ESSEX AND SUFFOLK GLIDING CLUB
We have implemented this privacy notice to inform you of the types of data we may process. We also include within this notice the reasons for processing the data, the lawful basis that permits us to process it, how long we keep the data for and your rights regarding your data. This notice applies to all those in the sport to who we supply Essex and Suffolk Gliding Club, the Club, services, and to our members, officers, staff and contractors. These are referred to in this notice as relevant individuals.
DATA PROTECTION PRINCIPLES
Under GDPR, all personal data obtained and held by us must be processed according to a set of core principles. In accordance with these principles, we will ensure that:
a) processing is fair, lawful and transparent;
b) data is collected for specific, explicit, and legitimate purposes;
c) data collected is adequate, relevant and limited to what is necessary for the purposes of processing;
d) data is kept accurate and up to date. Data which is found to be inaccurate will be rectified or erased without undue delay;
e) data is not kept for longer than is necessary for its given purpose;f) data is processed in a manner that ensures appropriate security of personal data including protection against unauthorised or unlawful processing, accidental loss, destruction or damage by using appropriate technical or organisation measures; and
g) we comply with the relevant GDPR procedures for international transferring of personal data.
TYPES OF DATA HELD
To deliver our services and to carry out effective and efficient processes, we keep several categories of personal data. We keep this data on secure servers. The data is processed by trained Club members and staff through password-protected back office software. Specifically, we may hold the following types of data where required;
a) personal contact details that allows us to contact you directly such as name, title, email addresses and telephone numbers;
b) date of birth;
d) details of the supplied service including start and end date;
e) records of your interactions with us such as telephone conversations, emails and other correspondence and your instructions to us;
f) any credit/debit card and other payment details you provide so that we can receive payments from you – please note that credit/debit card data is deleted as soon as payment is made;
g) details of the financial transactions with you;
h) use of and movements through our online portal, portal passwords;
i) records of your attendance at any events hosted by us;
j) images in video and/or photographic form;
k) your preferences so that we know whether and how we should contact you;
l) any details required for the purposes of awarding funding or grants; and
m) bank details required for the purposes of payment to you.
COLLECTING YOUR DATA
You provide several pieces of data to us directly in application forms, online applications, and verbal applications either by telephone or face to face with our officers and staff.
LAWFUL BASIS FOR PROCESSING
The law on data protection allows us to process your data for certain reasons only. In the main, we process your data to deliver effective and efficient Club services and/or comply with a legal requirement.
The information below categorises the types of data processing we undertake and the lawful basis we rely on.
“Club services” mean any of the certificates, endorsements, ratings, subscriptions and support requested, provided by us and available to the relevant individual.
|Purpose||Personal information used||Lawful basis|
|To administer any member services that you have requested from us and to manage our relationship with you, including dealing with payments and any support, service or enquiries made by you||All contact and membership details, transaction and payment information, records of your interactions with us, and contact preferences.||This is necessary to enable us to properly manage and administer our member services and your relationship with us.|
|To send you information, including details about Club services and relevant gliding information, including re safety, legislation, competitions and events.||All contact details||This is necessary to enable us to properly manage and administer our member services and your relationship with us.|
|To send you other information, for example which we think you might find useful or which you have requested from us||All contact and membership details and marketing preferences||Where you have given us your explicit consent to do so.|
|To answer your queries or complaints||Contact details and records of your interactions with us||We have a legitimate interest to provide complaint handling services to you in case there are any issues with our member services and your relationship with us.|
|Retention of records||All the personal information we collect||We have a legitimate interest in retaining records whilst they may be required in relation to complaints or claims. We need to retain records to properly administer and manage the member services we supply to you, and in some cases, we may have legal or regulatory obligations to retain records|
|The security of our IT systems||Your usage of our IT systems and online portals.||We have a legitimate interest to ensure that our IT systems are secure.|
|To conduct data analytics studies to better understand trends within the sport||Records of demographics and gliding qualifications.||We have a legitimate interest in doing so to ensure that our member services are targeted and relevant.|
For the purposes of promoting the sport, our events and members activity
Images in video and/or photographic form.
