This notice gives you important information about your personal rights to privacy, and about how we use your personal information.
We all give our personal data out every day - our names, contact details, or other bits of information - and most of us want to be feel sure that our data is being handled properly.
As someone who is in contact with Sutton Bingham District Canoe Club (SBDCC), you may have given us information about yourself, like your name, or email address, or other details.
Giving your personal data is voluntary, although you often need to, for instance if you want to become a member. This privacy notice explains what SBDCC does with your information. It explains how we gather, use, disclose and manage your personal data, and it also tells you about your personal rights to privacy.
We take your privacy very seriously and we always aim to be clear to you about the way SBDCC manages data. We make sure our privacy notice is up to date, and as comprehensive as possible. But it doesn't cover every aspect of our collection and use of personal data, so please contact us if you need more information or have any questions about this notice.
What do: 'SBDCC', 'we' or 'us' refer to?
In this notice 'SBDCC', 'us', 'we' and 'our' refer to the Sutton Bingham and District Canoe Club.
WHAT PERSONAL INFORMATION DOES SBDCC COLLECT, AND HOW?
We collect this personal information when we need to:
- Parent/guardian name(s)
- Contact details, including address, telephone number and email address
- Date of birth
- Health information
- Payment information (bank or credit card details) if you become a member
- Records of your correspondence with us
- Records of your participation with us (including as a member)
- Information you enter on our website
- Photographs, video or audio recordings
- Data about criminal convictions or offences
- Data relating to fraud or financial irregularities
- Any other information you share with us
We may collect this information in the following ways:
You give it to us directly. For example, when you give us your personal data through our website. This might happen when you submit a membership form in paper format, fill out digital forms, or when you talk to us in person or by email, phone or letter.
We get it indirectly. Third parties might share your personal data with us. We work with third parties who help us achieve our aims and ideals, like British Canoeing and Just Giving; or with sub-contractors in technical, payment and delivery services. We will notify you when we receive your personal data from them and tell you how and why we intend to use it.
It is available publicly. Your personal information may be available for anyone to see on external public sources like Companies House or the Charity Commission. We may access your personal information from social media accounts or services, depending on your privacy settings (for example when you choose to interact with us via Facebook, Instagram or Twitter).
When you visit our website. When you visit our website, we automatically collect the following types of personal information:
- Technical information, including the internet protocol (IP) address used to connect your device to the internet, browser type and version, time zone setting, browser plug-in types and versions and operating systems and platforms.
- Information about your visit to our website, including the uniform resource locator (URL) clickstream to, through and from the website (including date and time), services you viewed or searched for, page response times, download errors, length of visits to certain pages, referral sources, page interaction information (such as scrolling and clicks) and methods used to browse away from the page.
We may also collect and use your personal information by using cookies on our website.
And we may combine your personal information from these different sources for the purposes set out in this privacy notice.
DO YOU PROCESS ALL PERSONAL DATA IN THE SAME WAY?
No. There are special categories of personal data, and data protection law recognises these as sensitive and therefore needing more protection. Examples are information about your health, ethnicity and criminal convictions and offences.
Sometimes we may need to collect and/or use these special categories of personal data, for example if we need to be aware of a medical condition that you or your child has, so they can participate in an SBDCC event. We only process these special categories of personal data if there is a valid reason for doing so, and where data protection law allows us to.
We sometimes also collect sensitive personal data - like information about health, religion, sexuality, ethnicity, political and philosophical beliefs and criminal records. We normally only record this data where we have your consent. But sometimes we are permitted to do this in other circumstances, under data protection law. For example, we may make a record that a person is in a vulnerable circumstance to make sure that we don't send inappropriate messages to them.
WHY AND HOW DO YOU USE MY PERSONAL DATA?
Data helps us support and improve interactions with SBDCC It help us:
- Update you on SBDCC policies and procedures
- Keep members safe
- Monitor equal opportunities
- Manage SBDCC activities, making sure the right care is in place for activities
- Communicate with you, for example when collecting membership details or arranging payments
- Develop our services
- Keep a record of your relationship with SBDCC for our administration, and to let you know about changes to our services or policies
- Investigate and respond to complaints, legal claims or other issues
- Fulfil customer orders for goods or services, including processing payment and letting you know about delivery
- Meet obligations under consumer protection law
- Prevent and detect crime
- Assess applications for membership
- Manage risks so our members can enjoy SBDCC activities in a safe environment
To keep you up to date
We may use your personal data to give you information about events and activities which we think may be of interest to you, for example:
- Information about trips and events
We only send this information to you by email, SMS or telephone if we have your prior consent (unless we may do so by applicable law).
CAN I CHANGE MY CONSENT?
Yes! You can withdraw your consent and unsubscribe from or update your marketing preferences at any time. Just email SBDCCevents@gmail.com and let us know what you would like to do.
You can also opt out of receiving emails from us at any time by emailing SBDCCevents@gmail.com and letting us know.
If you make changes to your consent, we will update your record as soon as we possibly can. Emails will be stopped within 48 hours.
WHEN IS IT LEGAL TO USE PERSONAL INFORMATION?
We need a lawful basis to collect and use your personal data under data protection law. The law allows for six ways to process personal data (and additional ways for sensitive personal data). Four of these are relevant to SBDCC. We can use information on the basis of:
- Your consent (for example to send you direct marketing by email or SMS)
- Your contractual relationship with us (for example to provide you with goods or services that you have purchased from us)
- Compliance with a legal obligation.
- SBDCC's legitimate interests (please see below for more information)
WHAT DOES 'LEGITIMATE INTEREST' MEAN?
Personal data may be legally collected and used if it is necessary for a legitimate interest of the organisation using the data, as long as its use is fair and consistent and does not adversely impact the rights of the individual concerned.
