1. Definitions and InterpretationIn this Policy the following terms shall have the following meanings:
“Cookie” means a small text file placed on your computer or device by Our Site when you visit certain parts of Our Site and/or when you use certain features of Site. Details of the Cookies used by Our Site are set out in Part 14, below; and“Cookie Law” means the relevant parts of the Privacy and Electronic Communications (EC Directive) Regulations 2003;
2. Information About Us
This policy explains how the MRPC collects personal information about our members and how we use it, keep it secure and club member’s rights in relation to it. This includes probationary members, visitors and guests.
The data will be retained under the lawful basis detailed below, principally for legal, health and safety reasons. A Legitimate Interest Assessment has been undertaken and can be made available to members on request.
2.1 Lawful Basis
The appropriate lawful basis upon which MRPC rely on for the processing of personal data are:
Contract - This applies where there is a contract (written or implied) between the club and an individual. Membership, competition, event, and course data will be processed on this basis.
Legal Obligation - This applies for processing personal data that is disclosed to the police or other legal requests (e.g. if an incident is recorded on CCTV and is reported to the police.)
Legitimate Interest - This covers the general need for information that the club requires to organise, and promote the activities of the club, maintain its list of contacts, produce activity reports and results which are published on the Club website and other media.
Vital Interest - This covers matters relating to an individual’s health and life or death situations. We do not normally collect this type of information. However, if we are provided with this information by an individual, we will disclose it to those we consider it as necessary to do so (e.g. duty officer, range officer, paramedics).Consent - This is provided for use of other personal data on an ad hoc basis. In each case the consent of the individual will be recorded.
2.2 Data Control Officer
For the purposes of the GDPR, the Club Secretary will be the “controller” of all personal data we hold about club members and others. A Data Control Officer (DCO) appointed by the Executive Committee is responsible for making sure the club complies with the General Data Protection Regulation (GDPR) which applies from 25 May 2018. We will review personal data every year to establish whether we are still entitled to process it or not.
Data Control Officer: Secretary
Email address: firstname.lastname@example.org
4. What is Personal Data?Personal data is defined by the General Data Protection Regulation (EU Regulation 2016/679) (the “GDPR”) as ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’.
Personal data is, in simpler terms, any information about you that enables you to be identified. Personal data covers obvious information such as your name and contact details, but it also covers less obvious information such as identification numbers, electronic location data, and other online identifiers.
5. What Are My Rights?
Under the GDPR, you have the following rights, which we will always work to uphold:
b) The right to access the personal data we hold about you. Part 13 will tell you how to do this.
c) The right to have your personal data rectified if any of your personal data held by us is inaccurate or incomplete. Please contact us using the details in Part 15 to find out more.d) The right to be forgotten, i.e. the right to ask us to delete or otherwise dispose of any of your personal data that we have. Please contact us using the details in Part 15 to find out more.
e) The right to restrict (i.e. prevent) the processing of your personal data.
f) The right to object to us using your personal data for a particular purpose or purposes.
g) The right to data portability. This means that, if you have provided personal data to us directly, we are using it with your consent or for the performance of a contract, and that data is processed using automated means, you can ask us for a copy of that personal data to re-use with another service or club in many cases.
h) Rights relating to automated decision-making and profiling. We do not use your personal data in this way.
For more information about our use of your personal data or exercising your rights as outlined above, please contact us using the details provided in Part 15.
Further information about your rights can also be obtained from the Information Commissioner’s Office or your local Citizens Advice Bureau.
If you have any cause for complaint about our use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office.
6. What Data Do We Collect?
- Email address;
- All data contained in the membership form.
6.1 Enquiries and other communications with the club
When enquiring about the club we may hold your details for a period of time to deal with the enquiry.
Any emails and other communications with the club will only be retained for a period of time appropriate to the content or request.
Club emails will be purged on a regular basis. People added to a club waiting list for membership will be informed and asked for permission to store their data at that point.
6.2 CCTV Images
CCTV is used to record activities on the ranges at the club in the interests of safety and crime prevention. All images are stored onsite in a Digital Video Recorder which is password protected.
The images/data are stored for approximately 1 month and then these are over written.
For these reasons the information processed may include visual images, personal appearance and behaviours. This information may be about club members, members of the public and those inside, entering or in the immediate vicinity of the area under surveillance.
Where necessary or required this information is shared with the data subjects themselves, employees and agents, service providers, police forces, security organisations and other authorised persons making an enquiry.
Any complaints which rely on this about theft/bullying/abuse etc; must therefore be made within 1 month of the incident otherwise the images will have been overwritten.
Parents or guardians signing the probationary or full membership form are giving their permission for the data to be used as described elsewhere in this policy.
