Please read the following policy sections to understand how your personal information will be treated. It may change from time to time, so please check back periodically.
Legal & Privacy
If you have any other queries regarding any of these policies, please put them in writing to the GMB Data Protection Officer at the following address:
GMB Data Protection Officer
St James Business Park
81 Linwood Road
When you join GMB, you provide us with information so that we can administer your membership. GMB takes the security of your personal information seriously, and puts stringent security measures in place to make sure your information is safe.
As a democratic organisation run by GMB members for GMB members, transparency is important to us.
This privacy statement explains how we process information about you. If you have any questions, please email GMB’s Data Protection Officer on email@example.com or write to us at GMB Union, Mary Turner House, 22 Stephenson Way, London, NW1 2HD.
What we use your information for
When you join GMB, you consent to us using your information for GMB business. You can see GMB’s aims objectives and rules in our rule book.
GMB business includes providing you with membership services, membership benefits, informing you about campaigns and the work we are doing on your behalf and in order to represent you.
We will use the information you provide when you join GMB or update your details with us to contact you (see section 2 below), to maintain accurate records, to assist with employment disputes and injury claims and to conduct ballots and internal elections. This may mean, where necessary, sharing your claim details with GMB’s own legal firm Unionline or other legal firms we use to support GMB members – this will always be done in a confidential manner.
It is important to understand who GMB members are. Providing equality monitoring information is not mandatory for members, but where that information is freely given we will use the information you provide us to give statistical information about the make-up of GMB, which may include such information as gender, ethnicity, age, sexual orientation, disability and migrant worker status and to contact you on relevant issues or union activity.
On occasion, we may also use your information to conduct research about GMB members’ views, for example, contacting you to find out your views on a topical issue or on your satisfaction with GMB.
Where you sign up to attend GMB training, we will also keep a record of that to help track your learning and progress, and to communicate about courses you might be interested in.
Information you provide will be kept throughout your membership of GMB (it’s a legal requirement for us to keep our records up to date) and for a reasonable period after membership as may be needed to enable you to access any post-membership benefits. We also have to keep some records after you have left GMB in order to comply with the law.
Contact from GMB
GMB union uses information provided by you as a member to carry out our role as your trade union. That may include contacting you by post, email, SMS, phone call or on social media. As a trade union we are legally obliged to contact you on certain matters. We will contact you to provide ‘membership services’. ‘Membership services’ include information related to GMB campaigns, member benefits, industrial action ballots, GMB internal elections and whether or not the union should run a political fund as well as any other issues relevant to your GMB membership and classified as membership services.
We offer the option to opt out of different communication methods, by clicking here and visiting the MyGMB area.
Where you have opted out of receiving this information by all communication methods, you will receive it by post.
Signing up to GMB campaigns
When you join a GMB Campaign or fill in a survey on the GMB website, GMB will notify you what signing the petition entails – this states that the act of signing the petition means that we will use that information to contact you in future to keep you updated on campaigns you are interested in. You can unsubscribe or ask for your information to be deleted at any time.
Where you are GMB member, we may keep this information against your member record so that we know what campaigns you are interested in.
When you contact GMB
When you contact GMB, the forms you complete or the emails you send may include information about you, such as your name as the contact point for an organisation, your email address, the organisation's address and your enquiry. We use this information to respond to your enquiries, and may use information provided to update your membership record. Our members and officers may need to record and pass information internally within GMB in order to answer your inquiry.
If you are a member, when you contact us about a problem or issue, we may need to ask you for additional information. You are under no obligation to provide additional information, but it may impact upon your case if you do not do so.
Processing your information: who, what and where?
GMB employees and lay representatives will have access to GMB membership information in order to provide you with services and communicate with your as part of your GMB membership.
GMB will never sell your information to a third party for their own use. We will use third parties to provide services on our behalf, this includes but is not limited to such organisations as mailing houses to print and deliver letters for us, email service providers and research companies who conduct member surveys. We may use contractors or other agents to deliver GMB member services or provide benefits.
We check every supplier we use to ensure safety and security of data, and to make sure that membership information is only used for the purposes we intend.
We will make all efforts to ensure GMB information is stored within the EEA, but there may be occasions where this is not possible. Where member information is transmitted outside the EEA, GMB will always ensure appropriate data processing agreements are in place and that GMB member information is secure. Information will be covered by EU-US Privacy Shield or appropriate model clause contracts where stored in the US.
GMB is organised at a number of levels, at which both employees and lay member representatives provide member services. Your information may be collected and shared between those different parts of the union, which include GMB nationally, regionally and at branch and workplace level.
Social media has become a way of life for many people. GMB may use the information you provide to contact you on social media, but will never give information to social media companies for their own use.
GMB and the Labour Party
GMB does not share data with the Labour Party except in specific circumstances where individuals have given explicit consent for that information to be shared. GMB will provide information to the Labour Party when a member opts to become an ‘affiliated supporter’, a delegate to a Labour Party Constituency or a delegate to a Labour Party conference.
GMB and Unionline
Interacting with the GMB website
GMB services online are provided with our web development partner Netrix Limited, a communications agency, who help deliver the functions of our website and the myGMB platform. As a result, Netrix Limited acts as a data processor, assisting us with the collection and operation of your personal data and will only process such personal data as directed by us and in accordance with data protection law.
