ACCC Privacy Notice
DATA PRIVACY NOTICE
AYR COUNTRY CURLING CLUB
This statement explains Ayr Country Curling Club’s (ACCC’s) policy for handling the personal data you disclose to us, for example when signing up to receive our communications or becoming a member of our Club. It stipulates how we use, store and keep it. A glossary of terms with particular legal meanings is found at the end. Your information will be held by either the Secretary or the Treasurer for the purposes of managing the Club’s affairs in accordance with the EU General Data Protection Regulation (GDPR) (Regulation 2016/679), the EU e-Privacy Directive (Directive 2002/58/EC) and the UK Data Protection Act 2018.
1. Who are we?
The Committee of ACCC are the Data Controllers for any Personal Data you give us. The Secretary’s contact details are: Chris Evans, Noddsdale Cottage, Brisbane Glen Road, Largs, KA30 8SL, Tel: 07967 374318, E-mail: firstname.lastname@example.org
2. What do we do with your information?
We keep your Personal Data up to date; we store it and, when it is no longer required, destroy it securely; we only collect or retain data we need; we will protect it from loss, misuse, unauthorised access and disclosure and ensure that it is protected with appropriate security measures. In addition, we limit access to your Personal Data to those members of the Club who have a need to know it. They will only process your Personal Data on our instructions and they are subject to a duty of confidentiality.
3. We use your Personal Data for the following purposes: -
- To enable us to provide a voluntary service as specified in our constitution;
- To raise funds for the Club and promote the interests of curling as a sport;
- To manage our membership;
- To maintain our own accounts and records;
- To inform you of the Club’s programmes, news, social events and other related activities.
4. What is the legal basis for processing your Personal Data?
- Consent from you, the Data Subject, so that we can keep you informed about the Club’s programmes, news, social events and other related activities;
- Consent from the Committee or other Club members to share their contact details as appropriate.
5. Who it will be shared with?
We will treat your Personal Data as strictly confidential and will only share it with relevant members of the Club for administrative or social purposes. We will not share your data with third parties outside our control without your consent unless required to do so by law.
6. How long do we keep your Personal Data?
Your data will be kept for as long as it is relevant to the administration and governance of the Club and/or for legal reasons. Where we are processing data based on your consent, you have the right to withdraw that consent at any time.
7. Your rights and your Personal Data
You can object or withdraw your consent to the use of your Personal Data at any time. Subject to some legal exceptions, you also have the right to:
- request a copy of the personal information we hold about you;
- to have any inaccuracies corrected;
- to have your Personal Data erased;
- to object to processing, or place a restriction on our processing, of your data;
- and to request that the data we have about you is given to you in a portable format.
Please direct any such requests to the Club Secretary at the address given above.
To learn more about these rights or if you are dissatisfied with our response you can complain to the Information Commissioner's Office Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF Telephone: 01625 545 745
8. CHANGES TO THIS NOTICE
We may make changes to this Notice from time to time as our Club’s practices and/or applicable laws change. We will not make any use of your personal information that is inconsistent with the original purpose(s) for which it was collected or obtained (if we intend to do so, we will notify you in advance wherever possible) or otherwise than is permitted by data protection laws.
"Data Controller" means a person, organisation or body that determines the purposes for which, and the manner in which any personal dta is processed. A Data Controller is responsible for complying with the data protection laws including the GDPR and establishing practices and policies in line with them.
"Data Processor" means any person, organisation or body that processes personal data on behalf of and on our instruction. Data Processors have a duty to protect the information they process by following data protection laws.
"Data Subject" means a living individual about whom we process personal data and who can be identified from the Personal Data. A Data Subject need not be a UK national or resident. All Data Subjects have legal rights in relation to their personal data and the information that we hold about them.
"Personal Data" means any information relating to a living individual who can be identified from that information or in conjunction with other information which is in, or is likely to come into, our possession. Personal Data can be factual (such as a name, address or date of birth) or it can be an opinion (e.g. a performance appraisal). It can even include a simple email address. A mere mention of someone's name in a document does not necessarily constitute Personal Data, but personal details such as someone's contact details (if it enabled an individual to be identified) would fall within the definition.
"Processing" means any activity that involves use of Personal Data. It includes obtaining, recording or holding the information or carrying out any operation or set of operations on it, including organising, amending, retrieving, using, disclosing, erasing or destroying it. Processing also includes transferring or disclosing Personal Data to third parties.