About this policy
1.1 This policy explains when and why we collect personal information about our members, how we use it and how we keep it secure and your rights in relation to it.
1.4 We will always comply with the General Data Protection Regulation (GDPR) when dealing with your personal data. Further details on the GDPR can be found at the website for the Information Commissioner (www.ico.gov.uk). For the purposes of the GDPR, we will be the “controller” of all personal data we hold about you.
Who are we?
1.5 We are East Coast Cruising (ECC). We can be contacted at [email protected].
What information we collect and why
|Type of information||Purposes||Legal basis of processing|
|Member name, e-mail address(es). Phone number(s)||Managing the Member’s membership of the Club. Keeping in touch with the Member (including by newsletter).||Performing the Club’s contract with the Member.|
For the purposes of our legitimate interests in operating the Club.
|Member notification URI. Medium specific addressing provided by the member.||Notifying the member of updates to the website, fora and any other updates deemed worthy of notification||We will seek the Member’s consent on their membership application form or via the website and each membership renewal form and the Member may withdraw their consent at any time by contacting us by e-mail.|
|Emergency contact details||Contacting next of kin in the event of emergency||Protecting the Member’s vital interests and those of their dependants|
|Gender||Provision of adequate facilities for members.||For the purposes of our legitimate interests in making sure that we can provide sufficient and suitable facilities (including changing rooms and toilets) for each gender.|
|Photos and videos of Members and their boats||Putting on the Club’s website, social media pages, newsletter and using in press releases.||We will seek the Member’s consent on their membership application form and each membership renewal form and the Member may withdraw their consent at any time by contacting us by e-mail.|
|VHF Radio MMSI||Collected for a rally and shared between those participating in the rally.||For the purposes of our legitimate interests in ensuring that boats on a rally can maintain contact with|
|The Member’s name and e-mail address, Boat Name, Manufacturer and Model, Marina / Berth or Buoy location / Id||Creating and managing the Club’s online|
|We will seek the Member’s consent on their membership application form and each membership renewal form. The Member may withdraw their consent at any time by contacting us by e-mail or online to tell us that they no longer wish their details to appear in the Membership Directory.|
|Name, e-mail address and telephone number of each Club Officer||Information published on Club’s website, in Club’s newsletter and other publications and in the Club’s marketing materials, in each case as a point of contact at the Club||For the purposes of our legitimate interests in operating and promoting the Club|
|Name, e-mail address and telephone number|
of each Club committee member
|Information published on|
|For the purposes of our legitimate interests in operating and promoting the Club|
|Employees and representatives of suppliers to the Club||Entering into and managing arrangements|
|Entering into and performing contracts with suppliers|
How we protect your personal data
1.6 In order to manage your membership of the Club and communicate with you, it may sometimes be necessary for us to transfer your personal data outside the European Union]. However we will only do so in accordance with the GDPR. That is most likely to involve either approval by the EU Commission that the country to which your data is being transferred provides adequate protection for personal data or on the basis of standard clauses, required by the EU, with the organisation to which we are transferring your data.
1.7 We have implemented generally accepted standards of technology and operational security in order to protect personal data from loss, misuse, or unauthorised alteration or destruction.
1.8 Please note however that where you are transmitting information to us over the internet this can never be guaranteed to be 100% secure.
1.9 For any payments which we take from you online we will use a recognised online secure payment system.
1.10 We will notify you promptly in the event of any breach of your personal data which might expose you to serious risk.
Who else has access to the information you provide us?
1.11 We will never sell your personal data. We will not share your personal data with any third parties without your prior consent (which you are free to withhold) except where we are required to do so by law or as set out in the table above or in paragraphs 5.2 and 5.3 below.
1.12 We may pass your personal data to third parties who are service providers, agents and subcontractors to us for the purposes of completing tasks and providing services to you on our behalf (e.g. to print newsletters and send you mailings). We do this for the purpose of our legitimate interests in operating the Club and for performing our contract with you. However, we disclose only the personal data that is necessary for the third party to deliver the service and we have a contract in place that requires them to keep your information secure and not to use it for their own purposes. It is possible that third parties may themselves engage others (sub processors) to process your data. Where this is the case third parties will be required to have contractual arrangements with their sub processor(s) that ensure your information is kept secure and not used for their own purposes.
How long do we keep your information?
1.13 We will hold your personal data on our systems for as long as you are a member of the Club and for as long afterwards as it is in the Clubs’ legitimate interest to do so or for as long as is necessary to comply with our legal obligations. We will review your personal data every year to establish whether we are still entitled to process it. If we decide that we are not entitled to do so, we will stop processing your personal data except that we will retain your personal data in an archived form in order to be able to comply with future legal obligations e.g. compliance with tax requirements and exemptions, and the establishment, exercise or defence of legal claims.
1.14 We securely destroy all financial information once we have used it and no longer need it.
Your rights explained
1.15 It is important that you understand what rights you have in respect of the Personal Data and Special Category Personal Data that we hold about you. To let us know that you wish us to exercise any of your rights outlined above please contact our Data Protection Manager at [email protected]
The right to be informed (knowing how we will use your data).
1.16 You have the right to be told how we will use your Personal Data – which is set out in This Notice.
The right of access (being provided with copies of your data).
1.17 You have the right to ask us to provide you with a copy of your Personal Data. We will supply any information you ask for as soon as possible but may take up to 1 month once we are satisfied as to your identity. We will not charge you for this. This is called a data subject access request.
The right to rectification (changing incorrect information we hold).
1.18 If you believe our records are inaccurate you have the right to ask for those records concerning you to be updated. Contact details for any requests can be found above.
The right to be forgotten (erasure) (requesting deletion of your Personal Data).
1.19 In some cases, you have the right to be forgotten (i.e. to have your Personal Data deleted from our database).
The right to restrict processing (limiting how we use your data).
1.20 In certain situations you have the right to ask for processing of your Personal Data to be restricted because there is some disagreement about its accuracy or legitimate usage.
The right to data portability (moving your data in a useable format).
1.21 You have the right to request the Personal Data you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party – in certain situations.
The right to object (when we must stop processing your data).
1.22 You have the right to object to us processing data purely for our legitimate interests. If you make such a request, we must stop processing your Personal Data unless: we can demonstrate compelling legitimate grounds for the processing, which override your interests, rights and freedoms; or the processing is for the establishment, exercise or defence of legal claims.
The right not to be subject to automated decision making including profiling (making a decision solely by automated means without any human involvement).
1.23 The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you. ECC does not undertake automated decision making or profiling.
1.24 You have the right to take any complaints about how we process your personal data to the Information Commissioner:
0303 123 1113.
Information Commissioner’s Office
Cheshire SK9 5AF
For further information on each of those rights, including the circumstances in which they apply, please see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights under the General Data Protection Regulation.