​
PRIVACY NOTICE FOR OUR MEMBERS
​
We are committed to respecting your privacy. This notice is to explain how we may use personal information we collect before, during and after your membership with us. This notice applies to you if you have registered to become or are a member of our club. This notice explains how we comply with the law on data protection, what your rights are and for the purposes of data protection we will be the controller of any of your personal information.
References to we, our or us in this privacy notice are to the North Hampshire Road Club.
​
We have not appointed a Data Protection Officer to oversee our compliance with data protection laws as we not required to do so, but the Chairperson of the Club has overall responsibility for data protection compliance. Contact details are set out in the "Contacting us" section at the end of this privacy notice. The successor as Chair of the Club shall take over responsibility as shall the successor’s successor and so on.
This policy has been approved by the Club’s committee.
1. Personal Information we may collect from you
Depending on the type of membership you register for with us, you may initially provide us with or we may obtain personal information about you, such as information regarding your:
-
personal contact details that allows us to contact you directly such as name, title, email addresses and telephone numbers;
-
date of birth;
-
gender;
-
membership start and end date;
-
references and other information included in a CV or cover letter or as part of the application process for membership;
-
records of your interactions with us such as telephone conversations, emails and other correspondence and your instructions to us;
-
any credit/debit card and other payment details you provide so that we can receive payments from you and details of the financial transactions with you;
-
[use of and movements through our online portal, passwords, personal identification numbers, IP addresses, user names and other IT system identifying information;]
-
records of your attendance at any events hosted by us;
-
CCTV footage and other information obtained through electronic means such as swipecard and key fob records;
-
images in video and/or photographic form and voice recordings;
-
your marketing preferences so that we know whether and how we should contact you.
-
identification documents such as passport and identity cards;
-
details of next of kin, family members, coaches and emergency contacts;
-
records and assessment of any rider rankings, grading or ratings, competition results, details regarding events attended and performance
-
any disciplinary and grievance information;
2. SPECIAL CATEGORIES OF PERSONAL INFORMATION
We may also collect, store and use the following “special categories” of more sensitive personal information regarding you:
-
information about your race or ethnicity, religious beliefs and sexual orientation;
-
information about your health, including any medical condition, health and sickness records, medical records and health professional information; and
-
biometric information about you, for example fingerprints, retina scans.
We may not collect all of the above types of special category personal information about you. In relation to the special category personal data that we do process we do so on the basis that
-
the processing is necessary for reasons of substantial public interest, on a lawful basis;
-
it is necessary for the establishment, exercise or defence of legal claims;
-
it is necessary for the purposes of carrying out the obligations and exercising our or your rights in the field of employment and social security and social protection law; or
-
based on your explicit consent.
In the table below’ we refer to these as the “special category reasons for processing of your personal data”.
3. WHERE WE COLLECT YOUR INFORMATION
We typically collect personal information about our members when you apply to become a member of the club, when you purchase any services or products we offer, when you make a query and/or complaint or when you correspond with us by phone, e-mail or in some other way.
We also may collect personal information about you from any third party references you provide as part of the application process for membership.
If you are providing us with details of referees, next of kin, family members and emergency contacts they have a right to know and to be aware of how what personal information we hold about them, how we collect it and how we use and may share that information. Please share this privacy notice with those of them whom you feel are sufficiently mature to understand it. They also have the same rights as set out in the “Your rights in relation to personal information” section below.
Uses made of the information
​
3.1 To administer any membership you have with us and managing our relationship with you, including dealing with payments and any support, service or product enquiries made by you
All contact and membership details, transaction and payment information, records of your interactions with us, and marketing preferences.
This is necessary to enable us to properly manage and administer your membership contract with us.
​
3.2 To arrange and manage any contracts for the provision of any services or products
Contact details, transaction and payment information.
Records of your interactions with us.
This is necessary to enable us to properly administer and perform any contract for the provision of any services and products you have purchased from us.
