The Cromford Fly-Fishers Club Privacy Policy for members

1. About this Policy

1.1 This policy explains when and why the Club collect personal information about its members, how the Club uses it and how it is kept secure and your rights in relation to this.

1.2 The Club may collect, use and store your personal data, as described in this policy.

1.3 The Club reserves the right to amend the wording of this policy from time to time. Changes and changes of use will be detailed on the Club website www.cromfordflyfishersclub.co.uk
1.4 The Club will always comply with the General Data Protection Regulation (GDPR) when dealing with your personal data. Further details on the GDPR can be found at the website for the Information Commissioner www.ico.gov.uk. For the purposes of the GDPR, the Club will be the “controller” of all personal data we hold about you.
1.5 The legal basis for processing this data is a legitimate interest in operating the Club.

2. Personal information (Data) that the Club collects:

2.1 As part of the processes of managing membership and fee payment, Cromford Fly-Fishers Club [known in this document as ‘The Club’] will request, store and manage the following information (Data) on members:
Name
Age
Address
Disability
Payments
Contact details [email, phone, address]
Catch return data
Date joined the club and/or length of membership
Any periods of suspension
Attendance at working parties and other non fee contributions
Specialist skills that might be available to the club.

As of the date of issue of this policy, not all the above data is held for all members but will be added over time.

2.2 This Data is normally collected as part of the membership application/renewal process, directly by the nominated committee member of The Club.
2.3 For members under 13 years of age, their parent/guardian is required to give consent to The Club to hold and process their Data.
2.4 Where a member’s close up photograph &/or personal details are used on the public facing part of The Club’s website, Facebook pages or for use by external media then prior specific permission will be sought for such use.

3. Who controls Data in The Club?
3.1 Members of The Club’s managing Committee and their nominated data controller.

4. How is Data used?
4.1 Data is held to manage current/future membership of The Club and related activities, e.g. organisation of The Club’s, or other selected bodies, activities, and social events.
In any e-mail communications issued by The Club, member’s email addresses will be placed in the bcc field – to prevent viewing/use by other members.

5. How is Data held?
5.1 Data is held digitally using Google’s Drive system held under a club email address and access is enabled to specified committee members. This means there is a single central copy. Full edit or read-only access is enabled to committee members, appropriate to their need.
5.2 Committee members with full edit access may download information onto their personal computers but will ensure this is approved by either the relevant committee member, or the data controller.
5.3 Some data is also held via hardcopy (paper) records.
5.4 All digital Data held by members of The Committee is stored on password protected computers which, together with paper records, are kept in normally secured dwellings of Committee members.
5.5 Some Members’ Data is also stored on The Club’s website – name and email address; certain data is also stored in the catch return data system, Follow The Fish, which is leased by The Club on a subscription basis. The data held is your email address.

6. Data Deletion
6.1 A member’s data will be deleted immediately by The Club on receipt of a written specific request. If a member makes this request it will be treated in the same way as a resignation from the club, as it will not be possible to manage their membership without the use of retained data. Please note the Club subscribes to the catch return system, Follow The Fish, and so are not able to delete your data from this system. This must be done via their data controller.
6.2 The Club will hold your personal data for as long as you are a member and for as long afterwards as it is in the Club’s legitimate interest to do so or, for as long as is necessary to comply with the Club’s legal obligations. The nominated Data Controller and appropriate Committee member(s) will review your personal data from time to time to establish whether the Club still entitled to process it. If it is decided that the Club are not entitled to do so, the Club will stop processing your personal data but will retain your personal data in an archived form in order to be able to comply with future legal obligations e.g. exercise or defence of legal claims.
6.3 A member’s name may be held indefinitely if captured, e.g. engraved, on permanent media – such as trophies, etc. held by The Club or in booklets produced by the club.

7. How we protect your personal data
7.1 The Club will not transfer your personal data without your consent.

7.2 The Club will protect personal data from loss, misuse, or unauthorised alteration or destruction.

7.3 Note that where you are transmitting information to us over the internet this can never be guaranteed to be 100% secure.

7.4 The Club will notify you promptly in the event of any breach of your personal data which might expose you to serious risk.
7.5 The Club will never share your personal data for commercial purposes.

8 For more details:
8.1 Please address any questions, comments and requests regarding our data processing practices to either the Membership Secretary, or the Data Controller, both of whose contact details can be found on the Club website.
v1.0 Last updated 20th Sept. by IE