1. Introduction

The Citizen Infra Builders Club (CIBC) is committed to processing data lawfully, fairly, and transparently. We acknowledge our obligations under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This policy outlines how we gather, use, and protect personal information to carry out our work.

2. Scope

This policy applies to all members, volunteers, and anyone working on behalf of CIBC. It covers all data processed by the Group, whether stored electronically (emails, chat messages, spreadsheets, cloud storage) or on paper.

3. Key Roles and Responsibilities

The Group (Data Controller): CIBC as a collective is responsible for determining why and how data is used.

Data Protection Lead: Artem Zhiganov ([email protected]), responsible for:

• Handling questions about data protection
• Updating this policy
• Responding to requests from individuals (Subject Access Requests)

Members: Responsible for handling data securely in accordance with this policy (e.g. not sharing passwords, keeping lists secure).

4. Lawful Basis for Processing

We only process personal data when we have a lawful basis to do so. For CIBC, the most common bases are:

• Consent: The individual has given clear permission (e.g. joining the Telegram group, subscribing to updates)
• Legitimate interest: We need the data to run the Group effectively (e.g. keeping a list of members to coordinate activities)
• Contract: We need the data to fulfil an agreement (e.g. paying a contractor)
• Legal obligation: We are required by law to keep records (e.g. financial records for tax purposes)

5. Data Collection and Usage

We adhere to the principle of data minimisation — we only collect what is necessary.