltd are expected to handle any personal data they access while in their role.

0.2 Our privacy notice supercedes the information here where there is contradictory information.

1. Introduction

1.1 Manchester Makers Ltd, trading as Manchester Hackspace or HacMan, needs to gather and store the personal data of its members, supporters and donors for administration purposes.

1.2 This data shall be handled in accordance with the UK General Data Protection Regulation (GDPR). This Data Protection Policy describes what personal data is collected, where it is stored, who can use it and how the rights of the individuals are protected.

1.3 Manchester Makers Ltd is registered with the Information Commissioner’s Office (ICO).

2. What Personal Data is Collected and Used?

2.1 Manchester Makers Ltd collects personal details and contact details in order to administer membership, communicate information and organise events.This information is provided by the individual during sign up.

2.2 The organisation creates and maintains records of disciplinary incidents and actions.

2.3 As a membership organisation, we are legally required to keep a record of member's name and address for ten years.

2.4 Manchester Makers Ltd has a digital entry control system allowing access to the building with key fob or access code. A digital log tracks date, time and fob/access code ID.

2.5 Manchester Makers Ltd uses closed circuit television (CCTV) video to protect the hackspace’s property and to provide a safe and secure environment for our members and visitors. Further information on this can be found at the end of this document.

3. Who is Member's Data Shared With?

3.1 Membership data may be passed onto communication and organisational services used by Manchester Makers Ltd (e.g. payments provider, mailing list provider, etc.) for the purpose of the administration and running of the space. These services are not authorised to sell personal data to 3rd parties but may share it as required to perform the services we require.

3.2 If members have been subject to disciplinary measures and asked to leave Manchester Hackspace, the name, email address, postal address and reasons for membership termination, including records of incidents, may be stored for the lifetime of the organisation. This is to protect the organisation and its members.

3.3 Payments are handled by a third party - GoCardless Ltd. Please see their data protection policy for further information on what they collect and store. Manchester Makers Ltd can see information about the frequency of payments, the status of payments and the amount paid. The financial details of members are not accessible to us.

3.4 Personal data should not be passed on by us to organisations other than in the ways indicated above.

4. Who is Responsible for Ensuring Compliance with the Relevant Laws and Regulations?

4.1 Manchester Hackspace is not required to have a named data protection officer (confirmed by ICO, July 2024). The directors take responsibility for ensuring compliance and can be contacted at board@hacman.org.uk.

5.1 Manchester Makers Ltd. collects personal data (e.g. Name, email address) that is necessary for purposes of its legitimate interests as a membership organisation. For some data (e.g. Home Address), the basis for its collection and retention is to comply with our legal obligations.

5.2 We ask for emergency contact details during sign up to comply with our commitment to health and safety under the basis of vital interest. This information may be passed on to the emergency services or a third party at the scene in a situation where a member is injured.

5.3 Members are automatically subscribed to our newsletter as a member of the organisation, they may unsubscribe at any time via the membership portal. Members may subscribe to additional services for which their consent is collected and recorded in the members database (e.g. Induction notifications).

5.4 A CCTV system is used for the following legitimate purposes: 5.4.1 Prevention and detection of theft/crime against the Hackspace and its property 5.4.2 Protection of members while using hackspace 5.4.3 In the event of a health and safety incident/gross negligence/gross malfunction of machinery

6, Rights of Individuals

6.1 Under the UK’s data protection laws, including the General Data Protection Regulation (GDPR), individuals have the right on request to receive a copy of the personal data that Manchester Makers Ltd holds about them, including CCTV recordings if they are recognisable.

6.2 Members have the right to request all information held about them be deleted, though this may affect their eligibility to continue membership of Manchester Hackspace. This right does not take precedence over our legal responsibilities detailed in 2.3, nor that detailed in 3.2.

6.3 Should they discontinue their membership, their data should be stored for up to three years, in case of their return, after which point it should be deleted.

6.4 To access any data relating to a member, they must make a written request to the directors: board@hacman.org.uk.

6.4.1 We should aim to respond within 28 days of any request, however this may increase to 90 days where a request is complex. In this case, they should be notified of the delay.

6.4.2 There should not usually be a charge for such a request, but we may charge an administrative fee if the request is thought to be manifestly unfounded, excessive, or repetitive.

6.4.3 We should always determine whether disclosure of recordings or information will reveal third-party information, as there is no right to access data relating to other people. In this case, we may refuse the request if it would otherwise involve an unfair intrusion into the privacy of others.

6.4.4 Should CCTV footage be required as evidence of a crime, we should ask for the email address of the case officer as well as the crime reference number to submit the evidence to. If the police wish to collect the footage themselves, members can request that we freeze the data to avoid its automatic deletion in the meantime.

6.4.5 Under no circumstances should footage be provided featuring other members. We should also avoid providing descriptions of CCTV footage to members, instead mediating the situation that has occured.

6.4.6 As an example Manchester Makers Ltd could be held liable if we provide CCTV footage, or a description of something recorded, that then results in a member assaulting another member.

7. Where is personal data stored and who can access it?

7.1 Personal data is stored on a secure membership database. It is visible to and used by the directors and those appointed to help manage digital infrastructure. Information may also be stored on directors’ or appointed persons’ personal computers, servers and paper files. Wherever possible this is encrypted or password protected. Paper files should be stored securely and shredded when done with.

7.2 Information shall only be held by a director while they hold office or volunteer while they hold a position. All membership data should be deleted or securely returned to the directors when it is no longer needed or the position is vacated.

8. Additional Information in relation to CCTV

8.1 Location of cameras

8.1.1 Our CCTV cameras feature infrared lighting to allow recording in darkness.

8.1.2 The locations of interior cameras should be chosen to minimise viewing of spaces not relevant to the legitimate purpose of the monitoring. Cameras should only be positioned to cover communal or public areas on the premises and such that they provide clear images. No camera is to be positioned inside toilets, shower facilities, or changing rooms.

8.1.3 All cameras should be clearly visible and no covert recording is permitted in Hackspace.

8.1.4 Appropriate signs should be prominently displayed so that members, the public and other visitors are aware they are entering an area covered by CCTV.

9. Recording and retention of data

9.1 The CCTV system incorporates motion detection, when this is triggered recording will begin and will end 10 seconds after motion ceases. Our CCTV and surveillance systems should not record sound. All data is encrypted before being stored on a physical harddrive kept behind lock and key.

9.2 Unless in the event a recording is required for the legitimate purposes outlined above, data is stored for 21 days before it is automatically deleted or overwritten.

9.3 A monitor has been provided by the main exit of Hackspace to allow members a real-time view of an external analogue CCTV. This monitor does not store any data, and members cannot use this to access any recordings.

10. Access to and Disclosure of Data

10.1 Access to the CCTV digital storage is restricted to two directors of Manchester Makers Ltd at any time, who each have a separate login to the system. Remote access is available to the two designated directors.

10.2 In certain cases, the directors may ask the opinion of a more experienced third party, authorising the disclosure of relevant recordings in accordance with the purposes stated above.

10.3 In appropriate circumstances, we may allow law enforcement agencies to access CCTV footage where this is required in the detection or prosecution of crime.

10.4 No recordings from CCTV should ever be posted online or disclosed to the media.