|This is necessary for us to promote our sport and our Club. We will not use images of persons under 16 years old without specific consent.|
|To comply with CAA regulated approvals.||Records of regulated activity including seminars and audits||We have a legal obligation and a legitimate interest to provide you and others with compliant systems|
|To use information about your physical or mental health including any injuries or disability status in support of your fitness to fly||Health and medical information||Where you have given us your consent to do so.|
|To assess your eligibility for and to provide any scholarship funding and/or grants||All details required for the purposes of awarding scholarship funding or grants.||This is necessary to enable us to properly administer and perform any contract for the provision of funding|
|For the purposes of equality monitoring||Gender||We have a legitimate interest to promote a sports environment that is inclusive, fair and accessible|
|To comply with legal obligations, for example, regarding people working with children or vulnerable adults to comply with our safeguarding requirements||Information about your criminal convictions and offences||Based on your explicit and informed consent in relation to the Club’s legal obligations.|
FAILURE TO PROVIDE DATA
Your failure to provide us with data may mean that we are unable to fulfil our requirements for supplying Club services and therefore you may not be able to use Club services.
CRIMINAL CONVICTION DATA
We will only collect criminal conviction data where it is appropriate, e.g. if you take on a Club volunteer role and where the law permits us. This data will usually be collected at the role recruitment stage, however, may also be collected later. We use criminal conviction data to determine your suitability, or your continued suitability in a Club role. We rely on the lawful basis of our legitimate interests to process this data. Your consent is required.
WHO WE SHARE YOUR DATA WITH
Club members and staff who have specific authority to do so have password-protected access to your data held by us. All Club members and staff staff with such responsibility have been trained in ensuring data is processed in line with the GDPR.
The Club may share data with the following parties when strictly necessary for the purpose;
a) any party approved by the data subject, ie the person who the data applies to;
b) Club service providers: for example, our magazine posting house, payment processors, IT services, Club officials, and the RAeC and FAI in respect of competition participation;
c) the Government or our regulators: where we are required to do so by law, to operate our formal approvals, for example the CAA, or to assist with flight safety initiatives, for example the AAIB; and
d) police, law enforcement and security services: to assist with the investigation and prevention of crime and the protection of national security. We do not share your data with bodies outside of the European Economic Area.
CONTACTING YOU ABOUT OUR SERVICES
From time to time, we may contact you with information about our courses and services that may further your gliding interests.
PROTECTING YOUR DATA
We are aware of the requirement to ensure your data is protected against accidental loss or disclosure, destruction and abuse. We have implemented processes to guard against that.
The duration for which we retain your personal information will differ depending on the type of information and the reason why we collected it from you. Generally, where there is no legal requirement, we retain all physical and electronic records for a period of six-years after you inform us that you no longer require our services. The six-year period is to assist with easier re-engagement with the sport if required. At the six year point, we will review the need to retain the data based on your and any legal requirement.
KEEPING YOUR DATA UP TO DATE
It is important to ensure that the personal information we hold about you is accurate and up-to-date. Please let us know if anything changes, for example if you change your phone number or email address.
AUTOMATED DECISION MAKING
Automated decision-making means making decisions about you using no human involvement e.g. using computerised filtering equipment. No decision will be made about you by the Club solely on the basis of automated decision making (where a decision is taken about you using an electronic system without human involvement).
You have the following rights in relation to the personal data we hold on you:
a) the right to be informed about the data we hold on you and what we do with it;
b) the right of access to the data we hold on you. More information on this can be found in our separate policy on ‘Subject Access Requests’;
c) the right for any inaccuracies in the data we hold on you, however they come to light, to be corrected. This is also known as ‘rectification’;
d) the right to have data deleted in certain circumstances. This is also known as ‘erasure’
e) the right to transfer the data we hold on you to another party. This is also known as ‘portability’;
f) the right to object to the inclusion of any information; and
g) the right to regulate any automated decision-making and profiling of personal data. More information can be found on each of these rights in our separate policy ‘Rights in Relation to your Data’.
Where you have provided consent to our use of your data, you also have the right to withdraw that consent at any time. This means that we will stop processing your data.
The Club can be contacted by email firstname.lastname@example.org. Or at the Club’s registered address
MAKING A COMPLAINT
If you think your data rights are not being correctly addressed, you are able to raise a complaint with the Information Commissioner (ICO).
DATA PROTECTION COMPLIANCE
Our Data Protection Lead is the Club chairman, email@example.com