We at Whitby Coastal Rowing Club use your personal data to provide to you our Club facilities and membership benefits and want to make sure all the personal information we have collected about you, is safe and secure. This Policy set outs our commitments to you, in compliance with and beyond the General Data Protection Regulation (commonly known as the GDPR) and explains how we collect, store, and use your personal information.
We are committed to respecting your privacy. This notice is to explain how we may use personal information we collect before, during and after your membership with us. This notice explains how we comply with the law on data protection, what your rights are and for the purposes of data protection we will be the controller of any of your personal information.
What you need to know
1. Personal Information we may collect from you
When you sign up for membership with us, you may provide us with or we may obtain personal information about you, such as information regarding your:
Personal contact details that allow us to contact you directly such as name, title, email addresses and telephone numbers. |
|
Date of birth, gender |
|
Your rowing preferences (experience, type of rowing, side rowed) Details of any rowing club membership |
|
Information regarding any medical condition that we need to know so we can adapt our rowing facilities to support your needs or that a coach or fellow crew members may need to know so we can take any precautions we feel appropriate to support you in rowing or participating in club activities |
|
Membership details including start and end date |
|
Any credit/debit card and other payment details you provide so that we can receive payments from you and details of the financial transactions with you |
|
Records of your interactions with us such as telephone conversations, emails and other correspondence and your instructions to us |
|
Images in video and/or photographic form and voice recordings |
|
Special categories of personal information
We may also collect, store and use the following “special categories” of more sensitive personal information regarding you:
- information about your race or ethnicity, religious beliefs and sexual orientation; and
- information about your health, including any medical condition, health and sickness records, medical records and health professional information.
- We may also collect criminal records information from you. For criminal records history, we process it on the basis of legal obligations or based on your explicit consent.
By providing any sensitive personal data, you explicitly agree that we may collect it and use it in connection with your membership of the Club and participation in the sport of rowing, associated training and other club activities.
We may not collect all the above types of special category personal information about you. In relation to the special category personal data that we do process we do so on the basis that;
- the processing is necessary for reasons of substantial public interest, on a lawful basis;
- it is necessary for the establishment, exercise or defence of legal claims;
- based on your explicit consent.
In the table below, we refer to these as the “special category reasons for processing of your personal data”.
2. How we use your personal data
We can only use your personal data if we have a proper reason for doing so. According to the law, we can only use your data for one or more of these reasons:
- To fulfil a contract we have with you, or
- If we have a legal duty to use your data for a particular reason, or
- When you consent to it, or
- When it is in our legitimate interests.
Legitimate interests are reasons for using your data to enable us to provide rowing facilities to our Club members, but even so, we will not unfairly put our legitimate interests above what is best for you.
The table below describes the main purposes for which we process your personal information, the categories of your information involved and our lawful basis for being able to do this.
What we use your personal data for | Personal Information used | Lawful basis |
To provide rowing related facilities to you | All contact and membership details, transaction and payment information, records of your interactions with us, and marketing preferences. Records of any accidents or incidents and/or insurance claims. | This is necessary to enable us to properly manage and administer your membership contract with us. |
To answer your queries or complaints | Contact details and records of your interactions with us | We have a legitimate interest to provide complaint handling services to you in case there are any issues with your membership. |
To conduct data analytics studies to better understand event attendance and trends within the sport | For the purposes of promoting the sport, our events and membership packages. Images in video and/or photographic form. | Where you have given us your explicit consent to do so. |
To comply with health and safety requirements | Records of attendance. Records of any safety incidents. | We have a legal obligation and a legitimate interest to provide you and other members of our organisation with a safe environment in which to participate in sport. |
To gather evidence for possible grievance or disciplinary hearings | All the personal information we collect including any disciplinary and grievance information. | We have a legitimate interest in doing so to provide a safe and fair environment for all members and to ensure the effective management of any disciplinary hearings, appeals and adjudications. We process special category personal data on the basis of the “special category reasons for processing of your personal data” referred to in section 2 above. For criminal records history we process it on the basis of legal obligations or based on your explicit consent. |
For the purposes of equal opportunities monitoring | Name, title, date of birth, gender, information about your race or ethnicity, health and medical information and performance data | We have a legitimate interest to promote a sports environment that is inclusive, fair and accessible. We process special category personal data on the basis of the “special category reasons for processing of your personal data” referred to in section 2 above. |
To comply with legal obligations, for example, regarding people working with children or vulnerable adults to comply with our safeguarding requirements | Information about your criminal convictions and offences | For criminal records history we process it based on legal obligations or based on your explicit consent. |
Retention of records | All the personal information we collect | We have a legitimate interest in retaining records whilst they may be required in relation to complaints or claims. We need to retain records in order to properly administer and manage your membership and in some cases, we may have legal or regulatory obligations to retain records. We process special category personal data on the basis of the “special category reasons for processing of your personal data” referred to in section 2 above. For criminal records history we process it on the basis of legal obligations or based on your explicit consent |
3. How we use your data to personalise the service we offer you
We use the data we collect about you from completed membership forms and other information you share with us. We also may collect data from the records of British Rowing. We use the information from these different sources in the following ways:
- to help us communicate with you.