3.3 To send you information which is included within your membership benefits package, including details about advanced ticket information, competitions and events, partner offers and discounts and any updates on
​
Contact and membership details.
​
This is necessary to enable us to properly manage and administer your membership contract with us.
3.4 To send you other marketing information we think you might find useful or which you have requested from us, including our newsletters, information about membership, events, products and information about our commercial partners
Contact details and Marketing preferences.
Where you have given us your explicit consent to do so.
​
3.5 To answer your queries or complaints
Contact details and records of your interactions with us
​
We have a legitimate interest to provide complaint handling services to you in case there are any issues with your membership.
3.6 Retention of records
All the personal information we collect.
​
We have a legitimate interest in retaining records whilst they may be required in relation to complaints or claims. We need to retain records in order to properly administer and manage your membership and run our club and in some cases we may have legal or regulatory obligations to retain records.
We process special category personal data on the basis of the “special category reasons for processing of your personal data” referred to in section 2 above.
For criminal records history we process it on the basis of legal obligations or based on your explicit consent.
3.7 The security of our IT systems
Your usage of our IT systems and online portals.
We have a legitimate interest to ensure that our IT systems are secure.
​
3.8 To conduct data analytics studies to better understand event attendance and trends within the sport
Records of your attendance at any events or competitions hosted by us.
We have a legitimate interest in doing so to ensure that our membership is targeted and relevant.
3.9 For the purposes of promoting the club, our events and membership packages.
​
Images in video and/or photographic form.
​
Where you have given us your explicit consent to do so.
​
3.10 To comply with health and safety requirements
​
Records of attendance, CCTV footage and other information obtained through electronic means such as swipecard and key fob records, medical information about your health
[biometric information about you, for example fingerprints, retina scans]
We have a legal obligation and a legitimate interest to provide you and other members of our organisation with a safe environment in which to participate in sport.
3.11 To administer your attendance at any courses or programmes you sign up to
All contact and membership details,
Transaction and payment data.
Details of any county membership and performance data.
This is necessary to enable us to register you on to and properly manage and administer your attendance on the course and/or programme.
3.12 To arrange for any trip or transportation to and from an event
Identification documents details of next of kin, family members and emergency contacts, transaction and payment information, health and medical information.
This is necessary to enable us to make the necessary arrangements for the trip and/or transportation to an event.
​
We process special category personal data on the basis of the “special category reasons for processing of your personal data” referred to in section 2 above.
​
3.13 To use information about your physical or mental health (including any injuries) or disability status, to ensure your health and safety and to assess your fitness to participate in any events or activities we host and to provide appropriate adjustments to our sports facilities.
​
Health and medical information
​
We process special category personal data on the basis of the “special category reasons for processing of your personal data” referred to in section 2 above.
3.14 To gather evidence for possible grievance or disciplinary hearings
All the personal information we collect
​
We have a legitimate interest in doing so to provide a safe and fair environment for all members and to ensure the effective management of any disciplinary hearings, appeals and adjudications.
We process special category personal data on the basis of the “special category reasons for processing of your personal data” referred to in section 2 above.
For criminal records history we process it on the basis of legal obligations or based on your explicit consent.
3.15 For the purposes of equal opportunities monitoring
Name, title, date of birth
gender, information about your race or ethnicity and health and medical information
We have a legitimate interest to promote a sports environment that is inclusive, fair and accessible.
We process special category personal data on the basis of the “special category reasons for processing of your personal data” referred to in section 2 above.
​
For some of your personal information you will have a legal, contractual or other requirement or obligation for you to provide us with your personal information. If you do not provide us with the requested personal information we may not be able to admit you as a member or we may not be able to properly perform our contract with you or comply with legal obligations and we may have to terminate your membership. For other personal information you may not be under an obligation to provide it to us, but if you do not provide it then we may not be able to properly perform our contract with you.
