In order to operate as an organisation we need some personal data about our members. The privacy notice below explains more about the information we hold, how we use it and what your rights are.
On the 25th May 2018 new legislation on Data Protection entered into force - The General Data Protection Regulations 2018 - “GDPR”.
GDPR replaces previous legislation and contains lots of obligations which the Confrérie du Sabre d’Or (the Club), The Order of the Golden Sabre and Golden Sabre Tours must fulfil and lots of rights which you as Members have vis-à-vis the Club. Many of the Rules are the same as under previous legislation, but there is plenty of new material.
GDPR is an EU Directive directly applicable in all Member states without the need for local legislation and with effect from 25th May 2018. However, the UK has decided that it wants the content of GDPR to apply after the UK leaves the EU and has tabled a Bill in the House of Lords which will achieve this objective. At first sight the Bill looks the same as GDPR (with adjustments which the Club believes are mainly not relevant to the Club’s position) but things change and the Club will need to review its position once the Bill becomes law. GDPR, including its preamble, contains some 54,000 words so the Club hopes you will be understanding if we attempt to reduce that to some succinct explanations at the risk of leaving some questions in Members’ minds. All such questions and doubts can be emailed (or sent by post) to the Club and will be answered in the form of FAQs (Frequently Asked Questions). GDPR already allows the Club (“Controller” in GDPR-speak) to introduce operational rules and policies compliant with the new Directive (if you spot an error please tell us by email).
GDPR profoundly changes the way the relationship between the Club and its Members works in relation to the information (data) which the Club collects from you and then processes and stores. No data is provided to or accessed by a third party such as an event venue. Most of the law is mandatory but where there are options this notice will identify and explain the option the Club is using. Many of the terms are rather technical but we need to use specific terms in order to say exactly what GDPR stipulates. The Club’s first task is to be a lawful processor of your data.
2. LAWFUL PROCESSING
Membership of the Club is a form of contract where Members pay a subscription in return for which Members receive benefits and services provided by the Club. The Club asserts that it is a lawful processor by virtue of this relationship and does not need to obtain specific consent to process data. The Club also considers it is exempted from any obligation to appoint a Data Protection Officer (DPO) but it does accept the obligation to carry out processing in ways which are lawful, fair and transparent. The Club may be required to appoint a designated DPO by the UK legislation when it becomes law.
3. TYPES OF DATA COLLECTED AND STORED
The Club is committed to recording accurate personal data which primarily consists of the information on the Membership Application Form.
We do not have access to your banking data as that is an arrangement between you and 'Gocardless' although we do have the ability to set up requests for payment. Gocardless will have its own Privacy notice which you can request from them.
The Club does not collect sensitive personal data such as genetic, biometric or health data nor information on race, ethnicity, religion, political persuasion, or sexual orientation. Such sensitive data is known in GDPR as special category data.
The Club may use your data to enhance your experience of Club Membership by recording your personal preferences, interests and geographical location.
The Club may verify the information supplied in the Membership Application Form but does not seek additional information when considering an application.
If information is published (i.e. in the public domain) about a Member, e.g. personal, professional or civic honour, award, achievement, etc. the Club is likely to add such information to your Member record.
The Club does not claim it is hacker-proof. This aspect of processing is being reviewed at least annually as well as whenever there is a high profile report of data breach. In the event of there being a data breach the Club undertakes to inform you (as well as any relevant authority) not later than 1 month of the Club becoming aware of the breach. The Club does not believe that the data it holds give rise to any need to report a breach to the Information Commissioner within 72 hours but it is conscious of the possible need to do so.
Paper records are also held securely.
4. TRANSFER AND SHARING OF DATA
The Secretary (which includes any assistant) who is a volunteer to the Club, is the principal processor of your data.
Book-keeping is done by another volunteer to the Club and supervised by an independent qualified volunteer on whom required legal obligations have been imposed in relation to processing Members' data.
The Club hires an IT consultant as required but they generally do not require access to member’s data but should that be required it would be under supervision.
The Club’s Officers may also wish to look at Member data from time to time.
The Club will not be able to release to a member personal data about another member, even a telephone number or email address.
When you attend functions or events organised by the Club the venue will occasionally, for security and practical reasons, want a list of names.
The club magazine is mailed out from the office and not by any third party.
The Club does not knowingly transfer your data outside the EU.
5. RETENTION OF DATA
The Club intends to hold your data throughout the period of your Membership and applying the following post-Membership policies:
In the case of resignation, for up to six months and thereafter to retain indefinitely only your name, the date of joining and the date of resignation.
In the case of exclusion, for eight years (in order that appropriate institutional memory exists of the circumstances).
In the case of death, indefinitely, for archival purposes only, but the Club will consider requests for erasure from immediate family and/or executors.
6. YOUR RIGHTS
- To complain:
Ideally the Club would wish to try to deal with complaints itself before recourse to any external authority and asks Members to submit complaints via email but it is open to Members to submit a complaint at any time to the Office of the Information Commissioner.
- To have correct data recorded by the Club:
The Club will be happy to correct errors.
- To require the Club to erase data which it holds about a Member:
The Club will fully respect the new legislation but reminds Members that the low-level information gathered by the Club is perceived by the Club as the minimum needed to provide Members with the benefits of Club Membership.
7. THE CLUB WEBSITE
This policy applies when members use the Club website. There is a link to the policy when you log on to the site.
8. FREQUENTLY ASKED QUESTIONS (“FAQs”)
FAQs will occur as Members put questions to the Club and to respond to the evolution of the regulatory environment. Answers to FAQs form part of this Notice.
Whenever this policy is updated a notice will be sent to Members. This policy will be reviewed not later than May 2019 and annually thereafter.
If you would like to contact us please email email@example.com
The support, management and operation of this website necessarily involves a number of third party organisations, each of which may access and store the data entered by users of the site.
Such organisations are used purely in support of the UK website of the Confrérie du Sabre d'Or and are shown below - Click on the names given below to see the relevant sections of their individual websites, which indicate how they use and store any data collected and how they comply with regulations concerning privacy and data protection:
We offer no assurances regarding the privacy, data protection, or GDPR compliance of any websites for which an external hyper-link has been provided on this site, such as for Caveaux or other event venues, or associated organisations.