Page MenuHomePhabricator

Add rensningsrutin for donation information
Open, Needs TriagePublic

Description

Now that we have finally started doing some follow up with the donation information we need a Rensningsrutin to document where the information gets stored and when we prune it. The routine needs to clarify that the financial transaction side of the information is governed by tax rules.

We should set up this information already now even if we may come to change to a different system in the future.


Result:

  • Files are stored in the Medlemskap&Donationer drive. Access to this is granted to the drivegrupp-medlemskap&donation group of which André, John and Evelina are the only members. Membership of this group should be kept in sync with Zynatic administrator membership. The contents of this drive should be limited to sensitive information, other Membership and Donation related documents should be kept in the Kontor or Ekonomi drives.

Rensningsrutin:
...

Event Timeline

Lokal_Profil created this task.
Lokal_Profil moved this task from Backlog to This week on the User-LokalProfil board.

Also. Create a new shared Drive in GSuite and a new group which has access to it (André, John, Evelina, Mattias, Sven-Erik(?)). Document that access should be the same as for zynatic

Lokal_Profil updated the task description. (Show Details)Aug 27 2019, 2:55 PM
Lokal_Profil updated the task description. (Show Details)
Lokal_Profil updated the task description. (Show Details)

The contents of this drive should be limited to sensitive information, other Membership and/or Donation related documents should be kept in the Kontor or Ekonomi drives as before.

Lokal_Profil moved this task from Backlog to Waiting on the User-LokalProfil board.EditedFeb 28 2020, 2:21 PM
Lokal_Profil added a subscriber: Maria_Burehall_WMSE.

@Evelina-Bang-WMSE @Maria_Burehall_WMSE @Jopparn @Historiker
Draft for rensingsrutin, compare to text at wmse:Integritetspolicy#Donationer and other rensningsrutiner at wmse:Integritetspolicy/Registerförteckning och rensningsrutiner

TypLagringsplatsSyfteRättslig grundSäkerhetsklassRensningspolicyKommentar
DonationsregisterDriveGe kvitto och tacka för donationer, informera om kommande insamlingar, rapportering till myndigheterIntresseavvägning för vårt berättigade intresse att vårda donatorer2Rensas efter 2 år.Information om den finansiella transaktionen vilken krävs för bokföringssyfte rensas i enlighet rutinen för Bokföring

I'm not happy with the phrasing for "Rättslig grund".
I set 2 years to allow us to e.g. ping a Christmas time donor a year (and a bit) later. 2 years feels like the longest we can motivate based on our intended use of the information and the collection of the data not relying on consent.

New re-phrasing. In part this leans on the fact that we now know we need to report some statistics to Giva Sverige on a yearly basis.

TypLagringsplatsSyfteRättslig grundSäkerhetsklassRensningspolicyKommentar
DonationsregisterDriveGe kvitto och tacka för donationer, informera om kommande insamlingar, rapportering till myndigheter samt sammanställning av årlig statistik.Intresseavvägning för vårt berättigade intresse att vårda donatorer och analysera donationstrender.2Rensas efter 2 år.Information om den finansiella transaktionen vilken krävs för bokföringssyfte rensas i enlighet rutinen för Bokföring.

A question is whether we also need to add "Sammanställning av anonymiserad statistik för rapportering" to the Integritetspolicy.