How we collect and use information
As explained in a letter to members, the Club identified its two legal bases for processing of personal data as follows: 1) Members have given consent for the Club to hold and process their personal data, both in our manual records and on our database, and 2) the processing is necessary for the legitimate interests of the Club.
The data we hold are names of Members, and partners if given to us, addresses, telephone numbers, email addresses, and details of Club qualifying cars owned by each Member.
Data are retained for as long as an individual is a member of the Club, but are deleted when a Member leaves the Club, with one exception: if a Member has won a Club Trophy, the name and year of winning is retained, but all other information is deleted. In the case of the Alpine Trophy Woodmansee, Harding-Rolls, Dymock Maunsell, Fred and Joan Watson, Messervy, Phoenix, Ladies, and Small Horsepower Trophies, the chassis number of the winner’s car is also retained.
Members’ personal data are not shared with any person or organisation outside the Club, and are available within the Club to Members only upon login to the website with a secure password. Passwords are not shared with anyone, not even the Database Manager. If a Member does not want any specific personal data to appear on the Members’ website, we honour that request.
Unless a member has requested otherwise, Members’ names and addresses are used for the purposes of sending out postal correspondence including subscriptions, News and Record, The Members and Cars List, and notifications of forthcoming events. Occasionally, information on forthcoming events, including AGM papers, are sent out by email.
Unless a member has requested otherwise, Members’ names and addresses are included in the Members and Cars List, which is distributed in hard copy to Members and contains an instruction that it cannot be shared outside the Club. News & Record may contain some personal data.
How we keep your information secure
In addition to the password procedures mentioned above, The Club ensures that all personal information supplied is held securely, in accordance with GDPR 2018.
The Club’s Website
All the information Members give us is protected by a secure server. SSL (Secure Sockets Layer) is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and integral. Whilst we do our best to ensure security, data transmission over the internet is inherently insecure, we cannot therefore guarantee the security of data sent over the internet.
Sharing of personal information
No personal information is shared outside of the Club and we do not share personal information with third parties. Individual Members are constantly enjoined not to share any personal information with anyone not in the Club.
In all cases, any use of your personal information processed by the Club will comply with this policy and with data protection legislation.
Also, we reserve the right to use or disclose any information as needed to satisfy any law, regulation or legal request, to protect the integrity of the site, or to co-operate in any law enforcement or regulatory investigation. Save for this, we do not sell, transfer or disclose personal information we have collected from you to third parties outside of the Club, except in for these specific circumstances:
- Production and distribution of the News & Record using a specialist printer
- Maintenance of the website using a selected marketing agency
- Distribution of eNewsletters using an external email marketing service
We may transfer the data that we collect from you to a destination outside the European Economic Area (EEA) e.g. when we send out a newsletter. By submitting your personal data to us, you agree to this transfer, storing or processing. We will ensure that any transfer will be within the conditions of the GDPR and that adequate safeguards are in place.
Our website does not contain links to external sites.
Individuals under 16
The Club does not intentionally or knowingly process personal information from individuals under the age of 16.
If you have given us your email for purposes of communication or promotion, we will use your data to contact you.
Under the General Data Protection Regulation (GDPR) and the Data Protection Act 2018, you have a number of rights with regards to your personal information:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling
If you have provided consent for processing your personal information you have the right (in certain circumstances) to withdraw that consent at any time.
How long we keep your information
The Club will retain personal information for no longer than is necessary for the purpose it was obtained for to reduce the risk of it becoming inaccurate, out of date or irrelevant. We will securely delete any information that is no longer required.
The Data Controller is the Webmaster and Database Manager, Dr Henry Fitzhugh, 56 Argyle Street, London, WC1H 8ER, firstname.lastname@example.org. Telephone +44 (0)20 7837 9980.
Complaints or queries
If you want to make a complaint about the way we have processed your personal information, you can contact us (see Contact details below).
If you are not satisfied with our response or believe we have not complied with the requirements of GDPR or the Data Protection Act, with regards to your personal information, you have the right to lodge a complaint to the Information Commissioner's Office ico.org.uk
Please let us know, at the address of the Data Controller above, if the personal information we hold about you needs to be corrected or updated.