Data Protection Policy
Holywell Rambling
Club Data Protection Policy
Holywell Rambling Club (HRC) takes
data protection seriously and adheres to the UK General Data Protection
Regulation (GDPR). They are committed to protecting the privacy of their members
and supporters, and they will not sell personal data to third parties.
HRC follows the key
principles of UK GDPR, including processing personal data lawfully, fairly, and
transparently.
Data Collection and Use:
We collect personal
details (such as your name, address, email address, telephone no, etc) when you
become a member of HRC
Personal data is
collected and used for specific, legitimate purposes, such as contacting members
about club activities or processing membership renewals.
We collect financial information to allow payments to
members. Bank details are entered promptly into the online bank account and then
immediately deleted from all other data storage locations.
Transparency and
Consent:
HRC will always ask for
consent before using personal information for purposes not already outlined in
their privacy policy.
Right to Access and
Control:
Individuals have the
right to access and control their personal data, including the ability to
opt-out of certain data processing activities.
Policy Updates:
HRC reserves the right
to amend its privacy policy.
Administration
We collect and use
personal data for administrative purposes in order to help us carry out our work
This includes:
·
receiving membership subscriptions and payment for holidays.
· maintaining contact
databases of our members and contact permissions.
· performing our obligations
to fulfil membership contracts (sending out walks programmes, information about
club holidays or social activities, details of decisions made by the committee,
etc).
Definitions
1. Personal data is
information about a person which is identifiable as being about them. It can be
stored electronically or on paper and includes images as well as written
information.
2. Data protection is about how we, as an organisation,
ensure we protect the rights and privacy of individuals, and comply with the
law, when collecting, storing, using, amending, sharing, destroying or deleting
personal data.
Responsibility
Overall and final
responsibility for data protection lies with the management committee, who are
responsible for overseeing activities and ensuring this policy is upheld.
1. HRC needs to keep personal data about its committee and
members in order to carry out group activities.
2. We will collect,
store, use, amend, share, destroy or delete personal data only in ways which
protect people’s privacy and comply with the UK General Data Protection
Regulation (GDPR) and other relevant legislation.
3. We will only collect, store and use the minimum amount
of data that we need for clear purposes, and will not collect, store or use data
we do not need.
4. We will only collect, store and use data for:
♦
purposes for which the individual has given explicit consent.
♦
purposes that are in our group’s legitimate interests.
♦
to comply with legal obligations.
5. We will provide
individuals with details of the data we have about them when requested by the
relevant individual.
6. We will delete data if requested by the relevant
individual, unless we need to keep it for legal reasons.
7. We will endeavour
to keep personal data up-to-date and accurate.
8. We will store personal data securely.
9. We will not share
personal data with third parties without the explicit consent of the relevant
individual, unless legally required to do so.
10. We will endeavour not to have data breaches. In the
event of a data breach, we will endeavour to rectify the breach by getting any
lost or shared data back. We will evaluate our processes and understand how to
avoid it happening again. Serious data breaches which may risk someone’s
personal rights or freedoms will be reported to the Information Commissioner’s
Office within 72 hours, and to the individual concerned.
15th July 2025