What personal data does CWCC collect?
The data we routinely collect includes members’ names, addresses, email addresses, ages/dates of birth & emergency contact details. We collect this data directly from our members.
We also store data from those contacts who have given their information to us when making enquiries, registering for events or registering as potential members.
For some of our members we may have additional information such as committee memberships, coaching qualifications, first aid qualifications and DBS checks done with your knowledge and permission. We will also keep information relating to disciplinary matters and sanctions.
What is this personal data used for?
We use members’ data for the administration of your membership; the communication of information and the organisation of competitions and other events.
Who is your personal data shared with?
Your data is not shared with any other organisation, nor with other members within the club. Your data is never released to 3rd parties, for commercial use or otherwise.
When you take part in an organised open event, such as a time trial or road race, you make your entry directly with the organisers and your personal data is the responsibility of the organising body. Please check the privacy notice of the organising body if you have any concerns. CWCC does not pass data from its own records to any organising body.
Where does this data come from?
Data for our members comes directly from them when they join the club, renew their membership or provide us with updated details.
Data for non-members comes directly from them when they enquire about membership.
If your personal data changes please contact us with your new details.
How is your data stored?
Most of our data, including our main membership database, is stored in digital form on the computer of the Membership Secretary and other committee members.
Who is responsible for ensuring compliance with the relevant laws and regulations?
Under the GDPR (General Data Protection Regulation) we do not have a statutory requirement to have a Data Protection Officer. The person who is responsible for ensuring that CWCC discharges its obligations under the GDPR is the Chairman of the CWCC committee.
He is the person who is responsible for maintaining a log of data breaches and notifying the Information Commissioner’s Office and any members affected as necessary, in accordance with our legal obligations.
Who has access to your data?
Committee Members of CWCC have access to members’ data in order for them to carry out legitimate tasks for the club but will not be free to pass it on to any other organisation or club member.
What is the legal basis for collecting this data?
The CWCC collects personal data that is necessary for the purposes of its legitimate interests as a membership organisation.
For some data, such as that relating to financial matters, the basis for its collection and retention is to comply with our legal obligations.
Similarly, personnel data is kept in compliance with our legal obligations.
How you can check what data we have about you?
If you want to see the membership data we hold about you, you can contact the Membership Secretary. You can also ask to have most of your details updated or change the permissions you wish to grant for the use of your data.
Does the CWCC collect any “special” data?
The GDPR refers to sensitive personal data as “special categories of personal data”.
Of these categories, the only data we record relates to gender, ethnicity and the disabilities of some of our members when they have explicitly allowed for it to be recorded. This data is only used for statistical purposes (e.g. to encourage and ensure inclusion). If you wish to change this data on your record you can do so at any time by contacting the Membership Secretary.
How can you ask for data to be removed, limited or corrected?
There are various ways in which you can limit how your data is used.
- You could maintain your CWCC membership with your correct name but with limited contact details. However, we do need to have at least one method of contacting you. You could for example simply maintain an up-to-date email address, but of course this would limit what we are able to provide you with in the way of written information, so you would not be able to get any other member benefits that require a mailing address. Also a failure to provide emergency contact details could pose a potential safety risk when engaging in club activities.
- You do not need to provide us with your date of birth unless you wish to enter age-limited events or gain concessions based on age.
- You may choose not to receive information emails from CWCC (we do not send any out on behalf of other organisations).
- Any of these options can be implemented by contacting the Membership Secretary.
How long we keep your data for, and why?
We normally keep members’ data after they resign or their membership lapses. This is because we find members sometimes later wish to re-join (occasionally after several years). However, we will delete any former member’s contact details entirely on request.
Other data, such as that relating to accounting or personnel matters, is kept for at least the legally required or recommended period, which is 7 years for financial transactions.