- to understand more about your preferences
4. Marketing: How to manage messages you receive
We may send you communications by email related to Club matters and other rowing related news. We also send you information regarding club matters, and upcoming social events, as well as races etc. We may also send you marketing communications including information services, special offers we think you might like including those provided by third parties such as rowing kit organisations, training camps, and courses from British rowing or general sport related activities.
You can tell us that you do not wish to receive emails, but please note that if you tell us that you do not wish to receive emails, we may be unable to communicate matters related to the running of the Club and your membership, which may make participating in rowing activities difficult.
5. How long do we keep personal data for?
The duration for which we retain your personal information will differ depending on the type of information and the reason why we collected it from you. We keep your data only for as long as we need it. How long we need data depends on what we are using it for, whether you or your child is a member, for our own legitimate interests (described above) or so that we can comply with the law.
In some cases, personal information may be retained on a long-term basis: for example, personal information that we need to retain for legal purposes will normally be retained in accordance with usual commercial practice and regulatory requirements.
Exceptions to this rule are:
Information that may be relevant to personal injury claims, or discrimination claims may be retained until the limitation period for those types of claims has expired. For personal injury or discrimination, claims this can be an extended period as the limitation period might not start to run until a long time after you have been a member.
We will actively review the information we hold and when there is no longer membership, legal or business need for us to hold it, we will either delete it securely or in some cases anonymise it.
It is important to ensure that the personal information we hold about you is accurate and up-to-date, and you should let us know if anything changes, for example, if you change your phone number or email address.
6. How we protect your data
We protect your personal data against unauthorised access, unlawful use, accidental loss, corruption, or destruction.
We use technical measures such as encryption and password protection to protect your data and the systems they are held in. We also use operational measures to protect the data, for example by limiting the number of people who have access to the databases in which our membership information is held. We retain physical copies of the membership forms and any medical records in files that are shared only with the membership secretary and the officers of the Club.
We keep these security measures under review and refer to industry security standards to keep up to date with current practice.
7. Disclosure of your personal information
We share some of your personal data with, or obtain personal data from, the following categories of third parties:
- Government authorities such law enforcement authorities: to meet our legal and regulatory obligations.
- British Rowing or other governing bodies for the sport of rowing: as required by our affiliation to British Rowing.
- In relation to medical records, Adaptive squad members need to provide medical evidence to be classified by BR. We do not keep copy of these, and members should refer to British Rowing’s statement on privacy available here - Privacy Policy and Cookies Policy - British Rowing
We do not disclose personal information to anyone else except as set out above
8. Sending data outside of the European Economic Area
We will not send data outside of the European Economic Area (‘EEA’), unless a member is racing in a country outside the EEA
9. Your rights in relation to personal information
You have the following rights in relation to your personal information:
- the right to be informed about how your personal information is being used;
- the right to access the personal information we hold about you;
- the right to request the correction of inaccurate personal information we hold about you;
- the right to request the erasure of your personal information in certain limited circumstances;
- the right to restrict the processing of your personal information where certain requirements are met;
- the right to object to the processing of your personal information;
- the right to request that we transfer elements of your data either to you or another service provider
To exercise any of the above rights, or if you have any questions relating to your rights, please contact us by using the details set out in the “Contacting us” section below.
Please note that even if you withdraw your consent, we can still rely on the consent you gave as the lawful basis for processing your data before you withdrew your consent.
You can object to our use of your data where we rely on our legitimate interests to do so. We explained the legitimate interests we rely in the table above under the heading ‘How we use your personal data’.
When you get in touch, we will come back to you as soon as possible and where possible within one month. If your request is more complicated, it may take a little longer to come back to you but we will come back to you within two months of your request. We may also ask you to verify your identity before we provide any information to you.
Whilst this privacy notice sets out a general summary of your legal rights in respect of personal information, this is a very complex area of law. More information about your legal rights can be found on the Information Commissioner’s website at https://ico.org.uk/for-the-public/
10. Complaints
If you have any complaints concerning the Club’s processing of your personal data, please email us at secretary@wcrc.uk
Please note that you have the right to lodge a complaint with the supervisory authority which is responsible for the protection of personal data in the country where you live or work, or in which you think a breach of data protection laws might have taken place. Members can contact the UK Information Commissioner’s Office by telephone on 0303 123 1113, or by using the live chat service which is available through the Information Commissioner’s website www.ico.org.uk
11. Changes to this notice
We may update this privacy notice from time to time. When we change this notice in a material way, we will update the version date at the bottom of this page. For significant changes to this notice, we will try to give you reasonable notice unless we are prevented from doing so. Where required by law we will seek your consent to changes in the way we use your personal information.
11. Contacting us
In the event of any query or complaint in connection with the information we hold about you, please email the Club Secretary secretary@wcrc.uk
Document Control | |||
Document Title | WCRC Data Protection and Privacy Policy | ||
Version Number | 1 | Document Status | Draft |
Date Approved | 02/03/2023 | Approved By | Committee Members |
Effective Date | 02/03/2023 | Date of Next Review | March 2026 |
Recommended period between reviews is 3 years unless required sooner due to new guidance | |||
Version Control | |||
Version | Author | Date | Changes |
1 | Chairperson | 14/02/2023 | First draft of new document |