BSC Data and Privacy Policy

1.1 This policy explains when and why BSC collects personal information about its members, how it is used and kept secure and your rights in relation to it.

1.2 We may collect, use and store your personal data, as described in this Data Privacy Policy and as described when we collect data from you.

1.3 We reserve the right to amend this Data Privacy Policy from time to time without prior notice. You are advised to check the secure area of our website http://www.burntislandsailing.org.uk or our Club noticeboard regularly for any amendments (but amendments will not be made retrospectively).

1.4 We will always comply with the General Data Protection Regulation (GDPR) when dealing with your personal data. Further details on the GDPR can be found at the website for the Information Commissioner (www.ico.gov.uk). For the purposes of the GDPR, we will be the “controller” of all personal data we hold about you.

2. Who are we?

2.1 We are Burntisland Sailing Club Ltd. We can be contacted at Burntisland Sailing Club, East Dock, Burntisland Harbour, Burntisland KY3 9DQ or [email protected]

3. What information we collect and why.

Type of information Purposes Legal basis of processing

Member’s name, address, telephone numbers, e-mail address(es)

Managing the Member’s membership of the Club. Keeping in touch with the Member (including by newsletter)

Performing the Club’s contract with the Member

The names and ages of the Member’s dependants

Managing the Member’s and their dependants’ membership of the Club

Performing the Club’s contract with the Member

Emergency contact details

Contacting next of kin in the event of emergency

Protecting the Member’s vital interests and those of their dependants

Date of birth / age related information

Managing membership categories which are age related

Performing the Club’s contract with the Member

Gender

Provision of adequate facilities for members

Reporting information to the RYA

For the purposes of our legitimate interests in making sure that we can provide sufficient and suitable facilities (including changing rooms and toilets) for each gender

For the purposes of the legitimate interests of the RYA to maintain diversity data required by Sports Councils.

The Member’s name, boat name and sail number

Managing race entries and race results.

Publishing race results at the club and with other clubs, class associations, and the RYA, and providing race results to local and national media.

Allocating moorings and compound spaces.

For the purposes of our legitimate interests in holding races for the benefit of members of the Club.

For the purposes of our legitimate interests in promoting the Club.

For the purposes of our legitimate interests in operating the Club.

Photos and videos of Members and their boats

Putting on the Club’s website, social media pages, newsletter and using in press releases

We will seek the Member’s consent by requesting agreement to this policy at the time of their (re)application for membership. The Member may withdraw their consent at any time by contacting us by e-mail or letter

Security camera images

Safety and crime prevention/detection

For the safety of members and visitors and to deter or detect crime

Radio call signs

Collected for a rally and shared between those participating in the rally

For the purposes of our legitimate interests in ensuring that boats on a rally can maintain contact with each other

The Member’s name, phone number and e-mail address

Creating the club’s membership card

Consent. We will seek the Member’s consent on their membership application form. The Member may withdraw their consent at any time by contacting us by e-mail or letter to tell us that they do not wish their details to appear in the membership card.

Bank account details of the member or other person making payment to the Club

Managing the Member’s and their dependants’ membership of the Club, the provision of services and events

Performing the Club’s contract with the Member

The Member’s name and e-mail address, whilst a current member and for up to a year after ceasing to be a member of the Club

Passing to the RYA for the RYA to conduct surveys of Members and former members of the Club. See paragraph 5.3 below

For the purposes of our legitimate interests in operating the Club and / or the legitimate interests of the RYA in its capacity as the national body for all forms of boating

Name, e-mail address and telephone number of each Club Officer

Information published on Club’s website, in Club’s newsletter and other publications, in the Club’s marketing materials and made available to the RYA, in each case as a point of contact at the Club

For the purposes of our legitimate interests in operating and promoting the Club

4. How we protect your personal data

4.1.1 We will not transfer your personal data outside the EU without your consent

4.2 We have implemented generally accepted standards of technology and operational security in order to protect personal data from loss, misuse, or unauthorised alteration or destruction.

4.3 Please note however that where you are transmitting information to us over the internet this can never be guaranteed to be 100% secure.

