Sailing and Cruising Association Privacy Policy v2Effective date: 15 April 2019 The Sailing and Cruising Association is an LGBT+ sailing & power boating members club with the aim of encouraging members, family and friends to get afloat and participate in sailing activities organised by the Club. We want to reassure you that we take the collection, use and retention of your personal information seriously and are committed to protecting each member’s privacy and personal data. This page informs you of our policies regarding the collection, use, and disclosure of personal data when you use our services and the choices you have associated with that data. The Sailing and Cruising Association is registered as a Data Controller with the Information Commissioner’s Office. Our registration number is ZA198554. What information do we collect from you? Why do we collect this information? Who might we share your information with? How do we protect your information? How long do we keep your information? How can I access the information you hold about me? Your Rights under the General Data Protection Regulation (GDPR) Changes To This Privacy Policy What information do we collect from you?Personal DataWhen registering for membership or events, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you ("Personal Data"). This may include, but is not limited to:
Online PaymentsIf you make a payment online or purchase a product from us, your card information is not held by our membership service. It is collected by our third party payment processor ‘Stripe Payments Europe’ who specialises in the secure online processing of credit/debit card transactions. Why do we collect this information?Use of DataWe may use this information provided in the following ways:
Who might we share your information with?We will never sell or rent your information to other parties. We may give access to third party service providers to carry out specific services or disclose information where required to do so by law. Third Party Service ProvidersWe may employ third party companies and individuals to facilitate our services, to provide services on our behalf, to perform Club-related services or to assist us in analysing how our services are used. These third parties may have access to your personal data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose. Legal RequirementsWe may disclose your personal data in the belief that such action is necessary to:
How do we protect your information?Security of DataThe security of your data is important to us but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security. We have implemented generally accepted standards of technology and operational security in order to protect personal data from loss, misuse, or unauthorised alteration or destruction. For any payments which we take from you online we will use a recognised online secure payment system. We will notify you promptly in the event of any breach of your personal data which might expose you to serious risk. Transfer of Data Outside of the European UnionAs part of the membership services offered to you by the Club, your information, including personal data, may be transferred to countries outside the European Union. We use third party providers to provide certain aspects of services for the Club. Wild Apricot Inc provide membership system services and Stripe Payments Europe process secure online payments services. Wild Apricot is based in Canada, and the Wild Apricot service is hosted on the Amazon Web Services cloud hosting and storage service. Your data will be held in these data centres which are located in the USA. Stripe Payments Europe is based in Ireland and transfers data to Stripe Inc in the USA. Amazon Web Services (as a subsidiary of Amazon Inc) and Stripe Inc are both registered under the EU-US Privacy Shield. The European Commission has ruled that companies based in Canada and those registered under the EU-US Privacy Shield have what they term ‘adequate protection’. This means that your data is safeguarded and treated to the same level as it would be in the EU. The Club will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and no transfer of your Personal Data will take place to an organisation or a country unless there are adequate controls in place including the security of your data and other personal information. Your consent to this Privacy Policy and your submission of such information represents your agreement to that transfer. Back to TopHow long do we keep your information?We will hold your personal data on our systems for as long as you remain a member of the Club. Should your membership lapse, we will retain your details for no longer than twelve months before deleting it from our systems, as set out in our data retention policy. If you subsequently choose to re-join, you will be required to provide the information again. How can I access the information you hold about me?The majority of the information held is available on your profile page. You can request a copy of the data we hold about you by contacting the Secretary. Your choicesCommunicationsYou have a choice about whether or not you wish to receive information from us. If you do not want to receive direct communications from us about our events and services, then you can select your choices by ticking the relevant boxes situated under the ‘Email Subscriptions’ tab on your profile page. However, unsubscribing from this will mean that you do not receive monthly updates on club activities, and will not receive notice of the AGM nor AGM papers and proxy voting forms. If you have unsubscribed from email and wish to receive these papers you must contact the Secretary each year during the month of February in order to receive an email copy of the AGM Notice and Papers. Updating your informationThe accuracy of your information is important to us. If you need to update any information we hold about you please make the changes on your profile page. If the information field is ‘admin-only’, please contact the Membership Secretary who will correct it for you. Setting the privacy levels of your informationThe default privacy setting allows other logged-in members to view your name, telephone number, email and town/city. You can change your privacy settings at any time using the ‘Privacy’ tab on your profile page. Your Rights under the General Data Protection Regulation (GDPR)On 25 May 2018, the GDPR comes into force. You have the following rights under the GDPR:
If you have any questions on your rights, please contact the Secretary. You have the right to take any complaints about how we process your personal data to the Information Commissioner at https://ico.org.uk/concerns/ or 0303 123 1113. Changes To This Privacy PolicyWe may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page. We will let you know via email and/or a prominent notice on our website, prior to the change becoming effective and update the "effective date" at the top of this Privacy Policy. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page. Contact Us
|