Data Protection Policy
Guildford Rowing Club (‘the Club’ or ‘we’) ”), use your personal data to provide to you our Club facilities and membership benefits. We have described how we collect, store and use your data in this Data Protection and Privacy Policy. We take seriously our responsibilities to look after your data and we are committed to protecting your privacy. There are steps you can take to control what we do with your data and we have explained those steps in this Policy.
When we talk about data and personal data in this Privacy Policy, we mean personal data which identify you or which could be used to identify you such as your name and contact details and other relevant membership information.
Personal Data we collect about you
When you join as a member, are a parent/guardian of a junior member, of when you make a membership enquiry, we may collect the following information:
- Name
- Email address
- Address
- Phone number
- Occupation
- Gender
- Date of birth
- Details of a medical condition relevant for undertaking rowing
- Details of availability of when you can row or race
Certain kinds of personal data, such as data about your racial or ethnic origin, your physical or mental health, your religious beliefs or alleged commission or conviction of criminal offences, are special categories of personal data which by law require additional protection. We try to limit the circumstances in which we collect sensitive personal data of this kind. By providing any sensitive personal data, you explicitly agree that we may collect it and use it in connection with your membership of the Club and participation in the sport of rowing, associated training and other club activities.
How we use your personal data
We can only use your personal data if we have a proper reason for doing so. According to the law, we can only use your data for one or more of these reasons:
- To fulfil a contract we have with you, or
- If we have a legal duty to use your data for a particular reason, or
- When you consent to it, or
- When it is in our legitimate interests.
Legitimate interests are reasons for using your data to enable us to provide rowing facilities to our Club members, but even so, we will not unfairly put our legitimate interests above what is best for you.
How we use your data to personalise the service we offer you
We use the data we collect about you from on membership forms, PARQs and other information you share with us. We also may collect data from the records of British Rowing. We use the information from these different sources in the following ways:
- to help us communicate with you.
- to understand more about your preferences
Marketing: How to manage messages you receive
We may send you communications by email related to Club matters and other rowing related news. We also send you information regarding club matters, and upcoming social events, as well as races etc. We may also send you marketing communications including information services, special offers we think you might like including those provided by third parties such as rowing kit organisations, training camps, and courses from British rowing or general sport related activities.
You can tell us that you do not wish to receive emails, but please note that if you tell us that you do not wish to receive emails, we may be unable to communicate matters related to the running of the Club and your membership, which may make participating in rowing activities difficult.
We will never share data with third party companies that wish to sell you products without your prior consent.
How long we keep your data
We keep your data only for as long as we need it. How long we need data depends on what we are using it for, whether you or your child is a member, for our own legitimate interests (described above) or so that we can comply with the law.
We will actively review the information we hold and when there is no longer membership, legal or business need for us to hold it, we will either delete it securely or in some cases anonymise it.
How we protect your data
We protect your personal data against unauthorised access, unlawful use, accidental loss, corruption or destruction.
We use technical measures such as encryption and password protection to protect your data and the systems they are held in. We also use operational measures to protect the data, for example by limiting the number of people who have access to the databases in which our membership information is held. Any physical copies of the membership forms and any medical records are kept in files that are shared only with the membership secretary and the officers of the Club. We keep these security measures under review and refer to industry security standards to keep up to date with current practice.
Sharing your data
We share some of your personal data with, or obtain personal data from, the following categories of third parties:
- Government authorities such law enforcement authorities: to meet our legal and regulatory obligations.
- British Rowing or other governing bodies for the sport of rowing: as required by our affiliation to British Rowing.
- In relation to medical records, Adaptive squad members need to provide medical evidence to be classified by BR. We do not keep copy of these and members should refer to British Rowing’s statement on privacy available here – British Rowing Privacy Policy
Sending data outside of the European Economic Area
We will not send data outside of the European Economic Area (‘EEA’), unless a member is racing in a country outside the EEA
Your rights
You are entitled to see copies of all personal data held by us and to amend, correct or delete such data. You can also limit, restrict, or object to the processing of your data. You have a right to be forgotten and ask us to delete your records. As a Club we rely on the details we retain to communicate with you in relation to rowing so if we cannot retain communication records we may be unable to provide you the benefits of Club membership.
If you gave us your consent to use your data, you can withdraw your consent by contacting the Secretary or Chairman of the Club (contact details available on the Website). Please note that even if you withdraw your consent, we can still rely on the consent you gave as the lawful basis for processing your data before you withdrew your consent.
You can object to our use of your data where we rely on our legitimate interests to do so. We explained the legitimate interests we rely in the table above under the heading ‘How we use your personal data’.
To raise any objections or to exercise any of your rights, you can send an email the Secretary or Chairman of the Club (contact details available on the Website).
When you get in touch, we will come back to you as soon as possible and where possible within one month. If your request is more complicated, it may take a little longer to come back to you but we will come back to you within two months of your request. We may also ask you to verify your identity before we provide any information to you.
Complaints
If you have any complaints concerning the Club’s processing of your personal data please email Secretary or Chairman of the Club (contact details available on the Website)
Please note that you have the right to lodge a complaint with the supervisory authority which is responsible for the protection of personal data in the country where you live or work, or in which you think a breach of data protection laws might have taken place.
Members can contact the Information Commissioner’s Office. Contact details are available on their website www.ico.org.uk.