4.4 For any payments which we take from you online we will use a recognised online secure payment system.

4.5 We will notify you promptly in the event of any breach of your personal data which might expose you to serious risk.

5. Who else has access to the information you provide us?

5.1 We will never sell your personal data. We will not share your personal data with any third parties without your prior consent (which you are free to withhold) except where we are required to do so by law or as set out in the table above or in paragraphs 5.2 and 5.3 below.

5.2 We may pass your personal data to third parties who are service providers, agents and subcontractors to us for the purposes of completing tasks and providing services to you on our behalf (e.g. to print newsletters and send you mailings). We do this for the purpose of our legitimate interests in operating the Club and for performing our contract with you. However, we disclose only the personal data that is necessary for the third party to deliver the service and we have a contract in place that requires them to keep your information secure and not to use it for their own purposes. It is possible that third parties may themselves engage others (sub- processors) to process your data. Where this is the case third parties will be required to have contractual arrangements with their sub-processor(s) that ensure your information is kept secure and not used for their own purposes.

5.3 We may also pass your personal data to the RYA for the purposes of carrying out surveys when it is in the legitimate interest of the club and the RYA to do so. The RYA may use third parties to carry out the surveys but disclose only the personal data that is necessary for the third party to do so and will have a contract in place that require the third party to keep your information secure and not to use it for their own purposes.

6. How long do we keep your information?

6.1 We will hold your personal data on our systems for as long as you are a member of the Club and for as long afterwards as it is in the Clubs’ legitimate interest to do so or for as long as is necessary to comply with our legal obligations. We will review your personal data every year to establish whether we are still entitled to process it. If we decide that we are not entitled to do so, we will stop processing your personal data except that we will retain your personal data in an archived form in order to be able to comply with future legal obligations e.g. compliance with tax requirements and exemptions, and the establishment, exercise or defence of legal claims.

6.2 We securely destroy all financial information once we have used it and no longer need it.

6.3 We will hold security camera images for no longer than one month except where there is a legal reason to do so. In those circumstances, we will only retain those images for the minimum period necessary.

7. Your rights explained

7.1 It is important that you understand what rights you have in respect of the Personal Data and Special Category Personal Data that we hold about you. To let us know that you wish us to exercise any of your rights outlined above please contact us at [email protected]

(a) The right to be informed (knowing how we will use your data). You have the right to be told how we will use your Personal Data – which is set out in This Notice.

(b) The right of access (being provided with copies of your data). You have the right to ask us to provide you with a copy of your Personal Data. We will supply any information you ask for as soon as possible but may take up to 1 month once we are satisfied as to your identity. We will not charge you for this. This is called a data subject access request.

(c) The right to rectification (changing incorrect information we hold). If you believe our records are inaccurate you have the right to ask for those records concerning you to be updated. Contact details for any requests can be found above.

(d) The right to be forgotten (erasure) (requesting deletion of your Personal Data). In some cases, you have the right to be forgotten (i.e. to have your Personal Data deleted from our database).

(e) The right to restrict processing (limiting how we use your data). In certain situations you have the right to ask for processing of your Personal Data to be restricted because there is some disagreement about its accuracy or legitimate usage.

(f) The right to data portability (moving your data in a useable format). You have the right to request the Personal Data you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party – in certain situations.

(g) The right to object (when we must stop processing your data). You have the right to object to us processing data purely for our legitimate interests. If you make such a request, we must stop processing your Personal Data unless: we can demonstrate compelling legitimate grounds for the processing, which override your interests, rights and freedoms; or the processing is for the establishment, exercise or defence of legal claims.

(h) The right not to be subject to automated decision making including profiling (making a decision solely by automated means without any human involvement).

The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you. BSC does not undertake automated decision making or profiling.

7.2 You have the right to take any complaints about how we process your personal data to the Information Commissioner: https://ico.org.uk/about-the-ico/who-we-are/scotland-office/ 0303 123 1115. Information Commissioner’s Office – Scotland 43 Melville Street Edinburgh EH3 7HL

7.3 For further information on each of those rights, including the circumstances in which they apply, please see the Guidance from the Information Commissioner’s Office (ICO) on individuals’ rights under the General Data Protection Regulation.