GDPR / Privacy at Beds Road CC
GDPR Reference Document
We take your privacy seriously.
We introduced a new membership and event management system in 2018, designed to keep your data secure and in one place, for the new GDPR requirements which came into force on May 25th, 2018.
We hold the minimium amount of information about you, just enough to satisfy CTT requirements on rider registration, and to be able to contact you about events you have entered.
We do not share your information with anyone, except in the case of an accident, for insurance or legal purposes, or for proving compliance with CTT rules and regulations, at CTT's request.
We hold your information in a secure location which is password protected and which has techniques applied to it to minimise the possibility of unauthorised copying. This is to reduce the chance of your details being copied and shared in an uncontrolled way, for example via Excel spreadsheet, printed paper records etc.
A backup of the database is made automatically each day and the backup is stored in a separate secure location. All data is transferred using TLS network security.
We do not publicly display your contact details on any documents, all sign-on sheets are signed using your unique barcode and are kept in our secure database. We have no reason to print off your personal details, nor to ask you to write them on any paper document.
We store the following details, as required by CTT:-
- Your Name
- Your Post Code and House Number
- Your Sex
- Your Year of birth and which half of that year you were born in
- Your Email Address
- Your Phone Number
- An Emergency contact number
- If you are under 18, a parent or guardian's name
We store no details in our database about your bank account, credit card etc., as we do not need this information.
To help us to deliver a service which matches your interests, we also store a list of the cycling activities which most interest you.
We send you periodic compact newsletters by email and may sometimes contact you to ask for information or to share news about activities which may interest you.
We create and store these emails on the same secure system which stores your general data. We do not see your email address, as this is all done within our secure server.
Your registration barcode contains no personal data about you, and anyone obtaining your registration barcode could not use it to access your personal data other than the data already printed in plain text on the card.
We will send you an automated email asking you to check that your details are up to date each time you enter an event, to ensure we have your latest correct details.
Who has access to your data?
The Committee can access your data, as may be required in order to run the club. Normally, the prime accessors of your data would be the Webmaster, who is responsible for maintaining the database and its security, the Membership Secretary, who maintains your data and the Treasurer who registers your payments. Event Managers will have access to your emergency contact details if required. Your data is password protected and that password is changed if any committee members leave the committee.
Automatic Removal of Data
Members leaving the club through not renewing will automatically have the following data removed:
- Email Address
- Emergency Contact number
- Phone Number
- Post Code and House Number
- Messaging History
Your name and age will remain if you have had any competitive results published, as completely removing you will affect the ranking of past results, and this information will already be in the pubic domain.
Who is your Data Protection Officer?
We are a small club, not processing large amounts of sensitive personal details, so we are not required to appoint a DPO. However, we still take your data protection seriously and the Club's Committee will be responsible for ensuring that the Club maintains its obligations under GDPR.
The Lawful Basis for storing your data
To store peoples' personal data, we need a Lawful Basis for doing so.
Our Lawful Basis is that we need some data in order to run a club in which you are a member or a guest, taking part in the Club's activities.
We need to be able to contact you, so we use your email address in order to direct communication to you alone. This is to send you details of your registration, your barcode, to remind you (if you are a member) about due payments and to pass on general club news. We do not share your email address with anyone else.
We use your age data for determining whether parental consent is required and to rank your results in age categories.
We store your Emergency Contact number so that we can contact a member of your family or a friend should you have an accident whilst taking part in a club activity.
We store your phone number so that we can contact you if we have any difficulty reaching you by email.
We store your post code and house number to comply with CTT requirements, but we do not normally send you postal mail, unless you specifically request the Club Magazine by post, rather than email.
We store your messaging history as a means of maintaining an accurate record of our communications together.
Your rights under GDPR are not affected by using this system, which we hope will be of benefit to everyone, by being a centralised, access controlled, up-to-date resource.
External Data over which we have no control
We also have Facebook and Twitter Groups for our General Club and Racing Team. Matters of GDPR for these sites are outside of our control, as they are run by Facebook and Twitter respectively.
Queries? Feel free to contact us
If you have any questions on this subject, please contact Graham Laming who designed the system and who is the webmaster, on behalf of Beds Road CC, at firstname.lastname@example.org
Revision 0, 15th May 2018