|The Third Age Trust Information Security Management System|
|Ref U3A-ISMS-DOC-029||Review 00/00/00|
2.1.1 references to we, us or our means Third Age Trust Trading Limited a limited company registered in England and Wales (company number: 11899419), whose registered office is Unit 104, The Foundry Business Centre, Blackfriars Road, London, England, SE1 8EN. You can contact us by post at the above address, by email at
2.1.2 references to you or your means the person accessing and using the Website (as defined below) or to whom we supply products or services, or contacts;
2.1.3 references to the Website means the websites found on the .u3a.org.uk and .u3abeacon.org.uk domains.
Relevant to all data subjects.
2.3. Related documentation
3.1 This Policy describes:
3.1.1 who is responsible for the personal data that we collect about you;
3.1.2 the personal data we collect about you;
3.1.3 how we will use it;
3.1.4 who we may disclose it to; and
3.1.5 your rights and choices in relation to your personal data.
This is to make sure you have a full picture of how we collect and use your personal data.
3.2 Personal data
We are the data controller for the purposes of data protection law, in respect of your personal data collected and used by us.
5.1 Collection and use
We collect and use personal data about you for the purpose of communicating with you as representative of your U3A. The personal data we hold includes:
5.1.1 Information that you provide to us / we collect from you:
|Type of Personal Data||Examples|
|Contact information||Name, title, address, email address, social media name and telephone number|
|U3A membership||Name of your U3A|
Whether you perform one of the following roles for your U3A for example:
Direct Mail contact
|Trust Volunteer Role||Details of role(s) performed|
|Marketing preferences (including subscriptions to our national newsletter and magazine)||Details of any marketing preferences that you express including any opt outs you provide.|
|Online activity information (to the extent that it constitutes personal data)||
|Project activity||Information about U3A activity or personal activity that you contribute as part of a U3A learning or communications event|
This information may be provided:
(a) in the course of communications between you and us (including by phone, email or otherwise);
(b) when you provide personal data via our Websites or using other systems which we provide to you;
(c) via our social media pages, other social media content, tools and applications;
5.1.2 Information we receive from other sources
(a) Information we receive through the Beacon system
(b) Information we receive from our service providers and business partners
(c) Information we receive from public websites and social media accounts belonging to U3As
6.1 Third parties
In the course of us communicating with you, you may provide us with personal data relating to third parties.
6.2 Consent and third parties
We use your personal data for a variety of different purposes during the course of us providing services to you. The purposes for which we use your personal data are set out below. Under data protection law, we can only use your personal data if we have a legal basis to do so. Examples of where we have a legal basis to process your personal data, includes when:
7.1.1 we have your consent;
7.1.2 it is necessary to enter into or perform a contract we have with you (or to take steps at your request prior to entering into that contract);
7.1.3 it is necessary to comply with a legal obligation; or
7.1.4 it is in our legitimate interests to process your personal data.
7.2 Legal Basis
We have set out our reasons for using your personal data in the table below under the heading Legal Basis. Where we rely on our legitimate interests, we have set out those interests in the table below.
|Setting up and managing the information we hold about you||
|Managing, developing and making improvements to the Beacon system||
|Communicating with you about our products and services||
|Providing our newsletter||Legitimate interests|
|Providing our magazine "Third Age Matters"||
|To comply with any legal or regulatory obligations (including in connection with a court order||Legal obligation|
|To enforce or apply the agreements concerning you (including agreements between you and us).||
|To manage any service or quality related issues, complaints, feedback and queries in relation to the supply of products and services.||
We do not use your personal data to make any automated decisions that might affect you.
9.1 We may share your personal data with:
9.1.1 the Third Age Trust and
9.1.2 other third parties who process data on our behalf.
9.2 We may also disclose your personal data to other third parties, for example:
9.2.1 if we or substantially all of our assets are acquired by a third party, personal data held by us will be one of the transferred assets; and
9.2.2 if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our the agreements concerning you (including agreements between you and us).
