1. About this Policy
1.1 This policy explains when and why we collect personal information about our members, how we use it and how we keep it secure and your rights in relation to it.
1.4 We will always comply with the General Data Protection Regulation (GDPR) when dealing with your personal data. Further details on the GDPR can be found at the website for the Information Commissioner (https://ico.org.uk). For the purposes of the GDPR, we will be the “controller” of all personal data we hold about you.
2. Who are we?
2.1 We are The Sky Surfing Club, a UK hang gliding and paragliding club. We can be contacted through the club secretary at: email@example.com
3. What information we collect and why
|Type of information||
Legal basis of processing
Membership no., BHPA no., BHPA expiry date, Renewal date, Committee member, Payment, Card sent, Timestamp, Name, Address, Contact telephone number and alternative, Email address, Coach, Mentor, Mentee
|Managing the member’s membership of the Club.||Performing the Club’s administration and for the purposes of our legitimate interests in operating the Club.|
|Emergency contact information:
Name, contact no. and alternative no.
|Contacting next of kin in the event of emergency.||Protecting the Member’s vital interests and those of their dependants.|
|Flying experience and history:
Training school, Date completed CP, Approx. flying hours, Ratings held, Year of birth
|Incident reporting and analysis||Administration of the club’s safety responsibilities and for the purposes of our legitimate interests in operating the Club.|
4. How we protect your personal data
4.1 We will not transfer your personal data outside the EU without your consent.
4.2 We have implemented generally accepted standards of technology and operational security in order to protect personal data from loss, misuse, or unauthorised alteration or destruction.
4.3 Please note however that where you are transmitting information to us over the Internet this can never be guaranteed to be secure.
4.4 For any payments that we take from you online we will use a recognised online secure payment system.
4.5 We will notify you promptly in the event of any breach of your personal data that might expose you to serious risk.
5. Who else has access to the information you provide us?
5.1 We will never sell your personal data. We will not share your personal data with any third parties without your prior consent (which you are free to withhold) except where required to do so by law or as set out in the table in section 3 or paragraph 5.2 below.
5.2 We will pass your personal data to the BHPA for the purpose of verifying BHPA membership and for safety related matters. However, we disclose only the personal data that is necessary for the BHPA to perform these tasks.
6. How long do we keep your information?
6.1 We will hold your personal data on our systems for as long as you are a member of the Club and for a reasonable time after membership lapses for administrative purposes and in order to be able to comply with any legal requirements. When we decide that there is no need to continue to retain your data, it will be deleted. We will review your personal data every year to establish whether we still need to retain it.
7. Links to other websites
7.1 Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
8. Your rights
8.1 You have rights under the GDPR:
- to access your personal data by asking us for a copy of the data we hold on you;
- to be provided with information about how your personal data is processed;
- to have your personal data corrected if incorrect;
- to have your personal data erased in certain circumstances;
- to object to or restrict how your personal data is processed;
- to have your personal data transferred to another business in certain circumstances.
You have the right to take any complaints about how we process your personal data to the Information Commissioner:
0303 123 1113
Information Commissioner’s Office,
For more details, please address any questions, comments and requests regarding our data processing practices to the membership secretary firstname.lastname@example.org