7. How Do You Use My Personal Data?
Under the GDPR, we must always have a lawful basis for using personal data. This may be because the data is necessary for our performance of a contract with you, because you have consented to our use of your personal data, or because it is in our legitimate club interests to use it. Your personal data will be used for the following purposes:
- will be used to notify the Police when you apply to join the club and for any appropriate notifications as required by law
- will be used for the purposes of organising and operating the club and your email and telephone numbers may be used for communication about news/work at the club/range closure, competition entries/results and other important notices
- may be shared with any National Governing Body or another Home Office Approved Shooting Club
- will not be passed to anyone else without your permission.
We will always work to fully protect your rights and comply with our obligations under the GDPR and the Privacy and Electronic Communications (EC Directive) Regulations 2003, and you will always have the opportunity to opt-out.
8. How Long Will You Keep My Personal Data?
We will not keep your personal data for any longer than is necessary in light of the reason(s) for which it was first collected. Your personal data will therefore be kept for the following periods (or, where there is no fixed period, the following factors will be used to determine how long it is kept):
8.1 Accuracy and retention of data
- Each individual member is responsible for keeping the Secretary / DCO informed of changes to their data (e.g. address/telephone number etc. and this is updated at least once a year at renewal and you are at that time authorising the club to hold such data on file.
- The data are kept on file at the Secretary’s home address. The data will normally be kept for up to 7 years after membership ceases. It may be kept for a longer period for reasons of legal and civil action or other ongoing case management.
- Names and scores may be kept indefinitely for reason of historical significance – e.g. on trophies, plaques and other awards.
9. How and Where Do You Store or Transfer My Personal Data?
We will only store or transfer your personal data in the UK. This means that it will be fully protected under the GDPR.
- Club officers will process membership information electronically and all information will be held on a database on a secure computer. A backup of this information will be held at the Secretary’s address.
- Paper copies of data will be held at our London Bridge Range and secured in a locked filing cabinet. If it is necessary to transport data it will be kept secure.
- For any on-line payments which we take from members, probationers, visitors and guests we will use a recognised online secure payment system.
- In the unlikely event of a breach of the security of data we will notify members promptly and we will never sell or pass on your personal data.
10. Do You Share My Personal Data?
We will not share any of your personal data with any third parties for any purposes, subject to one important exception, as set out in Part 7.
In some limited circumstances, we may be legally required to share certain personal data, which might include yours, if we are involved in legal proceedings or complying with legal obligations, a court order, or the instructions of a government authority.
11. How Can I Control My Personal Data?
In addition to your rights under the GDPR, set out in Part 5, when you submit personal data via Our Site, you may be given options to restrict our use of your personal data. In particular, we aim to give you strong controls on our use of your data for direct marketing purposes (including the ability to opt-out of receiving emails from us which you may do by unsubscribing using the links provided in our emails and at the point of providing your details).
12. Can I Withhold Information?
13. How Can I Access My Personal Data?
If you want to know what personal data we have about you, you can ask us for details of that personal data and for a copy of it (where any such personal data is held). This is known as a “subject access request”.
All subject access requests should be made via email shown in Part 15. To make this as easy as possible for you, please tell us everything we need to know to respond to your request as quickly as possible.
There is not normally any charge for a subject access request. If your request is ‘manifestly unfounded or excessive’ (for example, if you make repetitive requests) a fee may be charged to cover our administrative costs in responding.
We will respond to your subject access request within less than one month and, in any case, not more than one month of receiving it. Normally, we aim to provide a complete response, including a copy of your personal data within that time. In some cases, however, particularly if your request is more complex, more time may be required up to a maximum of three months from the date we receive your request. You will be kept fully informed of our progress.
All Cookies used by and on Our Site are used in accordance with current Cookie Law.
Certain features of Our Site depend on Cookies to function. Cookie Law deems these Cookies to be “strictly necessary”. These Cookies are shown in the table below. Your consent will not be sought to place these Cookies, but it is still important that you are aware of them. You may still block these Cookies by changing your internet browser’s settings as detailed below, but please be aware that Our Site may not work properly if you do so. We have taken great care to ensure that your privacy is not at risk by allowing them.
In addition to the controls that we provide, you can choose to enable or disable Cookies in your internet browser. Most internet browsers also enable you to choose whether you wish to disable all Cookies or only third-party Cookies. By default, most internet browsers accept Cookies, but this can be changed. For further details, please consult the help menu in your internet browser or the documentation that came with your device.
You can choose to delete Cookies on your computer or device at any time, however you may lose any information that enables you to access Our Site more quickly and efficiently including, but not limited to, login and personalisation settings.
It is recommended that you keep your internet browser and operating system up-to-date and that you consult the help and guidance provided by the developer of your internet browser and manufacturer of your computer or device if you are unsure about adjusting your privacy settings.
15. How Do I Contact You?
To contact us about anything to do with your personal data and data protection, including to make a subject access request, please use the following details for the attention of the Secretary and he/she will respond as per Part 13.
Email address: email@example.com
We may change this Privacy Notice from time to time. This may be necessary, for example, if the law changes, or if we change our club in a way that affects personal data protection. You are advised to check our Club notice board at London Bridge Range regularly for any amendments.