GMB's website and membership system interact so that you are able to manage and access your GMB membership information. Both systems are provided by third parties under strict data sharing agreements. You can see how that works if you log into your MyGMB account.
We may use tracking pixels to encourage people to revisit GMB's website, get active in a campaign or to join GMB.
Where we hold information for MyGMB, petitions and campaigns, if you are a GMB member that may link directly to the membership system. However, some information is held on a separate UK server. That server is UK based, and has:
- 24/7 Physical security guard services
- Physical entry restrictions to the property and the facility
- Physical entry restrictions to our co-located data centre within the facility
- Full CCTV coverage externally and internally for the facility
- Biometric readers with two-factor authentication
- Facilities are unmarked as to not draw attention from the outside
- Battery and generator backup
- Generator fuel carrier redundancy
- Secure loading zones for delivery of equipment
Basis for processing your information
This is a bit technical, but the law says we have to have certain reasons for processing any data we hold. In the case of GMB membership data, there are two reasons we process data:
Consent – when you join GMB you sign up to our organisation and rule book. You give consent for us to use your membership information for GMB business. That is the basis for the majority of processing of information GMB does.
Legitimate interest – this is where the organisation has a legitimate reason for using your information. For example, there is a legitimate interest in conducting research into what GMB think about certain issues so that the union can campaign on issues that matter to members. That might not be explicitly contained in the rule book, but it is something that is a legitimate benefit to members and the union and so we would use the ‘legitimate interest’ reason for processing information.
Making a complaint
We provide you with the contact details of our Data Protection Officer (Bob Robinson on firstname.lastname@example.org) but should you wish to make a formal complaint against GMB, you can find information on the Information Commissioner’s website: www.ico.org.uk.
What does this all mean to me as a member?
Good question. By joining GMB you agree to our processing of your personal information, including sensitive personal information, such as trade union membership, for the purposes outlined above. It sounds very legal and technical, but the underlying message is that we will look after your information, keep it securely and only use it for services and benefits related to your GMB membership. Where we use third parties to do things for us, we do everything we can to make sure they are secure too. When it comes to communication, you are in control – you can change your preferences whenever you like. If there is every a problem that presents a risk to your information, we will let you know.
Any more questions? No problem. Drop Bob a line - he’s our data protection officer. He’s on email@example.com.
Security of Information & GDPR
What are we doing about GDPR?
Trust is at the heart of each transaction between GMB, its members, partners and suppliers. It is important to us, and crucial to the success of our organisation, that GMB is trusted to securely hold and process the data that you, our employees, members, partners and suppliers give us.
The General Data Protection Regulation (GDPR), which comes into force on 25 May 2018 will assist us in achieving these requirements and we, like many companies, are making a host of technical, organisational, contractual and process-led changes to ensure that we meet the requirements of the new regulation.
What are GMB doing to prepare for GDPR?
As part of our GDPR’ Readiness Programme’, we have commissioned an independent, external assessment of our organisation. This has identified some issues and provided a set of recommendations, which we are now in the process of implementing.
- Further investment in our security infrastructure;
- Reviewing and updating our processes, policies and documentation;
Assessing our suppliers and third parties to ensure that they can process our data in accordance with GDPR;
- The specific GDPR functionality to provide information to our members about the personal data that we require to process.
- Implementing relevant updates from the Information Commissioners Office (ICO) and other sources.
Data Protection Working Party
Further to the above we have formed an internal working party made up of some of the organisations most senior staff. This group has taken guidance and support from the staff teams within regions and utilised this expertise to ensure a plan is in place to support the work of the union throughout our structures.
Below are some of the steps being undertaken in partnership with the independent assessment to ensure the highest levels of scrutiny and attention are applied to the process of becoming compliant and protecting all our data.
- Staff Guidance
- Branch Guidance
- Exploring new ways to deliver technology to branches
- Policy development
- Seeking and implementing necessary legal guidance
Governance, Policies and Processes
In the run up to 25th May 2018, we are raising awareness of the GDPR throughout our organisation. All our staff will be going through GDPR training sessions, tailored to the work of the union. This will include overviews of our new data protection policy and oversight of our privacy notices.
From 25 May 2018 our Data Protection Officer will be formally taking on the new GDPR accountabilities.
What are we doing to help our suppliers/partners prepare for GDPR?
As part of your own preparations for the GDPR, you will be looking to us to not only provide assurance of our readiness in general terms, but to, where required, work with you to ensure we have the appropriate data protection terms in our contracts. To that end, we expect that you will require us to review our technical measures, organisational measures, policies and procedures (which we are doing as per above) but also to potentially enter into new contracts with your organisations where required. Where this is the case you may contact our national Data Protection Officer (DPO) (firstname.lastname@example.org) to outline your requirements/requests. From here our DPO will liaise with the necessary departments to ensure the necessary arrangements are in place.
The union treats your home address as your ballot address for all legal purposes. You can, however, nominate another address such as your workplace.
The law requires that this be done in writing. So if you want to nominate your workplace, or another address, please do so, in writing, to the GMB Membership Records department at your region (details of which can be found under the contacts section on our website).