Where you have given us your consent to use your personal information in a particular manner, you have the right to withdraw this consent at any time, which you may do by contacting us as described in the "Contacting us" section below.
Please note however that the withdrawal of your consent will not affect any use of the data made before you withdrew your consent and we may still be entitled to hold and process the relevant personal information to the extent that we are entitled to do so on bases other than your consent. Withdrawing consent may also have the same effects as not providing the information in the first place, for example we may no longer be able to provide certain member benefits to you.
5. DIRECT MARKETING
Email, post and SMS marketing: from time to time, we may contact you by email, post or SMS with information about products and services we believe you may be interested in.
6. Disclosure of your PERSONAL information
We share personal information with the following parties:
Any party approved by you.
​
To any governing bodies or regional bodies for the sports covered by our club: to allow them to properly administer the sports on a local, regional and national level.
​
Other service providers: for example, email marketing specialists, payment processors, data analysis CCTV contractors, promotional advisors, contractors or suppliers and IT services (including CRM, website, video- and teleconference services);
​
Our Commercial Partners: for the purposes of providing you with information on any tickets, special offers, opportunities, products and services and other commercial benefits provided by our commercial partners as part of your membership package The Government or our regulators: where we are required to do so by law or to assist with their investigations or initiatives.
​
Police, law enforcement and security services: to assist with the investigation and prevention of crime and the protection of national security.
​
Club Website: As a club member your information may be shared on the club website, social media pages or in emails sent by the club. This data will only be shared in the event that either you are a club volunteer, have participated in a race or challenge event or have recorded a major achievement. This data will be limited to your name, race [location and] results (if applicable) and details of your achievement. Limited further information about you may be included; for example, whether you have participated in a juniors’ race or a women’s race.
​
Photo and video: The organiser, sponsors or promoters of the ride may take photographs or videos of the ride and riders for publicity purposes. By registering to participate in the ride either on your own behalf or upon behalf of any other rider including those under the age of 16 years, you agree that
When you become a member of or renew your membership with North Hampshire Road Club: You will be registered for an online account with British Cycling. We will provide British Cycling with your personal data which they will use to enable access to an online portal for you (called My Dashboard) on the British Cycling website. British Cycling will use your personal data in accordance with its Privacy Notice which can be accessed at https://www.britishcycling.org.uk/staticcontent/info--Privacy-Policy-0. British Cycling will contact you to invite you to sign into and update your dashboard (which, amongst other things, allows you to set and amend your privacy settings). If you have any questions about the continuing privacy of your personal data when it is shared with British Cycling, please contact compliance@britishcycling.org.uk
7. TRANSFERRING YOUR PERSONAL INFORMATION INTERNATIONALLY
The personal information we collect is not transferred to and stored in countries outside of the UK and the European Union.
8. HOW LONG DO WE KEEP PERSONAL INFORMATION FOR?
The duration for which we retain your personal information will differ depending on the type of information and the reason why we collected it from you. However, in some cases personal information may be retained on a long-term basis: for example, personal information that we need to retain for legal purposes will normally be retained in accordance with usual commercial practice and regulatory requirements. Generally, where there is no legal requirement we retain all physical and electronic records for a period of 6 years after your last contact with us or the end of your membership. Exceptions to this rule are:
-
Information that may be relevant to personal injury or discrimination claims may be retained until the limitation period for those types of claims has expired. For personal injury or discrimination claims this can be an extended period as the limitation period might not start to run until a long time after the event.
It is important to ensure that the personal information we hold about you is accurate and up-to-date, and you should let us know if anything changes, for example if you change your phone number or email address. You may be able to update some of the personal information we hold about you. Alternatively, you can contact us by using the details set out in the "Contacting us" section below.