When we use your personal information, we will always consider if it is fair and balanced to do so, and if it is within your reasonable expectations. We will balance your rights and our legitimate interests to make sure we use your personal information in ways that are not unduly intrusive or unfair. SBDCC’s legitimate interests include:
- Administration and operational management. This includes answering enquires, giving information and services, events management, administration of members and coaching requirements.
If you would like more information on our uses of legitimate interests or to change our use of your personal data please email firstname.lastname@example.org.
IF YOU ARE 14 OR UNDER
If you are under the age of 14, you must get permission from your parent or guardian before registering or giving us any information.
HOW LONG DO YOU KEEP PERSONAL DATA FOR?
SBDCC keeps your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. We decide how long is appropriate to keep personal data based on necessity.
We do this by considering the amount, nature and sensitivity of the personal data:
- The potential risk of harm from unauthorised use or disclosure of your personal data
- The purposes for which we process your personal data
- Whether we can achieve those purposes through other means
- Legal requirements
Unless we still need your personal data for the purpose for which it was collected or processed, if you are a member and choose not to renew we will remove your personal data within 3 months of the start of the new membership year.
We will remove your data from our records before this date if:
- Your personal information is no longer needed in connection with the purpose
- We are no longer lawfully entitled to process it
- You validly exercise your right of erasure (see below)
If you ask us to stop contacting you we will keep some basic information about you on our suppression list to avoid sending you more unwanted messages.
DO YOU SHARE MY DATA WITH OTHER ORGANISATIONS?
We do not sell your personal information to third-party organisations for any purposes.
We share personal information:
- With data processors working on our behalf. For example, if you renew your membership online, we use a third party to process payments
- Where we are required to by law, for example to law enforcement or regulatory bodies
- Where we think it is in the best interests of SBDCC or a third party to make a disclosure, and where we are satisfied that a disclosure does not put us in breach of data protection law
- Where it is necessary to protect the vital interests of an individual
- If we have your consent
HOW DO YOU PROTECT MY PERSONAL INFORMATION?
We use technical and organisational ways to protect your data and prevent the loss, misuse or alteration of your personal information.
The transmission of data over the internet is not completely secure. Although we do our best to protect your personal data we can't guarantee the security of your data transmitted to our website. But once we receive your information, we use strict procedures and security features to try to prevent unauthorised access.
We process all credit card payments securely through our secure payment gateway which is PCI DSS compliant. We do not store credit card details.
We only use the personal information and credit card details that we request to complete your membership transaction.
And we keep the personal information that is required for our accounts secure, and only for as long as required by law.
The information we collect from you may be transferred to and processed and/or stored at a destination outside the European Economic Area (EEA). If we send your personal data outside the EEA we will take reasonable steps to make sure the recipient uses appropriate measures to protect your information.
We cannot be responsible for any information you give in public community areas of the SBDCC website, or on websites that we link to from our platforms. This information can be viewed or collected by any third party - you should always be wary of publishing any personal information in public community areas.
You should also read the privacy notices of any other websites that we link to from the SBDCC website which you visit. This is so you may understand what information is collected from you and for what purpose.
SBDCC cannot be held responsible for the policies of any third party website that we link to, and you access these websites at your own risk.
WHAT ARE MY RIGHTS AND HOW DO I EXERCISE THEM?
Where we rely on your consent to use your personal information, you have the right to withdraw that consent at any time. This includes the right to ask us to unsubscribe you from our email list at any time. You also have the following rights:
- Right of access - you can write to us to ask for confirmation of what personal information we hold on you and to request a copy of that personal information. Provided we are satisfied that you are entitled to see the personal information requested and we have successfully confirmed your identity, we will provide you with your personal information subject to any exemptions that apply.
- Right of erasure - at your request we will delete your personal information from our records as far as we are required to do so. In many cases we would propose to suppress further communications with you, rather than delete it.
- Right of rectification - if you believe our records of your personal information are inaccurate, you have the right to ask for those records to be updated. You can also ask us to check the personal information we hold about you if you are unsure whether it is accurate/up to date.
- Right to restrict processing - you have the right to ask for processing of your personal information to be restricted if there is disagreement about its accuracy or legitimate usage.
Right to object - you have the right to object to processing where we are:
- Processing your personal information on the basis of the legitimate interests ground
- Using your personal information for direct marketing
- Using your information for statistical purposes.
Right to data portability - to the extent required by data protection law, where we are processing your personal information (that you have given us) either:
- By relying on your consent
- Because such processing is necessary for the performance of a contract to which you are party, or to take steps at your request prior to entering into a contact, and in either case we are processing using automated means (i.e. with no human involvement), you may ask us to provide the personal information to you - or another service provider - in a machine-readable format
Rights related to automated decision-making - you have the right not to be subject to a decision based solely on automated processing of your personal information which produces legal or similarly significant effects on you, unless such a decision:
- Is necessary to enter into/perform a contract between you and us/another organisation.
- Is authorised by EU or Member State law to which SBDCC is subject (as long as that law offers you sufficient protection).
- Is based on your explicit consent.
We may ask you for more information to confirm your identity and for security reasons before we can disclose to you personal information requested.
Please note that some of these rights only apply in limited circumstances. For example, we may not be obliged to comply with requests to access your personal information which are made at unreasonably frequent intervals. For more information, we suggest that you contact us on email@example.com.
You are further entitled to make a complaint about us or the way we have processed your personal information to the data protection supervisory authority in your home country. In the UK, the data protection authority is the Information Commissioner’s Office.
We will consider each request in accordance with all applicable data protection laws and regulations.
Hide GDPR Policy