Royal Solent Yacht Club
Privacy Policy
1. About this Policy
1.1 This policy explains when and why we collect personal information about our Members and instructors, how we use it and how we keep it secure and your rights in relation to it.
1.2 We may collect, use and store your personal data, as described in this Policy and as described when we collect data from you.
1.3 We reserve the right to amend this Personal Data Protection Policy from time-to-time without prior notice. You are advised to check our website http://www.royalsolent.org/ or our Club noticeboard regularly for any amendments (but amendments will not be made retrospectively).
1.4 We will always comply with the applicable national data protection laws, including but not limited to, the EU General Data Protection Regulation (GDPR) 2016/269 when dealing with your personal data. For the purposes of the GDPR the Club will be the “controller” of all personal data we hold about you.
2. Who are we?
2.1 We are the Royal Solent Yacht Club (the “Club”). We can be contacted at,
E-mail: office@royalsolent.org and Tel: +44 (0)1983 760256 (Office).
3. What information we collect and why.
|
Type of information |
Purposes |
Legal basis of processing |
|
Name, address(es), telephone numbers, e-mail address(es) of Members. |
Managing the Member’s Membership of the Club. Managing the Race Officer duty roster. |
Performing the Club’s contract with the Member. For the purposes of our legitimate interests in operating the Club. |
|
Name, address(es), telephone numbers, e-mail address(es) of Event Attendees. |
Managing an event booking. Contacting the Event Attendee regarding future occurrences of the same event or similar events of legitimate interest run by the Club. |
Performing the Club’s contract with the Event Attendee. For the purposes of our legitimate interests in operating the Club. For the purposes of our legitimate interests in promoting the Club. Consent. We will seek the Event Attendee’s consent to contact them regarding future events with each event entry and the Event Attendee may withdraw their consent at any time by contacting us by telephone, e-mail or letter. |
|
Emergency contact details. |
Contacting next of kin in the event of emergency. |
Protecting the vital interests of Member’s and their dependants and of Event Attendees. |
|
Member’s date of birth / age related information. |
Managing Membership categories which are age related. |
Performing the Club’s contract with the Member. |
|
Marital status and preferred form of address i.e. title. |
Managing the Members’ directory. |
Performing the Club’s contract with the Member. For preparing the Club’s Membership directory and ensuring the correct and preferred form of address. |
|
Gender |
Provision of adequate facilities for Members. Reporting information to the RYA. |
For the purposes of our legitimate interests in making sure that we can provide sufficient and suitable facilities (including changing rooms and toilets) for each gender. For the purposes of the legitimate interests of the RSYC to maintain diversity data required by Sports Councils. Member’s or Event Attendee’s name, boat name, model and sail number. |
| Member’s or Event Attendee’s name, boat name, model and sail number. |
Managing race entries and race results. Sharing race results with other clubs, class associations, and the RYA, and providing race results to local and national media. Allocating moorings and compound spaces. Managing an event booking. |
For the purposes of our legitimate interests in holding races for the benefit of Club Members or Event Attendees. For the purposes of our legitimate interests in promoting the Club. For the purposes of our legitimate interests in operating the Club. |
|
Member’s profession or past profession.
|
Facilitates relations between the Club and Member.
|
For the purposes of our legitimate interests in operating the Club. This is useful for when we need expertise to help with Club matters, e.g. legal, building construction (roof), Accounting & IT. |
|
Photos and videos of Members and/or their boats. Photos and videos of Event Attendees and/or their boats.
