Data Privacy Policy
-
About this Policy
- This policy explains when and why we collect personal information about our members and instructors, how we use it, how we keep it secure and subjects' rights in relation to it.
- We may collect, use and store personal data, as described in this Data Privacy Policy and as described in our processes when we collect data.
- We reserve the right to amend this Data Privacy Policy from time to time without prior notice. Members will be informed through Email Notifications and Minutes of appropriate meetings. Members are advised to check the SGBA website or our noticeboards regularly for any amendments (but amendments will not be made retrospectively).
- We will always comply with the GDPR when dealing with personal data. Further details on the GDPR can be found at the website for the Information Commissioner (www.ico.gov.uk). For the purposes of the GDPR, we will be the "controller" of all personal data we hold.
-
Who are we?
We are the Stoke Gabriel Boating Association. We are a Charitable Incorporated Organisation or CIO.
Our address is:
The SGBA Clubhouse, Mill Point, Stoke Gabriel, Totnes, Devon TQ9 6XF
..... but we can most easily be contacted by email at admin@sgba.org.uk
-
What information we collect and why
Type of information Purposes Legal basis for processing Member's name, date of birth, address, telephone numbers, e-mail address(es).
Member's relevant qualifications, declared skills and offers of assistance.Managing membership categories, qualifications and activities.
Managing duty rosters.
Processing, recording and registering qualifications awarded at the Club to comply with requirements of the awarding body.Performing the Club's contract with the Member.
For the purposes of our legitimate interests in operating the Club, including informing members of events, activities, and opportunities to assist in the running of the Club.The names and date of birth of the Member's dependants. Managing the Member's and their dependants' membership of the Club Performing the Club's contract with the Member. Emergency contact details Contacting next of kin in the event of emergency Protecting the Member's vital interests and those of their dependants Gender Provision of adequate facilities for members.
Reporting information to the RYA.For the purposes of our legitimate interests in making sure that we can provide sufficient and suitable facilities (including changing rooms and toilets) for each gender.
For the purposes of the legitimate interests of the RYA to maintain diversity data required by Sports Councils.The Member's name, boat name and sail number Managing race entries and race results.
Sharing race results with other clubs, class associations, and the RYA, and providing race results to local and national media.
Allocating moorings and boat park and rack spaces.
For the purposes of our legitimate interests in holding races for the benefit of members of the Club.
For the purposes of our legitimate interests in promoting the Club.
For the purposes of our legitimate interests in operating the Club.
Radio call signs Collected for a rally and shared between those participating in the rally. For the purposes of our legitimate interests in ensuring that boats on a rally can maintain contact with each other Payment details of the member or other person making payment to the Club Note: Not stored directly by the club but through 3rd party providers: Stripe and GoCardless.
Managing the Member's and their dependants' membership of the Club, the provision of services and events.Performing the Club's contract with the Member. Instructor's name, address, email addresses, phone numbers and relevant qualifications and/or experience as well as dates of validity. Managing instruction at the club.
Ensuring compliance with requirements of governing bodies.For the purposes of our legitimate interests in ensuring that we can contact those offering instruction and provide details of instructors to members.
To ensure requirements of governing bodies are maintained. -
How we protect personal data.
- Data will be held on a PC managed and updated by officers of the Club and on a third-party specialist web-based software system Sailing Club Manager (SCM). Information regarding SCM's Data Privacy Policy can be found by following this link https://www.sailingclubmanager.com/terms/privacy-policy We will not transfer personal data outside the EEA without consent.
- We have implemented generally accepted standards of technology and operational security in order to protect personal data from loss, misuse, or unauthorised alteration or destruction.
- Members should note, however, that when transmitting information to us over the internet this can never be guaranteed to be 100% secure.
- For any payments which we take online we will use a recognised online secure payment system.
- We will notify promptly in the event of any breach of personal data which might expose any member to serious risk.
-
Who else has access to the information provided to us?
We will never sell personal data. We will not share personal data with any third parties without prior consent (which members are free to withhold) except information required by governing bodies (Royal Yachting Association in the main) and to demonstrate our compliance with good practice and proper record keeping and also where required to do so by law or as set out in the table above.
-
How long do we keep information?
- We will hold personal data on our systems for as long as membership continues and for as long afterwards as is necessary to comply with our legal obligations (two years). We will review personal data every year to establish whether we are still entitled to process it. If we decide that we are not entitled to do so, we will stop processing that personal data except that we will retain it in an archived form in order to be able to comply with future legal obligations e.g. compliance with tax requirements and exemptions, the establishment, exercise or defence of legal claims and matters judged to be to the direct benefit of the person concerned.
- We securely destroy all financial information once we have used it and no longer need it.
-
Subjects rights
- Individuals whose data we hold have these rights under the GDPR.
- to access their personal data
- to be provided with information about how the personal data is processed
- to have personal data corrected
- to have personal data erased in certain circumstances
- to object to or restrict how personal data is processed
- to have personal data transferred to the subject or elsewhere in certain circumstances.
- We will normally respond to data requests raised by members within 10 days
- Data Subjects have the right to take any complaints about how we process personal data to the Information Commissioner: https://ico.org.uk/concerns/ 0303 123 1113. Information Commissioner's Office Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF
- For more details, please address any questions, comments and requests regarding our data processing practices to the SGBA Commodore.