1 About this Policy
a. This policy explains when and why we collect personal information about our members, how we use it and how we keep it secure and your rights in relation to it.
c. In the event that inaccurate data is recorded, such inaccuracies will be amended by the Club and any other relevant parties notified immediately. However, members will have the opportunity to update and amend data themselves online from the member portal within Clubmate.
e. We will always use our best endeavours to comply with the General Data Protection Regulation (GDPR) when dealing with your personal data. Further details on the GDPR can be found at ico.org.uk. For the purposes of the GDPR, we will be the “controller” of all personal data we hold about you.
2 Who are we
We are Braybrooke Community Nature and Fishing Club (BCNFC) referred to herein as the Club. (Under GDPR, BCNFC are the “Controller” of member data)
3 What information we collect and why
i. We collect Member name, address, date of birth, telephone numbers and email address to enable the Club to manage Member’s membership of the Club in accordance with the various categories of membership available.
ii. Information held for Junior members up to the age 13 years old will be held following receipt of a fully completed application form signed by a parent or guardian agreeing to the information being held. Direct communication with those junior members will be directed through the parent or guardian with information about club waters communicated to them through their registered responsible adult member of the club by email and or the Club forum.
iii. Individuals have the right to access their personal data. Members who choose not to access their own data through the member portal of Clubmate can request either verbally or in writing to access their data and must be responded to within one month of the request. All requests will be directed to the Membership Secretary who will respond within the timescale. A record will be kept for management purposes of each request received.
iv. You have the right to have your personal data erased in certain circumstances (please note that if you elect to have your personal data erased this will immediately terminate your membership at no cost to the Club)
i. Members will be required to upload a photograph of themselves to Clubmate. This will assist the bailiffs with identification. You have the right to have your photograph removed (please note that if you elect to have your photograph removed this will immediately terminate your membership at no cost to the Club)
ii. Photos included within any paper application or renewal will be destroyed after being scanned and uploaded to the Clubmate system on a member’s behalf by the Membership Secretary and any digital copy as a result of the scanning deleted.
iii. Photos and videos are often used on the Club website or social media pages for the purpose of promoting the Club profile. We will seek the Member’s consent prior to taking and subsequently using any images on any club publication, club website or social media pages. Parental consent for Members under 16 years of age will be obtained prior to any photos or videos being recorded where children may appear. Consent relating to photos or videos may be withdrawn at any time by contacting the Club by email or letter.
i. We do not store any sensitive bank information of Members or other person making payment to the Club. They are all stored by and processed by a third party payment provider Stripe who are fully regulated by the Financial Conduct Authority (FCA)
ii. PCI Compliance. In compliance with the new PCI regulations, we are un-able to capture bank card details over the phone, face to face or via post.
4 How we protect your data
a. To protect members’ data it is stored within a third party management platform called Clubmate. Clubmate Ltd have in place physical, electronic and managerial procedures to safe guard and secure data at all times. All club & member information is stored & maintained with multi-layered security provided by Microsoft Azure across physical data centres, infrastructure and operations. And when data is transferred between the Clubmate server and the user’s computer(admin/member), it uses the same SSL technology as banks and financial institutions to ensure it remains protected. No sensitive financial information(bank details, debit or credit card information etc) is ever seen, stored or transmitted by the Club or Clubmate. This data is always held securely by their highly regulated payment partner Stripe.
b. We will notify you promptly in the unlikely event of any breach of your personal data which might expose you to serious risk.
c. Where a Member suspects a breach of data protection has arisen, the Member must immediately bring this to the attention of the Club Secretary.
d. You have the right to take any complaints about how we control your personal data to the Information Commissioner: For more information visit www.ico.org.uk
5 Who else has access to the information you provide
We will never sell or rent your personal data. We will not share your personal data with any third parties without your prior consent (which you are free to withhold) except where we are required to do so by law or as set out above.
6 How long do we keep your information
i. We will hold your personal data electronically within the Clubmate system for as long as you are a member of the Club and for as long afterwards as it is in the Clubs’ legitimate interest to do so or for as long as is necessary to comply with our legal obligations. We will review your personal data every year to establish whether it can continue to be processed. If we decide that we cannot continue to allow it to be processed, we will stop any processing of your personal data
ii. Information held for members who don’t renew their membership will be deleted from the database 12 months following their lapsed membership with any written material also appropriately and securely destroyed.
iii. Clubmate Accounts inactive (i.e. No memberships added and paid for) for twelve months from the date they were opened will be closed and all personal data held within them deleted.
Third Party Websites