9. YOUR RIGHTS IN RELATION TO PERSONAL INFORMATION
You have the following rights in relation to your personal information:
-
the right to be informed about how your personal information is being used;
-
the right to access the personal information we hold about you;
-
the right to request the correction of inaccurate personal information we hold about you;
-
the right to request the erasure of your personal information in certain limited circumstances;
-
the right to restrict processing of your personal information where certain requirements are met;
-
the right to object to the processing of your personal information;
-
the right to request that we transfer elements of your data either to you or another service provider; and
-
The right to object to certain automated decision-making processes using your personal information.
You should note that some of these rights, for example the right to require us to transfer your data to another service provider or the right to object to automated decision making, may not apply as they have specific requirements and exemptions which apply to them and they may not apply to personal information recorded and stored by us. For example, we do not use automated decision making in relation to your personal data. However, some have no conditions attached, so your right to withdraw consent or object to processing for direct marketing are absolute rights.
Whilst this privacy notice sets out a general summary of your legal rights in respect of personal information, this is a very complex area of law. More information about your legal rights can be found on the Information Commissioner’s website at https://ico.org.uk/for-the-public/.
To exercise any of the above rights, or if you have any questions relating to your rights, please contact us by using the details set out in the "Contacting us" section below.
10. CHANGES TO THIS NOTICE
We may update this privacy notice from time to time. When we change this notice in a material way, we will update the version date at the bottom of this page. For significant changes to this notice we will try to give you reasonable notice unless we are prevented from doing so. Where required by law we will seek your consent to changes in the way we use your personal information.
11. CONTACTING US
In the event of any query or complaint in connection with the information we hold about you, please email the Chairperson via the contacts page on the club website.
12. INFORMATION SECURITY
​
General Guidelines
-
The only people able to access data covered by this policy should be those who need it for their involvement in managing the Club.
-
Data should not be shared informally. When access to confidential information is required, officers and volunteers can request it from the officer or volunteer responsible for the information.
-
Club will provide training to all officers and volunteers to help them understand their responsibilities when handling data.
-
The Club’s officers should keep all data secure, by taking sensible precautions and following the guidelines in this Policy.
-
In particular, strong passwords must be used and they should never be shared.
-
Personal data should not be disclosed to unauthorised people, either within the Club or externally.
-
Data should be regularly reviewed and updated if it is found to be out of date. If no longer required, it should be deleted and disposed of.
-
Officers should request help from the Chairperson if they are unsure about any aspect of data protection.
Data Use
-
Personal data is of no value to the Club unless it can make use of it. However, it is when personal data is accessed and used that it can be at a risk of loss, corruption or theft:
-
When working with personal data, Officers should ensure the screens of their computers are always locked when left unattended.
-
Personal data should not be shared informally. In particular, it should never be sent by email, unless attachments are password-protected.
-
Data must be encrypted before being transferred electronically.
-
Personal data should not be transferred outside of the European Economic Area without an appropriate safeguard.
-
Officers should where possible not save copies of personal data to their own computers. Always access and update the central copy of any data.
Data Storage
These rules describe how and where data should be safely stored.
When data is stored on paper, it should be kept in a secure place where unauthorised people cannot see it.
These guidelines also apply to data that is usually stored electronically but has been printed out for some reason:
-
When not required, the paper or files should be kept in a locked drawer or filing cabinet.
-
Officers should make sure paper and printouts are not left where unauthorised people could see them, like on a printer.
-
Data printouts should be shredded and disposed of securely when no longer required.
-
When data is stored electronically, it must be protected from unauthorised access, accidental deletion and malicious hacking attempts:
-
Data should be protected by strong passwords, and passwords should never be shared.
-
If data is stored on removable media (like a CD or DVD), these should be kept locked away securely when not being used.
-
Data should only be uploaded to approved cloud computing services.
-
Servers containing personal data should be sited in a secure location.
-
Data should be backed up frequently.
-
Data should only be stored directly on laptops or other mobile devices like tablets or smart phones for a limited period and providing that these are password protected and encrypted.
-
All servers and computers containing data should be kept updated and protected by appropriate security software and a firewall.