Summary

• We collect and store your name, email, and postal address to verify membership and send relevant updates.
• Payments are processed by Stripe, but we do not store payment details.
• Members are automatically subscribed to our private mailing list based on legitimate interest, but you can unsubscribe at any time.
• Your data is securely stored and encrypted. We do not share it with third parties.
• You have the right to access, correct, or request deletion of your data. Contact us for any requests.
• We do not track members with analytics cookies, only authentication cookies for sign-ins.

For full details, please read the sections below.

1. Introduction

The North Cray Residents Association (NCRA) is committed to protecting the privacy of its members. This Privacy Policy explains how we collect, use, and store your personal data in compliance with the UK General Data Protection Regulation (UK GDPR) and other relevant legislation.

2. Who We Are

NCRA is a community organization dedicated to preserving the local environment and protecting the interests of North Cray residents. For any privacy-related inquiries, you can contact our Data Protection Officer (DPO).

3. What Data We Collect

We collect the following personal data from members:

• First Name & Last Name – to identify you as a member.
• Email Address – to send updates and important notices.
• Postal Address – to verify residency in the NCRA catchment area.
• Payment Information – handled by Stripe for membership subscriptions (we do not store payment details).
• Membership Status – recorded in our self-hosted Directus database.

4. How We Use Your Data

We use your data to:

• Verify your residency in North Cray and confirm eligibility for membership.
• Provide membership benefits, including email updates on planning proposals and local issues.
• Maintain and administer our secure membership database.
• Ensure compliance with our subscription policies.

5. Mailing List & Legitimate Interest

When you subscribe as a member through Stripe, we will automatically add your email to our private members-only mailing list. This is based on legitimate interest, as we need to keep members informed about planning proposals and local issues relevant to their membership.

• You can unsubscribe at any time using the link provided in our emails.
• If you unsubscribe but later wish to rejoin, you must contact us.

6. Legal Basis for Processing

We process your personal data based on:

• Legitimate Interest – to inform members about planning proposals and local matters.
• Contractual Necessity – to verify eligibility for membership and process subscriptions.

You can opt out of non-essential emails at any time.

7. Data Storage & Security

• All personal data is encrypted at rest.
• Our servers are protected by strict firewall policies and Cloudflare security measures.
• Third-party services (Stripe, MailerLite) are accessible only to the Digital Services Manager and are secured with two-factor authentication (2FA).
• Directus is an open-source software platform that we self-host on our own servers within the UK. It is used to manage membership records securely.

8. Data Retention

• Membership-related data in Stripe is retained for six years to comply with UK tax and financial regulations.
• The Directus database does not store payment details—only membership status.
• Email addresses in MailerLite are retained for 12 months after unsubscription, unless requested for immediate deletion.
• We do not delete or anonymize member data unless specifically requested, subject to legal obligations.

9. Your Rights Under UK GDPR

You have the right to:

• Request access to your personal data.
• Request correction of any inaccurate or incomplete data.
• Request deletion of your data (subject to legal requirements).
• Withdraw consent for marketing emails by unsubscribing.
• Lodge a complaint with the Information Commissioner’s Office (ICO) at https://ico.org.uk if you believe your data has been mishandled.

To exercise these rights, contact us.

10. Cookies & Tracking

• NCRA does not use analytics or tracking cookies.
• We use authentication cookies to allow users to remain signed in securely.

11. Data Hosting & Third-Party Services

We use the following third-party services to process data:

• Stripe (Payment Processing): Stripe UK Terms
• MailerLite (Mailing List): MailerLite Privacy

Our database is hosted within the UK and is not a third-party service.

12. Data Sharing

We do not share your personal data with third parties. We will never sell or disclose your information unless you provide written permission or if required by law.

13. Changes to This Privacy Policy

We may update this policy periodically. Significant changes will be communicated to members via email.

If you have any questions or concerns about how we handle your data, please contact us.

North Cray Residents Association (NCRA)