Where the legal basis of consent is to be used, this will be gathered freely, and we will use clear, plain language that is easy to understand, and you will be able to remove your consent at any point.
What information do we collect about you?
We collect/process information so that we can provide the services you would expect from the our Club. This section of the policy will describe the purpose for processing your personal data, the legal basis to do so and how long we will keep your data.
Our Club Membership
If you choose to join our club, you must provide us with some personal data so that we can provide the services you would expect from the Club, this will include your name, email address, address, telephone number and payment information will be stored in the Club Cloud Storage, Email Platform, WebCollect, DutyMan and SailWave. Other non-mandatory personal information may also be gathered.
We will process data using the following legal rationale, as paying member of our club we will use legitimate interest as the data collected for processing is essential for the purpose of running the sailing club and notifying members of club events and associated tasks to ensure the club can exist. Personal Payment information is only stored within the WebCollect platform which is PCI DSS compliant.
Member’s Personal data will only be retained whilst you are a paying member of the club. Your data will be deleted on termination of your membership. The only exception to this would be the race result data which is made public and is retained for 10 years.
Our Open Events
If you choose to enter an open event hosted at our club, you must provide us with some personal data so that we can provide the services you would expect from the Club, this will include your name, email address, address, telephone number will be stored in the Club Cloud Storage, Email Platform, WebCollect and SailWave. Other non-mandatory personal information may also be gathered.
We will process data using the following legal rationale, as entrant to an open event at club we will use legitimate interest as the lawful basis for processing your personal data as we need to process your data to ensure the Open event is managed effectively
Open event Personal data will only be retained for 6 months following the event. The only exception this would be the race result data which is made public and is retained for 10 years.
If you are elected into an Officer role within the club, personal data items such as Name, Email Address and Telephone number may be stored in our Club Cloud Storage and our Club Email Platform.
We will process data using the following legal rationale, as an elected officer of our club we will use legitimate interest as the data collected for processing is essential for the purpose of running the sailing club.
Officer’s Personal data will only be retained whilst you are in that role, unless the retention of the data is related to a legal obligation, in this situation the data will be retained whilst the legal obligation exists
We will retain active cookie data for a period of up to 1 year, a cookie will remain active if a user re-visits our platform.
Updating These Terms
We may change our provision and policies, and we may need to make changes to these Terms so that they accurately reflect our provision and policies. Unless otherwise required by law, we will notify you at least 30 days before we make changes to these Terms and give you an opportunity to review them before they go into effect. Then, if you continue to use the Service, you will be bound by the updated Terms. If you do not want to agree to these or any updated Terms, you can request an account deletion.
Accessing or Rectifying your personal data
We want to make sure that your personal information is accurate and up to date and you have the right to request a copy and update the personal data that we hold about you. You may ask us to correct or remove information you think is inaccurate. If you would like to invoke this right, please email or write to us at the below address.
Based upon the retention periods described above we will remove your personal data from our platforms.
Object, Restrict or Withdraw Consent
You may wish to object to or restrict our ability to process your personal data, this can be done either via email or in writing, using the contact details below. Further context may need to be requested to ensure we can carry out the relevant tasks on our platforms to perform the request.
You may wish to port your personal data to another platform. This can be done either via email or in writing, using the contact details below.
Who we are and how to contact us
We are the data controller responsible for defining and managing how your personal data is processed.
Our company name is Elton Sailing Club
Our company address is Elton Sailing Club, Elton Reservoir, Bury, BL8 2BR
Our email address is firstname.lastname@example.org
To Whom We Disclose Information
Except as described in this Policy, we will not intentionally disclose the Personal Data or Client Data that we collect or store to third parties without the consent of the data subject. We may disclose information to third parties if you consent to us doing so, as well as in the following circumstances:
Any information that you voluntarily choose to include in a Public Area of the Service, such as a public profile page, will be available to any Visitor or User who has access to that content.
We work with third party service providers who provide email hosting, core corporate applications, web hosting, maintenance, and other services for us. These third parties may have access to, or process Personal Data or Client Data as part of providing those services for us. We limit the information provided to these service providers to that which is reasonably necessary for them to perform their functions, and our contracts with them require them to maintain the confidentiality of such information.
Service providers include:
WebCollect, Open Brackets Limited, 1 Powell Road, Poole, BH14 8SG; for the purpose of Membership management and membership fee collections
DutyMan, 8 Bracklesham Road, Hayling Island, PO11 9SJ; for the purpose of Race and Water Safety Management
Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043; for the purpose of Club Applications
1and1, Elgendorfer Straße 57, D-56410 Montabaur, Germany; for the purpose of Club Emails
Sail Wave, 19 Southlands Drive, West Cross, Swansea, SA3 5RA; for the purpose of Race Results
RYA, RYA House, Ensign Way, Hamble, Southampton, Hampshire, SO31 4YA, United Kingdom; for the purpose of Club Affiliation
The information you provide may be transferred to countries outside the European Economic Area (EEA) that do not have similar protections in place regarding your data and restrictions on its use as set out in this policy. However, we will take steps to ensure adequate protections are in place to ensure the security of your information. The EEA comprises the EU member states plus Norway, Iceland and Liechtenstein. By submitting your information, you consent to these transfers for the purposes specified above.
We may transfer your personal information to the following which are located outside the European Economic Area (EEA) as follows:
- Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043
Non-Personally Identifiable Information
We may make non-personally-identifiable information available to third parties for various purposes. This data maybe automatically-collected and would be analysed to create an aggregated view of the data, ensure the reported information was anonymous.
Law Enforcement, Legal Process and Compliance
We may disclose Personal Data or other information if required to do so by law or in the good-faith belief that such action is necessary to comply with applicable laws, in response to a facially valid court order, judicial or other government subpoena or warrant, or to otherwise cooperate with law enforcement or other governmental agencies.
Change of Ownership
Our Data Security
We have appropriate security measures in place to prevent personal information from being accidentally lost, used or accessed in an unauthorised way.
The following security procedures, and technical and organisational measures to safeguard your personal information have been put in place:
- In cases where personal data is being processed in third countries or third parties, a rigorous data protection impact assessment is being performed to ensure that your data is always secured.
- We will carry out a Data Protection Impact Assessment when introducing new technologies, safeguarding our members data
- We will use all reasonable efforts to safeguard your personal information. However, you should be aware that the use of the Internet is not entirely secure and for this reason we cannot guarantee the security or integrity of any personal information which is transferred from you or to you via the Internet.
- We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
- We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.