Privacy Policy

 

LAWFUL BASIS TO COLLECT THE DATA

We will comply with the General Data Protection Regulation (GDPR) when dealing with your personal data. Further details on the GDPR can be found at the website for the Information Commissioner (www.ico.gov.uk). For the purposes of the GDPR, we will be the “controller” of all personal data we hold about you. The lawful basis for holding your personal data is explained in the section below under different categories, contained within square brackets: []

 

WHY DO WE COLLECT AND PROCESS PERSONAL INFORMATION?

  • To administer membership records and collect necessary fees [Contract]

  • To communicate events and activities at the Club to the membership [Consent]

  • To create duty registers and notify members of their duties [Legitimate Interest]

  • To publish race results [Consent]

  • To provide information to those attending courses or events, and to register certificates [Contract]

  • To record accident records [Legal Obligation]

  • To provide information to instructors regarding students attending courses [Contract]

  • To comply with our bye-laws, e.g. notifying members of the AGM [Legal Obligation]

  • For gathering aggregated data for anonymous submission to the RYA and other reporting [Consent]

  • The RYA may contact you using stored information to monitor training standards or to facilitate the complaints procedure (The information is used solely for the requested purpose and is not stored on the RYA central database) [Legitimate Interest]

 

THE CATEGORIES OF INFORMATION THAT WE COLLECT AND STORE INCLUDE:

  • Contact information for members, temporary members and those making venue or course bookings (e.g. name, address, email address, phone number, date of birth, sail numbers, committee positions, doctor’s details, family members, etc.)

  • Medical and dietary information for those attending training courses or dining events

  • Attendance information and race results for analysis and aggregated anonymous reporting

  • Photos and videos of members and visitors taking part in Club events (to opt-out, please apply in writing to the Webmaster)

  • CCTV recordings for security purposes only

  • Course feedback, taken upon course completion, that can be conducted anonymously if preferred and is used to monitor training standards

 

WHO DO WE SHARE THIS INFORMATION WITH?

  • Officers of the club receive appropriate information to enable them to fulfil their duties such as organising and running training courses, administering duties, administering membership renewal, sending communications, etc.

  • Aggregated attendance and disability data is shared with the RYA but this does not include personal information

  • All membership data is stored on a secure management facility called WebCollect. To become a member or to book a course at Ely Sailing Club, you must do so through Webcollect. Their privacy policy can be found here: https://webcollect.org.uk/help-topic/privacy-notice

  • We use your name and email address to assign duties on duty management system DutyMan. Their privacy policy can be found here: https://dutyman.biz/dataprot.aspx

  • Name and any provided contact details (on DutyMan) are made available to other Race Officers on DutyMan (the Race Officer duty management system)

  • CCTV recordings are shared with the police at their request

  • Videos and photos of members and visitors taking part in club events are posted on our website and other social media channels

  • On successful completion of your RYA training course, your name, contact details, date of birth, certificate number and date of issue will shared with the RYA through a secure web portal on www.rya.org.uk. The data will be stored on the RYA’s central database. This information allows the RYA to record your qualification, to update any records they may hold for you, and to verify or replace your certificate if required.

  • We will not share your personal information with any third parties apart from those stated here without your prior advance permission.

  • Medical data collected from course attendees will be held separately and will only be accessible to the Training Principal, Training Co-Ordinator, Chief Instructors and Senior Instructors. They are stored securely encrypted.

 

WEBSITE SPECIFIC INFORMATION

  • Cookies on our website are used anonymously by Google Analytics, purely for statistical analysis of traffic flows. These cookies do not collect any personal information about you. If you wish to opt out of Google Analytics, Google have provided a browser plug-in: https://support.google.com/analytics/answer/181881?hl=en-GB

  • There are links to other social networking sites and these may collect further information outside our control. If you wish to avoid such information being passed, please do not click on the social network buttons on our site.

  • This site may also contain links to other sites. We are not responsible for the privacy practices or the content of such web sites. We encourage you to read the privacy statements on the other websites you visit.

  • The Members’ Forum is a standalone service separate from WebCollect. If you choose to register an account with the Members’ Forum, your Name, Email Address, or any other information you provide will be held by Wix to facilitate profile provision and forum functionality.

 

HOW WE PROTECT YOUR PERSONAL DATA?

As your data is shared with or stored by the following external agents, please take time to review their respective privacy policies.

 

WebCollect:          [https://webcollect.org.uk/help-topic/privacy-notice]

“If a security breach causes an unauthorized intrusion into our system that materially affects you or your Members, then we will notify you as soon as possible and later report the action we took in response. We take reasonable and appropriate measures to protect Personal Information from loss, misuse and unauthorised access, disclosure, alteration and destruction, taking into account the risks involved in the processing and the nature of the Personal Information. WebCollect accounts require an email address and password to log in. You must keep your login details secure, and never disclose it to a third party.”

“Any personal data that we collect about you, or your Members, will be stored by us within the UK. If at any time, we decide to store the data outside of the European Economic Area, we will notify you of that decision before doing so, to give you an opportunity to remove your personal data should you wish to do so.”

