NWRoAR Uses MemberMojo as its Membership Database.
See Terms and Conditions establishing the use, disclaimers, and limitations of liability governing the use of our website.
Our GDPR page explains how membermojo supports you in complying with the General Data Protection Regulation.
Changes to this policy are notified through Recent Changes.
Organisation member data
membermojo provides secure storage and membership processing for your organisation's member data in our capacity as a data processor.
What personal data does membermojo store and why?
We will capture and store the personal data for members as defined by your organisation.
We will also collect for support purposes:
The name and version of your browser and IP address.
Interaction with our site.
Emails sent to membermojo mailing lists.
How does membermojo protect personal data?
Security of Your Membership Data
Security and Privacy are considered at all stages of design and implementation. Some of the key points are listed here:
GDPR requires us to validate and identify all third-party services that we may share your data with. (see Sub Processors within our Terms and Conditions).
Your data is stored on servers in a modern, secure, purpose built data centre in the UK.
All changes are mirrored across backup servers in realtime and hourly encrypted backups are sent to a second secure data centre, also in the UK.
All hosting companies are ISO27001 certified.
Online payments are transferred directly from the member to your PayPal or Stripe account. No account or card details touch our systems.
Our mailing list sends email to each member individually. A member receiving email cannot see other member addresses.
Administrator access to your data is controlled by email and password from a verified browser. Selected members can be given read or write access to this data to avoid distributing or storing insecure copies.
Your member data belongs to you. We will never sell or trade any part of this with 3rd parties.
We regularly review site security to ensure our servers are up to date and that we continue to follow industry best practice.
We use Cloudflare to provide best practice TLS encryption between your browser and our site.
We use firewalls and two factor authentication where available to protect our servers and third-party services.
Passwords are never sent by email. Modern methods mean we don't (and shouldn't) know what your password is.
Passwords are one way encrypted using a modern multi-pass hash and unique salt before being stored.
Password strength is measured using data from the Have I Been Pwned? service.
How long does membermojo keep personal data for?
We will keep personal member data for members with a valid membership.
We will retain historic records containing personal member data for a period defined by your organisation. This includes:
Expired and archived member records.
Organisation history such as payments, activity logs and attendance records.
We will retain the following for support purposes:
Emails sent to membermojo mailing lists are kept for 14 days.
System backups are kept for 28 days.
Server logs are kept for 90 days.
Organisation and member data will be kept for 6 months after a plan or trial has expired so it can be recovered. You can ask us to remove it sooner.
Who does membermojo share personal data with?
We will never sell or trade personal data.
We may share personal data with our sub-processors to implement site functions such as hosting, email, payment processing or printing plastic membership cards.
Who has access to personal member data?
Members who are given administration rights can see all personal data held by the organisation.
This is currently restricted to three members: Treasurer, (Membership)Secretary and Vice Chairman/Training Officer
Members can view and amend their own data.
Members may be able to view select details of other members if an organisation administrator has configured a member directory.
membermojo support may access personal member data if instructed by a current organisation administrator with write access.
Organisation contact data
membermojo stores your organisation contact data in our capacity as a data controller alongside your member data.
What contact data does membermojo collect and why?
We will always collect:
A contact name and email for the organisation so we can contact you.
The name and email of all organisation administrators so we can validate support requests.
The name and email of any administrator making payment to membermojo ltd. for our accounts.
We may collect:
A contact name, email and central delivery address for membership card printing (if enabled).
An organisation address for VAT receipts.
How long does membermojo keep contact data for?
Organisation contact data is kept for 6 months after a plan or trial has expired so it can be recovered. You can ask us to remove it sooner. We will keep membermojo ltd. payment data for 10 years.
Who has access to contact data?
Cookies are small files stored on your computer that are used to retain information about your site visits.
If using a shared computer you should sign off after using our site. This will remove any membermojo cookies that identify you.
Service Cookie/Domain Purpose
membermojo > canset Used to test if cookies can be set.
membermojo > dvContains monitor dimensions for sizing images.
membermojo >mmmembermojo preferences, such as sign in method and cookie settings.
membermojo > mmsession *Present for the current session to keep it active.
membermojo > remember_*Remembers your ID between sessions.
membermojo > trust_*Records that the browser is trusted by membermojo.
Cloudflare > __cfduid Set by Cloudflare to implement security controls.
PayPal > paypal.com Set by PayPal when making PayPal payments.
Stripe__stripe_* stripe.com > Set by Stripe when making Stripe card payments.
Optional Third Party Cookies
Cookies from third parties are used to implement social feeds and improve our service through analytics and advertising.
No personal information from membermojo is shared or linked with these cookies.
Service Cookie/Domain Purpose
Twitter Timeline > twitter.comCookies may be set when Twitter timelines are viewed on organisation pages.
Facebook Posts > facebook.comCookies may be set when Facebook posts are viewed on organisation pages.
_gat* > Site visits are recorded anonymously so we can review usage.
Google Adwords > google.co.uk
> doubleclick.net > If you click on a paid advertisement an anonymous cookie is used to record your interest and display relevant ads.
Facebook Ads > facebook.com > Cookies are used to record visits to membermojo pages to display relevant ads