HOW WEY PROTECT YOUR DATA
The General Data Protection Regulations, or GDPR, came into force May 25th, 2018. The Regulations seek to provide protection of individuals' data and puts the onus on data holders to hold it legitimately, accurately and securely. Various senior members of the Club have investigated what is required, and as a result, we (along with all clubs and businesses) have reviewed and improved our data handling processes, continually seeking input and ways to improve and ensure compliance.
WHY WE HOLD DATA
We hold data on members to enable us to manage the Club business and financial affairs, to arrange coaching and training sessions, to keep in touch with rowing news and notices via our e-newsletter, 'By The Wey', to liaise with members and provide information to the national governing body, British Rowing.
WHAT DATA WE HOLD
We hold information such as the member's name, date of birth (so we can manage age group related activities), phone number and email (if given), parental (for Juniors) and emergency contact information (phone, email), home address, school (Juniors) or workplace (Seniors), medical (for safety reasons), and the date of a capsize drill.
If a junior member goes away on a training camp, we may need additional data, although very often the data we request is the same we have already, but need to it is up-to-date. Some data, such as a passport number, is held for the duration of the camp only.
We will also have to share some data with outside persons, such as informing an accommodation provider or restaurant, where members have allergies or other dietary requirements.
CAN CONSENT BE ASSUMED?
Although consent can be assumed, we do ask for specific consents, namely, as part of our membership application, change of membership (type/details) and renewal processes.
If people provide data to a club they must reasonably assume that the data will be used. It is how the data is used and where it is held that was tightened up, under something called 'legitimate interests' - essentially, if we (the club) need the data to provide a service to you (the member) and we can't do it without your data, then consent can be assumed.
For example, a phone number for a parent of a junior member needs to be held so that they can be contacted in the event of an emergency. Similarly, if parents and/or members are expecting communications about events, training, etc. an email address is the best way to receive such communications.
WHY WEY USE WEBCAMS
We are required to provide a notice, such as this, informing club members and the general, passing public that we have webcams installed, and why we do. It is highly unfortunate that we should have to, but we have installed securely (both software and hardware) and make use of two webcams to be able to target any necessary response to reports or suspicions of vandalism, theft and, in accordance with arrangements with our landlord, control access and prevent trespassing.
A further application of our webcam installation is to provide a reasonable level of assurance on the safety and security for all those attending or visiting our shared island location.
WHERE WE HOLD YOUR DATA
Your member data is held 'in the Cloud', specifically the Club's own Google Drive that is part of the G Suite, sitting on Google Cloud, a public cloud service. Google has registered its Google Cloud and G Suite as being GDPR compliant. This includes those platforms integrated for our digital communications: Wix.com and Mailchimp.
We have now assessed and brought across all member data to this Google platform with its strong password protection, and wiped clean any data, including historical content, held on personal computers.
British Rowing are working on a GDPR-compliant membership system, of which we were 'early adopters' in helping to develop.
WHAT WE DON'T DO
We will neither sell your data nor allow it to be used for other reasons, e.g. as a sales tool.
ON HISTORICAL CONTENT...
We have reviewed the couple lists held on past members, both recent and from some time ago. Whilst rarely used with access strictly limited, we established that keeping past members' email address is justified, for instance, to make contact to advise of a funeral arrangements; such as was the case when Jon Beagley died. All other personal data is redacted.
WHAT IF I WANT MY DATA DELETED?
We do understand any past member wishing to have all their data deleted from our system. If so, simply contact us and we will delete it - no problem. If you are a current member, however, this could prove to be a problem and severely limit our ability to communicate effectively with you, for those reasons stated above ('Why we hold your data').
WHO CAN I SPEAK TO ABOUT THIS?
We are not experts but we have taken some sound advice from experts and wish to assure you we do our utmost to protect your data. We hope this information has been of help, but of course feel free to contact us with your query.