Crash Box & Classic Car Ltd (CBCCC Ltd)
General Data Protection Regulations (GDPR)
The CBCCC respects your privacy, and we will only use your information in the way we describe in this policy. When using your information we aim to be fair, transparent, and to follow our obligations under UK data protection laws. Your information is used for administering club membership and club activities.
Our address is; CBCCC Secretary, 2 Barnfield Crescent, Exeter, Devon, EX1 1QT
The club’s committee, event organisers and entry takers must be aware of the requirements and impacts of the “General Data Protection Regulations” and be familiar with this policy. The committee will review this policy annually.
Information the club holds.
The club collects your information when you fill in paper forms, on line forms, membership applications, renewals, event entries etc. The club then holds your personal data on password protected IT systems. All IT systems are secure and can only be accessed by authorised people who hold the necessary passwords. The club holds personal data of its current members, past members, non-member volunteers, and event entrants, name, addresses, telephone numbers, email addresses and car details.
Using your information.
The club uses your information to administer your club membership, and provide you with member benefits. We also use your information when you enter club events. For events and competitions, we may publish some of your information in the club magazine, event programmes and results, which will be in the public domain. When you give us information about another person, such as a child, parent, guardian, or emergency contact you should let that person know that you have given us the information. To support your relationship with the CBCCC we may keep some of your personal data indefinitely
Sharing your information.
Personal data is shared externally with the club’s magazine printers. Personal data will not be shared externally or sold to any other organisations or individuals.
Unless subject to an exemption [under the GDPR], you have the following rights with respect to your personal data: -
- The right to request a copy of your personal data which the CBCCC holds about you and a list of locations that data is held and shared with
- The right to request that the CBCCC corrects any personal data that is found to be inaccurate or out of date
- You may ask us to stop using your information, and to delete it, although we only maintain a skeleton set of your information. If you ask us to do this we will not be able to continue our contract with you
- The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing
- The right to lodge a complaint with the Information Commissioners Office (www.ico.org.uk)
Subject access requests.
All data and processing requests will be dealt with by the club’s secretary and event organisers with a target to respond to any request within 28 days.
Lawful basis for processing personal data.
The CBCCC consider legitimate interests [Article 6(1)(f)] as a lawful basis to process personal data. The CBCCC believes this basis is the most appropriate to enable the club to function and maintain its long standing business model, keeping membership lists, sending magazines, informing members of club benefits, services, technical items, events, competitions, activities, by post, telephone and email. We only use individuals’ data in ways they would reasonably expect, unless we have a very good reason.
A personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data. Any data breaches will be investigated thoroughly, and once the breach details have been found the ICO will be informed. If the investigation determines that the breach was unintentional then action will be taken to modify the process to avoid a similar breach.
Users Compliance and Security.
All committee members, event organisers, entry takers that are planned to collect or share personal data must agree to abide by this policy by signing a copy of this document.