Personal Information on Cycling UK Members
Although Fleet Cycling has some autonomy we are, as a Cycling UK Member Group, part of the Charity. In future, CUK will only supply the names and membership numbers of CUK members in our area (essentially Hart DC area). We have retained our last membership list from CUK (received in November 2017) but we have destroyed all of your personal information with the exception of first and last name, CUK member number and email address. Further information on GDPR is available on the CUK website here.
Fleet Cycling Data Protection Policy
We only process data for the purposes of establishing or maintaining support for Fleet Cycling (here in after referred to as “the club”) and in order to administer activities and keep informed those who are regular supporters of the club. We do not engage in any form of direct marketing or automated decision making.
The source of our data is the data subject. Ordinarily, it is only necessary to process “ordinary personal data” as opposed to “special category” data. The Chair, Secretary, Treasurer, Membership Secretary and Newsletter administrator receive your names, email addresses and, in some cases, your postal addresses. Occasionally, the Data Protection Manager (yet to be appointed) may also have sight of such personal data if it is relevant to Committee meetings or other administrative enquiries from Cycling UK. The Treasurer is responsible for processing and keeping securely any financial data provided by you for example in regards to bank or other financial details if you pay donations or orders for club clothing.
We rely on “legitimate interests” as a lawful basis to process personal data necessary to send you our newsletters because a key role of the club is facilitating communication about news of the club and its activities. Most often we will distribute our Newsletters by Mail Chip whose database holds your First and Last name and email address. Mail Chimp assure us that such data is not used for any other purpose than the club communicating with you.
We rely on legitimate interests and legal obligation as the lawful bases for processing financial information provided by you.
We restrict the amount of personal data which we hold in order to respect the privacy of the data subjects whom it relates to. We also only share your personal data if this is necessary to make payments to our UK bank account to support the club or to comply with other legal duties.
We do not transfer any personal data outside of the UK or EU.
The Officers of the club are responsible for ensuring that we only use the names and addresses and email addresses provided by you for the purposes of circulating our newsletter and other updates about the cycling in Fleet.
We comply with the law on Data Protection as set out in the principles below:
- We do not keep any personal information between the individual and organisation after the individual has ceased being a member of the Cycling UK charity for any longer than 12 months unless it is with your “freely given and informed consent” or if it is necessary for financial record-keeping purposes or other legal purposes such as tax or Gift Aid records.
- All data subjects have the right to complain to the Regulator and to make a subject access request, rectification and/or erasure request. Any such requests should be sent to Colin Waters (Secretary), 61 Victoria Road, Fleet, GU51 4DW. We respect and aim to speedily respond (within a month of receipt) to any requests from individuals about details of any personal data held about them under subject access and will comply with any law in terms of rectification and erasure requests.
- We process any data lawfully, fairly and in a transparent manner.
- We only do so for specified, lawful and legitimate purposes
- We take steps to ensure that only relevant personal data is requested avoiding any requests for excessive or unnecessary details
- We delete out of date data rather than keep it longer than is necessary for the purposes for which it is asked.
- We keep personal data securely from an IT and organisational perspective and do not share it with third parties without a lawful basis for doing so.
- We will report any breaches of data protection once known to the Regulator and any affected Data Subjects without undue delay and in keeping with legal requirements.”