Privacy

 

Personal Information, Data Protection & GDPR

We have an amount of personal information on our members and our contacts. This privacy statement is primarily concerned with the personal information we hold and is designed to inform the individuals most concerned (that is those individuals about whom we have some personal information). It is published to meet our legal duties in the General Data Protection Regulation (GDPR) and the Data Protection Act.

Contact details
Flushing and Mylor Pilot Gig Club (hereafter The Club)

The Gig Shed

Kiln Quay

Flushing

Cornwall

TR

United Kingdom
Tel: +44 (0)7766352589
Email: fmpgcsec@gmail.com

Our data protection officer 
Club Secretary: Sarah King

For any questions concerning data protection or privacy please contact Ms King email fmpgcsec@gmail.com

Supervisory authority for data protection
The Information Commissioner’s Office

Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Their contact details can be found on their website: https://ico.org.uk

Legal framework

We comply with data protection legislation: the current laws (as expected at 25/5/2018) are The General Data Protection Regulation (GDPR) and the Data Protection Act, 2018.

Why we collect personal information

We seek to restrict the personal information that we process to the minimum required to deliver the ‘service’ in question. If we want extra information for any reason, we will explain “what” and “why” when we ask you.

Legal rights for individuals

We process information in accordance with the letter of the law and the essential principles set out in legislation. The GDPR gives individuals the following legal rights:-

1. The right to be informed
2. The right to access
3. The right to rectification
4. The right to erasure
5. The right to restrict processing
6. The right to data portability
7. The right to object
8. Rights in relation to automated decision making and profiling.

Brief summary of your rights

1. The right to be informed

We need to tell you what we will do with your personal information. We aim to keep your information safely and to be transparent with you about our activities. The Information Commissioner’s Office has published the detailed table below and we have added our own information to that table.

The table below summarises the information we should supply to individuals and at what stage.

What information must be supplied? Data obtained directly from data subject Data not obtained directly from data subject Where to find this
Identity and contact details of the controller and the data protection officer     This is set out above
Purpose of the processing and the lawful basis for the processing We specify this when/where we ask for information
The legitimate interests of the controller or third party, where applicable
Categories of personal data   We’ll tell you if we get information about you from anyone else before we add this to our own records.
Any recipient or categories of recipients of the personal data This is stated near the place where we ask for the information
Details of transfers to third country and safeguards X X We are a local organsiation and will not transfer any data about you to anyone in a third country.
Retention period or criteria used to determine the retention period This varies with different data.  We  destroy all information that identifies an individual from our records once the information is no longer needed.

Data Category Retention Period / Criteria
Personal data of members and volunteers relating to address, contact details both manual and electronic. 24 months after leaving
Personal details of staff, contractors and directors relating to address, contact details both manual and electronic Same
Details of non-members contacting The Clubby email or via website 12 months
 
The existence of each of data subject’s rights This advice
The right to withdraw consent at any time, where relevant This advice
The right to lodge a complaint with a supervisory authority This advice
The source the personal data originates from and whether it came from publicly accessible sources   We’ll tell you if we get information about you from anyone else before we add this to our own records.
Whether the provision of personal data is part of a statutory or contractual requirement or obligation and possible consequences of failing to provide the personal data   This is stated near the place where we ask for the information
The existence of automated decision making, including profiling and information about how decisions are made, the significance and the consequences  

We don’t use this

When should information be provided? At the time the data are obtained. Within a reasonable period of having obtained the data (within one month)
If the data are used to communicate with the individual, at the latest, when the first communication takes place; or
If disclosure to another recipient is envisaged, at the latest, before the data are disclosed.

2. The right of access

You have the right to know that your data is being processed and the right of access to the data, together with information of your rights (as set out in this web page) to enable you to verify the lawfulness of the processing.  We will provide you with a copy of any/all information we hold on you, on request.

Fees

We normally provide a copy of your personal information free of charge. However, we may charge a fee:- if a request seems unfounded or excessive, particularly if it is repetitive; or to supply more than a single copy of any information.

Any fees will be based on the administrative cost of providing the information.

Time frame

We will provide Information without delay and normally within one month of receipt, once we have verified the identity of the person making the request.  If the request is particularly difficult to meet, we may need up to one month’s extension. If so, we will advise you within one month of the receipt of the request and explain why the extension is necessary.

If your requests are manifestly unfounded or excessive; in particular because they are repetitive, we may refuse to meet the contested request.  In those (unusual) circumstances, we will (without undue delay and at the latest within one month) explain why to the individual concerned informing them of their right to complain to the supervisory authority and their right to seek a judicial remedy.

3. The right to rectification

If the information that we have is wrong, then you have the right to demand that we correct it.  We undertake to do this within one month of knowing the error.  We also undertake to inform anyone whom we had previously misinformed.  We may need to verify information that is subject to a rectification request.  If that process takes longer than one month you have the right to ask us to suspend processing your data during our verification.

4. The right to erasure

If we have information that we are only lawfully permitted to process with your express permission or information which is redundant (such as might be included in records relating to an old membership) you have the right to tell us to erase the information.  We will do this straight away for information which we can only process with your permission and as soon as practical for information which may still be lawfully processed without your consent (such as contact details for a debtor).

5. The right to restrict processing

You have the right to tell us to suspend the processing of your personal information whilst we deal with your rights to erasure/rectification.

6. The right to data portability

If we hold any of your data in electronic format we will – on receipt of your instruction – send this electronically to a third party of your choice. For security reasons, we would need your instructions in writing and we may need time to take steps to verify that the instructions actually come from you.

7. The right to object

You have the right to object to us using your personal information for direct marketing, profiling and or (in some situations) research; although there are circumstances that might allow us to proceed despite objections.

The only direct marketing (or activity which might arguably fall within the definition of direct marketing) we undertake, which may use your contact details, would be on our own account.  We will stop sending you any direct marketing as soon as you ask.

We will not share your information with anyone else to enable them to engage in direct marketing.

8. Rights in relation to automated decision making and profiling or research.

We do not use our members’ personal information for such purposes in any way.  We do not use automated decision making and any profiling activities are restricted to “higher level” anonymised data which would not allow individuals to be identified.

Last updated: 2nd May 2018