Update privacy notice with information about how we handle member data

[ElenaFdR]

...once we have member data to handle!

This data will probably include:

• names
• job titles
• addresses

What about:

• org financial (probably not covered by GDPR since it's not an individual, but there are Dutch data retention laws that apply to business records)
• information received because of the association member status (so dues admin) (also required to be kept by Dutch law)

Assumption: our members will value us being hyper transparent about how we handle all of our admin and which national laws we comply with, so that they can use this info to square it legally on their side

[ElenaFdR]

@demkodo, this looks like something you/we could start thinking about!

[demkodo]

When time and space allow, I want to think about this in a broader context, namely include expanding the section on About on member relations with the outcomes of the meeting we had about the practical aspects of member onboarding. "How we handle member data" involves several people at different stages from first contact onward, with each involved person focusing on different goals (e.g. membership dues, codebase stewardship, facilitate involvement with assembly). Therefore we need a consistent, repeatable process, e.g. when first contact with a prospective member is made, does that same person need to make sure the data we need is gathered and added to Odoo CRM? Or, do we do this after the fact, and if yes, how, when and who? Let's have meeting with the staff involved with membership soon to look at expanding About member onboarding, as well as template how we gather and process the member data and who's responsible / monitoring. Once that is clear we can update the privacy notice accordingly.

[ericherman]

As the nature of membership is changing, this is no longer applicable in the same way. Perhaps it can be re-opened if needed for the chapters.