 

DutyMan:              [https://dutyman.biz/privacy/ or https://dutyman.biz/dataprot/]

“Your data is only stored electronically. All storage is on state of the art password protected servers hosted by suppliers operating in the EU with their own EU GDPR data protection compliance statements. Your data is backed up at locations separate from the storage servers using state of the art password protected back-up services from suppliers operating in the EU with their own EU GDPR data protection compliance statements. State of the art password policies are used to protect Our administrative access to Your data. Should a password be suspected to be compromised in any way, it is reset using a secure method. Passwords to access Your Service or data are not available to IT staff at hosting and backup suppliers. Where any of Your data is erased or otherwise disposed of for any reason (including where copies have been made and are no longer needed), a secure deletion method is used.”

 

Wix:                        [https://www.wix.com/about/privacy]

“Wix has implemented security measures designed to protect the Personal Information you share with us, including physical, electronic and procedural measures. Among other things, we offer HTTPS secure access to most areas on our Services; the transmission of sensitive payment information (such as a credit card number) through our designated purchase forms is protected by an industry standard SSL/TLS encrypted connection; and we regularly maintain a PCI DSS (Payment Card Industry Data Security Standards) certification. We also regularly monitor our systems for possible vulnerabilities and attacks, and regularly seek new ways and Third Party Services for further enhancing the security of our Services and protection of our Visitors’ and Users’ privacy.”

 

RYA:                       [www.rya.org.uk/go/privacy]

“The data that we collect from you may be transferred to, and stored at, a destination outside the EEA. It may also be processed by staff operating outside the EEA who work for us or for one of recognised training centres or suppliers.  Such staff may be engaged in, among other things, the fulfilment of your order, the processing of your payment details and the provision of support services. By submitting your personal data, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy.”

 

Ely Sailing Club:

We hold training data on a centralised securely encrypted spreadsheet to allow access from the Principal, Training Coordinator, Chief Instructors and Senior Instructors only, for purposes of providing a safe and suitable training course. The document is securely encrypted using 256-bit Advanced Encryption Standard (AES).

 

YOUR DATA RIGHTS

1. You have rights under the EU General Data Protection Regulation (EU GDPR), as follows:

  • (a) to access your personal data

  • (b) to be provided with information about how your personal data is processed

  • (c) to have your personal data corrected

  • (d) to have your personal data erased in certain circumstances

  • (e) to object to or restrict how your personal data is processed

  • (f) to have your personal data transferred to yourself or to another business in certain circumstances.

 

2. You have the right to take any complaints about how we process your personal data to the Information Commissioner:

https://ico.org.uk/concerns/

0303 123 1113

 

Information Commissioner's Office

Wycliffe House

Water Lane

Wilmslow

Cheshire SK9 5AF

 

CHANGING, UPDATING OR REQUESTING ACCESS TO YOUR PERSONAL DATA

  • Changes can be made manually by visiting WebCollect, DutyMan or Wix and inputting your updated information

  • Apply in writing to the Membership Secretary to request a copy of your data held by us.

  • To see or update information the Training Centre is holding about you relating to courses you are attending or have previously attended, please apply in writing to the Training Co-Ordinator.

 

HOW LONG DO WE KEEP YOUR INFORMATION

We will hold your personal data on our systems for as long as you are a member of the Club and for as long afterwards as is necessary to comply with our legal obligations. We will review your personal data every year to establish whether we are still entitled to process it. If we decide that we are not entitled to do so, we will stop processing your personal data, except that we may retain your personal data in an archived form in order to be able to comply with future legal obligations, such as the defence of legal claims.

 

Data Type Retention Period

Membership Data: 1 YEAR after membership has lapsed, unless there is a legal reason for keeping the data; in which case the data will be kept until the legal matter is fully resolved. You can request that your personal data be deleted from all our systems immediately your membership ceases by applying in writing to the Membership Secretary.

 

Duty Data: The data is updated yearly. If membership lapses, the data will be activated for removal from DutyMan no longer than 4 MONTHS after date of lapse. It may take up to six further weeks for DutyMan to erase this data.

 

Mailing List: WebCollect is used to manage written communications. Therefore, the policy for written communication lists is the same as for Membership Data.

 

Training Records: 5 YEARS, unless there is a legal reason for keeping the data until the legal matter is fully resolved. On successful completion of your RYA training course, your name, certificate number and date of issue will be stored for the stated period. This information allows us to verify or replace your certificate if required. Certificates requiring online registration will require us to share your name, contact details, date of birth, certificate number and date of issue with the RYA through a secure web portal on www.rya.org.uk. The data WILL BE stored on the RYA’s central database.

 

Medical Data: Any medical data will be deleted within 5 WORKING DAYS of the conclusion of the course for which it was collected.

 

Accident Records: 3 YEARS, unless there is a legal reason for keeping the data until the legal matter is fully resolved.

 

 

 

FURTHER QUESTIONS REGARDING THIS POLICY

To seek further information on this privacy policy, please apply in writing to the club’s Honorary Secretary.

Contact Us

Ely Sailing Club

Roswell Pits

Prickwillow Road

Ely

Cambridgeshire

CB7 4TX

01353 667830

© 2019 Ely Sailing Club

  • Twitter Clean
  • Grey Google+ Icon
  • w-facebook