|
Putting on the Club’s website and social media pages and using in press releases. |
For the purposes of our legitimate interests in promoting the Club. Consent. We will seek the Member’s consent with each Membership application and the Member may withdraw their consent at any time by contacting us by telephone, e-mail or letter. Consent. We will seek the Event Attendee’s consent with each event entry and the Event Attendee may withdraw their consent at any time by contacting us by telephone, e-mail or letter. |
| Video recordings (images only, no audio) of Members, visitors and employees in communal areas of the Clubhouse and grounds. | Recorded via CCTV cameras which monitor the front entrance/exit door, bar areas, areas where danicing may take place, car park, jetty and external smoking areas. Images are recorded in constant real-time (24 hours a day throughout the year) and held for 31 days. |
Installed in line with licensing requirements and to improve the security and health & safety of members, visitors and employees and protect the Club’s premises and property through the prevention or detection of crime and the identification and prosecution of offenders. To view the Club’s CCTV Policy, please click here. |
|
Radio call signs |
Collected for a rally and shared between those participating in the rally. |
For the purposes of our legitimate interests in ensuring that boats on a rally can maintain contact with each other. |
|
Member’s name and e-mail address |
Creating and managing the Club's printed and online Membership Directory. |
We will seek the Member’s consent with each Membership application and the Member may withdraw their consent at any time by contacting us by telephone, e-mail or letter to tell us that they no longer wish their details to appear in the Membership Directory. |
|
Bank account details of the Member or other person making payment to the Club and transaction records. |
Managing the Member’s Membership of the Club, the provision of services and events. |
Performing the Club’s contract with the Member. |
|
Member’s name and e-mail address |
Passing to the RYA for the RYA to conduct surveys of Members of the Club (and Members of other clubs affiliated to the RYA). The surveys are for the benefit of the Clubs (and other clubs) and / or the benefit of the RYA. |
For the purposes of our legitimate interests in operating the Club and / or the legitimate interests of the RYA in its capacity as the national body for all forms of boating. |
|
Instructor’s name, address, email addresses, phone numbers and relevant qualifications and/or experience. |
Managing instruction at the Club. |
For the purposes of our legitimate interests in ensuring that we can contact those offering instruction and provide details of instructors to Members. |
|
Record of visitors and Members’ guests in Visitor Book. (Name, boat name, club name). |
Managing non-Member access to the Club. |
For the purposes of our legitimate interests in operating the Club and compliance with the Club’s Rules and Byelaws. |
|
Details of any medical conditions or allergies of persons aged under 18. (Collected on Parental Consent Form) |
To provide the necessary response and treatment should a medical emergency arise. |
To enable the Club to safeguard the health and safety of Members and Event Attendees. This information is destroyed when the event is over. |
|
Special Dietary Requirements. |
To ensure the food provided by the Club meets an individual’s special dietary needs. |
To enable the Club to safeguard the health and safety of Members and Event Attendees. This information is destroyed when the event is over. |
4. How we protect your personal data
4.1 We will not transfer your personal data outside the European Economic Area (EEA) without your consent.
4.2 We have implemented generally accepted standards of technology and operational security in order to protect personal data from loss, misuse, or unauthorised alteration or destruction.
4.3 Please note, however, that where you are transmitting information to us over the internet this can never be guaranteed to be 100% secure.
4.4 For any payments which we take from you online we will use a recognised online secure payment system.
4.5 We will notify you promptly in the event of any breach of your personal data which might expose you to serious risk.
5. Who else has access to the information you provide us?
5.1 We will never sell your personal data. We will not share your personal data with any third parties without your prior consent (which you are free to withhold) except where we are required to do so by law or as set out in the table above or as set out in paragraph 5.2 below.
5.2 We may pass your personal data to third parties who are service providers, agents and subcontractors to us for the purposes of completing tasks and providing services to you on our behalf, e.g. to print newsletters and send you mailings. However, we disclose only the personal data that is necessary for the third party to deliver the service and we have a contract in place that requires them to keep your information secure and not to use it for their own purposes.
6. How long do we keep your information?
6.1 We will hold your personal data on our systems for as long as you are a Member of the Club and for as long afterwards as is necessary to comply with our legal obligations. We will review your personal data every year to establish whether we are still entitled to process it. If we decide that we are not entitled to do so, we will stop processing your personal data except that we will retain your personal data in an archived form in order to be able to comply with legal obligations.
6.2 The Club will ensure that it:
- reviews the length of time for which personal data is retained;
- considers the purpose(s) for which the personal data is held deciding whether and for how long to retain it;
- securely deletes personal data that is no longer needed for the purpose(s), subject to compliance with applicable legal requirements and internal record-keeping policy; and
- updates, archives or securely deletes information if it goes out of date.
The appropriate retention period is likely to depend on the following:
- what the personal data is used for;
- the surrounding circumstances;
- any legal / regulatory requirements; and
- Club policy and/or best practice.
6.3 We will securely destroy your personal data once we have used it and no longer need it. Where the Club cannot delete personal data for legal, regulatory or technical reasons the Club will ensure the security and confidentiality of the data is protected and only use it for the specified purpose for which it is kept.
7. Data Breach & Incident Management
A personal data breach is defined as the unauthorised or accidental disclosure of, access to, loss, theft or alteration, destruction or damage of personal data. Examples of personal data security breaches include, but not limited to the following:
- loss or theft of hard copy personal data;
- disclosing personal data (via letter, fax, email, text message, etc.) to the wrong recipient; or
- unsecure disposal of hard copy records containing personal data in non-confidential waste bins, resulting in loss or theft of that data.
A personal data breach also includes circumstances where personal data appears to have been lost, stolen or otherwise potentially exposed, even if it is later determined that personal data was not actually exposed.
All Royal Solent Yacht Club staff must immediately report all personal data breaches of which they become aware to the Club’s nominated Data Protection Officer (Club Secretary) irrespective of the perceived severity of the breach.
8. Your rights
8.1 You have rights under the GDPR:
(a) to access your personal data;
(b) to be provided with information about how your personal data is processed;
(c) to have your personal data corrected;
(d) to have your personal data erased in certain circumstances;
(e) to object to or restrict how your personal data is processed;
(f) to have your personal data transferred to yourself or to another business in certain circumstances.
For more details, please address any questions, comments and requests regarding our data processing practices to our Data Protection Officer:- secretary@royalsolent.org.