Data Protection Policy
Hinckley Mountaineering Club – Data Protection Policy 22 May 2018
- Introduction
Hinckley Mountaineering Club (HMC) must be compliant with the General Data Protection Regulation (GDPR) coming into force on 25 May 2018. The GDPR gives the individual the right to be informed, the right of access, of rectification, of erasure and the right to object. This document explains how members’ personal data is held, handled and controlled. If there are any queries about the club’s data-handling then these should be addressed to the Club Secretary - Why Data is Held
Data is held mainly so that the club committee and members can contact each other. Information is also provided to and held by the British Mountaineering Council (BMC) as membership includes affiliated membership to the BMC. This also identifies members for the insurance the BMC provides - What Data Is Stored
Data Record: (HMC) The data record for each person consists of the following:
Name
Address
Home and Mobile phone numbers
Email Address for mailing lists (e.g. the Newsletter, Monthly Updates)
Class of membership (e.g. U18; Full; Honorary)
Parent/Guardian (11-18). This information will not be shared with any outside organization except the BMC.
Emergency Contact – Your emergency contact will only be shared with the relevant club committee / meet convener as necessary to take the appropriate action in the event of an emergency. (Not the BMC)
Administration: (BMC)
BMC Membership number
Date membership last renewed
Date last membership payment sent to BMC
Payment method of last membership payment
Flag if no membership fee charged (for Honorary members or already a BMC member) - Maintenance of Data
Data in the member’s ‘profile’ can and should be maintained by the member emailing the Membership Secretary Any request for modifications should be made to the Membership Secretary. Data in the Administration group above is generated automatically (by the BMC). The BMC membership number is also provided by the BMC. HMC will need to re-ascertain consent on a regular basis. To ensure accuracy it is incumbent upon members to inform HMC of any changes to their data. - Sharing of Data
5.1 BMC
The information provided to the BMC consists of: Name, Address, and Email address. This is currently sent by email, but future transfer is expected to be via a secure web page. Further queries regarding Data Protection in our club please contact our Secretary or the BMC Clubs Officer – Jane Thompson, jane@thebmc.co.uk 07885 910606. You can also view the BMC Data Protection notice using the following link: https://www.thebmc.co.uk/5.2 Members
Your personal data is not made available to other members of HMC other than emergency contact details for safety purposes only. It is reasonable to assume that it is in a person’s best interest to have their data processed for this purpose and it is an important part of the club’s responsible approach to managing safety.5.3 Newsletter & Social Media
The name and ‘description’ provided by members may be included in the newsletter. The wide circulation of the newsletter including on our Facebook group means this is effectively made public. Your data may also be used to include your name and your activities on our club website (including but not limited to the New Members, Club Officers, Awards and Newsletter pages). The club may use your photograph to share on social media, local newspapers, the club newsletter or the club websites. If you do not wish for this to happen, please email the club secretary. - Access and Data Portability
Much of the information is available only under the member’s profile. The club does not consider that a membership list should be widely distributed (after all, do members really need the addresses of all the other members when most communications are now done, individually, via email, phone or social media). Security
Members’ personal data is stored in a spreadsheet which is held in the cloud-based Google database. This database is password protected. The website is hosted by wordpress.org. Nominated committee members and other nominated parties have wordpress admin access, which does not provide access to members’ data. Nominated committee members have access to the membership database. All access is password protected and these people are required to setup robust passwords and change them regularly.Newsletters sent via e-mail must ensure that for any emails that are sent to more than one individual, email addresses are BCC’d (blind copied).
We will not disclose – written or verbal – any Personal Data for any member to anyone other than the BMC or the nominated HMC officials.
- Under 18’s
Membership applications for age 11-18 must be made by their parent of guardian. In accordance with the HMC constitution, membership is currently only open to those over 11 years and subject to committee approval. It is recommended that the email address of the parent or guardian is used so that they maintain control of the account. - Removal of Data
Members’ data is removed from the database:
(1) around 6 months after their membership lapses
(2) on request to cancel membership or
(3) if removal is requested by the member. Note it is a requirement of membership that a minimum set of data is needed for the club affiliation to the BMC. Consent
Consent to handle Personal Data (as described in the previous sections) will be requested when filling in an online application to join the club, or to rejoin the club and may be updated annually. Your data is not processed for any further purposes other than those detailed in this policy. Where you have named someone as your Emergency Contact and provided us with personal data about that individual, it is your responsibility to ensure that that individual is aware of and accepts the terms of this HMC Data Protection Policy.You will be able to unsubscribe from these emails at any time by clicking the link at the bottom of the emails