On the 25th May 2018 the way that organisations hold personal data on people changes, The GDPR is the EU General Data Protection Regulation which will replace the Data Protection Act 1998 in the UK and the equivalent legislation across the EU Member States. At the Box Motor Club the General Data Protection Regulation (GDPR) is already in force and we are currently implementing changes to meet the deadline.
One of the principles of the Data Protection Act (and the GDPR), is that you can only process data for the purpose for which it is collected. This means that if you collect a name and contact details of an individual, so that they can become a member of a club, you can’t simply use that information to allow your affiliates to contact them for marketing purposes. You also need to tell people when they join the club if you are going to transfer their data, for example to another organisation.
So does this apply to the Box Motor Club?
GDPR applies to all companies processing the personal data of data subjects residing in the European Union, regardless of the company’s location. Therefore, as the Box Motor Club stores personal data on its members, GDPR also applies to us and many other clubs.
What about BREXIT?
Leaving the EU makes no difference and does not make the UK exempt. The UK government are implementing the changes regardless of the current landscape.
So what are the key changes for clubs?
1. More communication
GDPR states that clubs will need to give people more information about how and what we do with your data at the point you collect it.
At the Box Motor Club data is collected for membership purposes only. When you sign up this is done through a secure SSL connection and once your account is created.
Your details are used by the Box Motor Club so essentially we know who you are, how to contacl you and, to understand where our members are based, know your geographic location. Your details are not passed onto any other third party and we have kept the personal details we hold on you to an absolute minimum so that they only consist of:
Address (Optional but Country field is mandatory)
Who can see these details?
The actual database is only accessible by two people within the Box Motor Club:
Webmaster - For purpose of administration
Treasurer - For purposes of membership payments
What if someone ask for my details or email address?
The Box Motor Club will never provide details to another party. If someone ask for your details we will send their request to you so that your may reply to them if you wish.
2. Responding to subject access requests & Data Retention
In most organisations when someone requests a copy of the personal data that is held about them this had to be presented within a 40 calendar day period.
What happens if I let my membership expire?
For members of the Box Motor Club whose membership has expired, membership details will be held for 6 months to allow continuity of your account, should you wish to renew. After a 6 month period following the expiry date, your membership account and details will be fully deleted. Expired members whose accounts have been deleted can still contact the club at firstname.lastname@example.org to confirm their details are no longer held by the club. In addition expired members can contact the club prior to the 6 month cut off to ask for details to be deleted.
GDPR policies indicate that there will be direct obligations on data processors as well as on data controllers. At the Box Motor Club we use the following third parties for processing data:
Why? We use this for processing payments.
All payment details are stored on Paypal servers and are not accessible to the Box Motor Club at any point. Paypal feeds the payment into our system although any information on that transaction, apart from the payment date and fee paid, is not stored on our servers.
Why? We use MailChimp for our newsletters.
All subscribers email addreses (both members and non-members) are stored on MailChimp servers and subscribers are able to view their details or unsubscribe at any time. These email addresses are for Box Motor Club newsletters only and are not available to or provided to any other parties.
4. Getting consent
Under GDPR it is important we get consent to use your personal data in certain ways, for example to send marketing emails or, as in the case of the Box Motor Club, to send Newsletters:
From February 1st 2018 all new members are required to tick a box on the application form to agree to their details being stored in accordance with GDPR policies and as such will receive newsletters via email. The email address may also be used by the club for direct contact about your membership but in no circumstances with be provided to anyone not associated with the mailing list or to anyone outside of the Box Motor Club
What if I joined before February 1st 2018?
All members who joined before February 1st 2018 have been contacted and provided with details of how to unsubscribe from any further newsletters should they wish for their details to no longer be used in his way. Every newsletter also has both an Unsubscribe and More Preferences option at the end of the newsletter.
GDPR contains additional policies for the protection of children’s personal data. Whilst children are welcome to the club, the Box Motor Club recommends that parents or guardians should sign up for their child thus providing consent that the club can store associated data. Because being a member involves a payment via Paypal or by cheque, which itself have adult age restrictions, we believe that all members who do sign up and pay via these sources are therefore adults creating accounts for themselves or if for a child are providing consent by making the payment. It is also for this reason that a member’s age is not requested.
6. Data breaches
In the unlikely event of a data breach where unauthorised access has been made to access member’s data, all members on the data base will be informed.
7. Member’s concerns
At the Box Motor Club we have done the best we can to understand and be compliant with the new GDPR rulings that come into effect on May 25th 2018. Whist we trust that members should have no cause for concern about the way their details are kept, should anyone have any concerns or any questions then these should be addressed to email@example.com
Please note that this page may change up until 25th May 2018 should we discover sections that we may need to redraft to adhere with GDPR.
Box Motor Club - 5th February 2018
(Box Motor Club GDPR V1.0)
Club Meets: Blue Bell, 23 The Callis, Ashby de la Zouch LE65 2JG
Copyright © 2019 Box Motor Club