REC GDPR Privacy Policy
Revision v.3, 3rd May 2018
Author – Kerry Marsh
Introduction
The Rudge Enthusiasts Club (here referred to as REC) is required under the new General Data Protection Regulation (GDPR) to issue all members with this privacy policy statement.
GDPR requires the REC to identify a data controller who determines the purposes and means of holding and processing personal data. We also need to identify a Data Protection Officer, responsible for ensuring compliance with the GDPR. Lastly we have Data processors who actually use your personal data to run the club and its services.
The controller is the General Secretary, the DPO is the Treasurer and the data processors are the Membership secretary, the New Spares and Used spares officers, the area representatives, the Librarian, the Registrar, the Archivist and any other committee assistants as identified by the General Secretary.
Legitimate use of data
Personal data in this context means your contact details. The REC holds and uses your contact details in order to :
ï Provide you with access to the website.
ï Help you maintain your subscription to the club.
ï Send you the Radial magazine.
ï Organise social events and notify you of them.
ï Help you register bikes.
ï Provide access to new and used spares and Regalia
ï Enable you to access the librarian, the archives and model experts in the club for help.
Your contact details
The contact details we maintain are from two sources. The first source is the data you entered in your membership profile when you joined the club. This has your name, address, contact details, records of when you joined the club and subscription data. The second source is the data you supply when ordering new or used spares.
Rules governing your data
Your contact details will never be divulged to another member without your consent.
The only companies outside the REC that will use your contact details are the Webmaster and Pagefast that print and circulate the Radial. Your data will never be supplied to any other third party without your prior consent.
Data storage and security
The data is stored primarily on the website hosting company server and stringent security measures have been adopted and will be maintained to ensure its security. Membership data is retained for the duration of a member’s continuous membership. Thereafter it is deleted.
Contact details are also held on the personal computers of people like Area Representatives. They are required to hold this data securely and follow the REC personal data security rules.
Your eight rights under GDPR
-
You have the right to be informed about GDPR and how the REC meets the requirements. That is the main purpose of this privacy statement.
-
You have the right to access your personal data and order information.
-
You have the right to rectify personal data. This is primarily by you editing your personal profile on line but this can be done for you by the membership secretary.
-
You have the right to erasure, also known as ‘the right to be forgotten’. That is you can request the deletion or removal of personal data where there is no compelling reason for its continued storage.
-
You have the right to block the processing of personal data. That is you can request not to receive emails or letters, Radials or notices. You can do this at any time.
-
You have the right to data portability – that is to be able to transfer your personal data to other IT environments. At present the REC is not aware of any significant demand for this capability from its members and does not make provision to use this right. Contact the General Secretary should you want to exercise this right.
-
You have the right to object to your data being used for profiling, marketing or research. At present the REC have no plans to use your data in these ways. If we ever wanted to we would have to gain your consent.
-
You have the right to require your consent before the REC can conduct any profiling or automated decision making. The REC has no plans to do this.
You also have the right to lodge a complaint with a supervisory authority like the Information Commissioner’s Office (ICO) if you think the REC is not complying with the GDPR.
Document revisions
Revision v.3, 3rd May 2018
Author – Kerry Marsh
Revision history:
v.0 - First draft 26th Feb 2018
v.1 - Complete re-write 13th March 2018
v.2 – removed reference to Deep Blue Logic as a third party handling new spares orders. That company does not process members’ contact details.