PACKERS Privacy Notice
Data Controller: the ‘natural’ person that determines the purposes and the means of processing personal data within the club – Jason Pink (Chairman) email@example.com
Data Processor: the ‘natural’ person that processes personal data on behalf of the controller – Jenny Shepherd (Membership Secretary)
PACKERS takes members privacy seriously. This policy notice has been written in order to fulfil the requirements of the General Data Protection Regulations that come into force on 25 May 2018.
All clubs, including PACKERS process personal digital data: membership details, event entries, newsletter sign-ups, emails etc. It all contains personal information such as names, ages, and emails.
This makes PACKERS a data processor of personal information. PACKERS has a responsibility to ensure personal data is processed lawfully, transparently, and for a specific purpose by processors.
Once that purpose is fulfilled and the data is no longer required, it will be deleted.
What data do we collect?
PACKERS collects a range of information about both members and non-members who take part in events (these include training courses, club nights, pool sessions, come-and-try-it sessions, trips, etc) in order to ensure the safety and well-being of the participants and also to enable us to contact members and their next of kin or designated emergency contact in the event of an incident. (See appendix 1 for a copy of the membership form).
We also collect members and non-members consent to contact them via the (see appendix 2). This is an ‘OPT-IN’ form.
How is the data stored?
Digital copies are stored online at myclubhouse.co.uk. Paper copies of the membership forms dating back three years and the Data Processing Notices are held by the Membership Secretary.
The information is then recorded on a dedicated PACKERS laptop which is owned by the club and managed by the Membership Secretary.
The laptop is password protected as are the files in which the data is stored.
Data is backed up on an password protected external hard drive so that in the event of a theft of data or a hardware failure we can still contact members and re-install data. This is kept by the membership secretary but separate to the laptop.
The Chairman and other members of the committee as designated by the chairman will know the password to access the laptop and external hard drive in the event that the membership secretary is unable to do so.
How is the data used and shared?
When a person becomes a member of PACKERS, they agree to the use of their personal data to administering their membership and for the committee and event organisers to contact them with club notices relevant to their membership. PACKERS will only retain data for as long as it is needed to administer membership.
The Membership Secretary is the only person who has access to a full set of members details.
RELEVANT data may be shared with Committee members and event organisers as required; for example names and email addresses in order to contact members about events and trips.
A paper copy of member’s details is kept in the club bag for use during club events; this includes names, contact details, health issues, and emergency contact details. It is the responsibility of the person on duty at these events to ensure the security of the afore mentioned document.
Sharing with British Canoeing and other organisations.
PACKERS may share member’s details with British Canoeing. This is to provide insurance for club activities. In this is the case British Canoeing will provide members with access to an online portal to administer their details. British Canoeing will contact members to invite them to sign into and update their Go Membership portal. Among other things, the portal allows members to set and amend their privacy settings, and also sign up to the member newsletter if desired. Members can also delete their account. If members have any questions about the continuing privacy of their personal data when it is shared with British Canoeing they can email firstname.lastname@example.org.
Member’s data IS NOT shared with any third party organisation
PACKERS occasionally takes photos or videos of its members. They are used to promote PACKERS and its activities; or to enable coaching to take place. These may be used on the PACKERS website, social media, local press, British Canoeing website and at the annual dinner and AGM.
Members are asked to opt in on ‘PACKERS Membership Form – Data Processing
On trips and events participants will be asked to opt-in to allowing photographs to be used by the club.
Photographs will not include names of those shown.
British Canoeing advice is as follows…
Occasionally PACKERS may want to send members communications not associated with membership administration about trips and events. Members will be asked to opt-in to receive these communications.
Direct communication to members is by email or SMS. Anything posted on the website or on social media will be general notices and not targeted at specific people.
Subject Access Requests?
Under the Data Protection Act members of the club can request copies of all personal data PACKERS, the committee, or other official groups hold on them.
The committee will respond to any requests within one calendar month. All contact when responding will be logged.
Such requests are normally made when a person has a grievance against an organisation. A detailed log will help the committee explain our response and approach.
What is the right to be forgotten?
Club members and others will have the right to demand that their data is deleted if it's no longer necessary to the purpose it was collected for. This is known as the 'right to be forgotten'.
Under this rule, club members can also demand that their data is erased if they've withdrawn their consent for their data to be collected, or object to the way it is being processed.
The club will also be responsible for telling other organisations such as Google, to delete any links to copies of that data that were on your website, as well as deleting the copies themselves.
How long can the club retain data?
PACKERS can’t keep data for longer than is necessary for the purpose for which it was collected.
PACKERS may wish to retain data to help build a picture of membership or activity over time. This data will be made anonymous.
How will PACKERS respond to breaches of data?
If the website is hacked and data stolen, or the PACKERS laptop stolen, the Chairman will report it to the Information Commissioners Office within 72 hours.
PACKERS will undertake a data audit to understand how data moves through the organisation. This covers where PACKERS obtains data, who PACKERS take it from, who PACKERS sends it to, where it is processed and why it is processed. This allows PACKERS to identify areas of risk.
To complete the audit PACKERS will note all the forms used to capture data and what data is asked for. PACKERS will answer the following questions:
Once PACKERS has completed the audit it will be retained by the Membership Secretary. It will be part of PACKERS’ GDPR documentation.
This policy notice has been written in order to fulfil the requirements of the General Data Protection Regulations that come into force on 25 May 2018.
Should you have any comments or questions please feel free to contact the Chairman (who is also the Data Controller).
All emails sent by the system contain a tracking pixel. This is used to track whether each email has been opened by the recipient, and when. This information can be viewed by those users of the system with permission to view email delivery reports. We do not display any information regarding the location of the recipient. Note that the tracking pixel is only activated if the recipient chooses to download images into their email client.