QUEENSFERRY ROWING CLUB
DATA PROTECTION POLICY
This policy is compliant with the General Data Protection Regulation (GDPR) which came into force on 25 May 2018. In the text which follows, Queensferry Rowing Club and its members is referred to as ‘the Group’.
GDPR PRINCIPLES TO BE FOLLOWED
1. Lawfulness, fairness and transparency:
Transparency: Tell the individual what data processing will be done.
Fairness: What is processed must match up with how it has been described.
Lawfulness: Data processing must meet one of the tests described in the Regulation. GDPR will also strengthen individual’s rights including the right of access, to be informed, to rectification and to be forgotten. It emphasises making privacy notices understandable and accessible.
2. Purpose limitation: Personal data collected for one purpose should not be used for a new, incompatible purpose.
3. Data minimisation: You should only collect personal data that is relevant, and it should be limited to what is necessary in relation to the purposes for which you are processing the data.
4. Accuracy: You are responsible for taking all reasonable steps to ensure that personal data are accurate.
5. Storage limitation: Personal data should not be retained for longer than necessary in relation to the purposes for which they were collected.
6. Integrity and confidentiality: Organisations are responsible for ensuring that personal data are kept secure, both against external threats (e.g. malicious hackers – always password protect computers and documents) and internal threats (e.g. internal data sharing to unsecure locations). Procedures must be in place to detect and report a personal data breach. GDPR brings a duty to notify the ICO (Information Commissioners Office) within 72 hours if a personal data breach is suffered.
For further information see:
The Information Commissioner’s Guide to the General Data Protection Regulation (GDPR)
WHAT QUEENSFERRY ROWING CLUB WILL DO TO REMAIN COMPLIANT WITH GDPR
1) Data here applies to that held in both electronic and printed formats.
2) The Group will not use the data for any other use than to inform members of forthcoming Group events, to inform them that their subscription is due for renewal, and for the Group to keep track of current membership and membership income.
3) Additionally, contact data may be used in the event of an emergency occurring during a Group event or activity.
4) The Group will at no time pass on the data to third parties.
5) The Group will only hold personal data on individuals who have agreed to be members of the Group.
6) The data to be held will be that necessary to communicate with members and maintain their membership, which at a maximum will be:
– Title, first name, surname
– Postal address
– Email address/es
– Telephone number/s (mobile & landline)
– Annual subscription paid
– Date subscription paid
7) The data will only be held by committee members of the Group. Such office bearers must ensure their anti-hacking software is up-to-date. The data must be held on a password-protected computer with the data held in a password-protected file.
8) When sending an email circular to some or all members, the recipients’ email addresses will be hidden through the use of the ‘bcc’ function.
9) Any individual whose membership of the Group has lapsed will have their data removed after two years.
10) Any member at any time can ask the Group to see the personal data held on them.
11) The Group will endeavour to ensure the data is accurate and correct any errors if requested by the relevant individual.
12) All personal data will be deleted if the Group ceases to exist as an entity.
13) In the event of a known or suspected data breach, the Group will notify the Information Commissioners Office within 72 hours.
14) When joining the group for the first time, all members will be asked to agree the following statement:
“The Group may keep a record of your contact details in accordance with the Group’s Data Protection Policy (available on request from the Secretary) for the purposes of informing you about the activities of the Group and notifying you of membership renewals. The data will not be divulged to any other organisation.”
15) Agreement on this will be also sought from existing members (i.e. those predating this policy).