Privacy policy and GDPR compliance
The General Data Protection Regulations (GDPR) came into force in May 2018. These deal with the treatment of personal data which organisations hold about individuals.
We are required to have your explicit consent to hold that data, explaining to you the form in which we are holding it, why we’re holding it, and when we will delete it.
You are entitled to ask to see what information we hold about you and have the right to ask for inaccuracies to be corrected.
What information do we hold?
We hold the following information about members (and in some cases their parents):
- Name
- Age
- Medical issues
- Address
- Phone number
- Email address
- Bank account details (eg for paying expenses)
- Photos
- Training scores
- Training availability
How do we hold it?
This Information may be held in one or more of the following formats:
- On the club’s email system
- On the club’s Mailchimp account, which is sometimes used for club communications
- On paper (eg membership forms and some training records)
- On club officer files (eg membership secretary records, welfare officer records etc)
- On the St Neots Rowing Club website
- On Google Drive
- On Facebook, Instagram and Twitter accounts
Why do we hold it?
We hold the information for the following purposes:
- Health, safety, and welfare, particularly of juniors
- Communicating with members about arrangements, events and briefings
- Training performance monitoring
- Publicising the club
Is the information securely held?
As far as we are aware, all the digital information is held in password-protected form and benefits from the protection put in place by platform providers such as the banks, Mailchimp, Google etc.
Information on paper is held in files at the homes of the club officers or in the club office, which is locked when not being used by club officers.
We will never pass your information to a third party without your explicit prior consent.