If we transfer personal data outside the UK or the European Economic Area (EEA), we will implement appropriate and suitable safeguards to ensure that such personal data will be protected as required by applicable data protection law.
11.1 Retention periods
We will keep your personal data for different periods depending on the nature of the information, the purpose for which it was collected, any legal obligation and/or business reason to retain.
Please note that the above retention period may be extended where we need to preserve and use personal data for the purposes of bringing or defending a legal claim. In such cases, we will continue to hold and process your personal data for as long as is necessary to deal with the legal proceedings.
You have certain rights with respect to your personal data. The rights will only apply in certain circumstances and are subject to certain exemptions. Please see the table below for a summary of your rights. Details of who to contact to exercise these rights can be found in paragraph 16.
|Summary of your rights|
|Right of access to your personal data||You have the right to receive a copy of your personal data that we hold about you and information about how we use it, subject to certain exemptions.|
|Right to rectify your personal data||You have the right to ask us to correct your personal data that we hold where it is incorrect or incomplete.|
|Right to erasure of your personal data||
You have the right to ask that your personal data be deleted in certain circumstances. For example:
|Right to restrict the use of your personal data||
You have the right to suspend our use of your personal data in certain circumstances. For example:
|Right to data portability||
You have the right to obtain your personal data in a structured, commonly used and machine-readable format and for it to be transferred to another organisation, where it is technically feasible.
The right only applies:
|Right to object to the use of your personal data||
You have the right to object to the use of your personal data in certain circumstances and subject to certain exemptions. For example:
|Right to withdraw consent||You have the right to withdraw your consent at any time where we rely on consent to use your personal data.|
|Right to complain to the relevant data protection authority||
You have the right to complain to the relevant data protection authority, which is in the case of us, the Information Commissioner's Office (ICO), where you think we have not used your personal data in accordance with data protection law. The ICO's contact details are:
Information Commissioner's Office
16.1 Queries regarding this policy or use of data
16.1.1 telephone on 020 8466 6139
16.1.2 email at
16.1.3 post at 156 Blackfriars Road, London, SE1 8EN.
|Name of third party||Purpose|
|The Third Age Trust||Shared operations|
|Relevant U3As||Member charities|
|APT Solutions Ltd||Build, maintain, manage, develop, support and improve the Beacon system|
|Ecwid, Inc||Process shop orders|
|Castelli (Diaries) Ltd||Fulfil bulk diary orders|
|Delivery companies e.g. Whistl UK Ltd and Royal Mail Group Ltd||Deliver ordered items|
|D M Print Ltd||Print our magazine|
|YM Group Ltd||Print and pack orders|
|Zoom Video Communications||Video conferencing|
|Twilio, Inc||Email delivery|
|Zendesk Inc||Customer support|
|The Rocket Science Group LLC d/b/a Mailchimp||Marketing platform|
|Google LLC||Website analytics|
|Siftware Ltd||Development and maintenance of the legacy Beacon system|
|SurveyMonkey Inc., SurveyMonkey Europe UC||Survey and form response collection and analysis|
Data storage and management
|Cloudflare, Inc||Web application firewall|
|GoDaddy Media Temple, Inc. d/b/a Sucuri||Web application firewall|
|SolarWinds, Inc||Log management|
|Paragon Internet Group t/a tsoHost||
|Trustwave Holdings, Inc||
|Pen Test Partners LLP||Audit|
|Atlassian Corporation PLC||Project management|
|Transpeed (Europe) Ltd||IT support|
|Rackspace, Inc||Web hosting|
|Fasthosts Internet Ltd||Web hosting|
|The Sage Group, plc||Data storage|
|DigitalOcean, Inc||Data storage|
|Banks e.g. Barclays Bank plc||Banking services|
|Brand IQ||Brand management and asset delivery|