Rickman’s Cars Owners Club Data Protection Policy

Background to Policy and Notification
In the UK, data protection law is currently covered under the Data Protection Act 1998 (DPA 1998). However, a new EU data protection law called the “General Data Protection Regulation” (GDPR) applies from 25th May 2018. This new law was deemed necessary to take into account technology changes over the last 20 years and to harmonise data protection law across Europe.

This letter, which includes our Club Data Policy is to provide you with information as to how we, the Rickman Cars Owners Club (RCOC), use your data, or in other words your Personal Information, and what rights the GDPR gives you in respect of your data.

How we will use information about you
The RCOC will handle information about you to comply with the General Data Protection Regulation (GDPR). The RCOC will appoint a “Club Data Controller” in respect of handling and dealing with your personal information for the purposes of applicable data protection legislation. We the RCOC will use your personal details in order to collect and collate personal and Rickman car details as supplied by you as a recognised member of the RCOC.

Purpose of using information
We the RCOC, process information or data for the reasons / purposes as mentioned above.
The information includes:

Personal Details (as supplied by an individual Club member)
Rickman Car Details (as supplied by an individual Club member)

We only collect this data because there is a legal obligation to do so, and it is for legitimate RCOC Club interests.

Legitimate RCOC Club interests are for the purpose of contacting you generally. Also for distribution of our periodical magazine and for collection of Annual subscription payments.

Who your Personal information / Data may be shared with
We the RCOC, WILL NOT SHARE the information that you have supplied to us with any third parties for any reason whatsoever. The information you have supplied to us, the RCOC, is for the legitimate use for CLUB BUSINESS ONLY.

We may of course be contacted by the Ombudsmen or regulatory authorities including the Police or Government, where we will have no control over their authority to access the data information that we hold on Club Members details. However, we the RCOC will NEVER offer your information to ANY organisation or individual voluntarily.

Regarding which Club Members have access to your Data and Personal Information, ONLY the following will be allowed this access:-

The Membership Secretary and Club Data Controller –
To process Club Membership, to distribute Club Correspondence and to manage the upkeep of the Clubs Members Database.

The Treasurer –
To Process Members Subscription Payments and to deal with the Clubs financial activities.

The Webmaster –
Has Very limited access to Members details – Only for Online Forum access – this includes – Members Membership Number, Members Name, Members email address and online Forum Username.

Retention of data
One of the key principles of the DPA 1998 and the GDPR is that the personal data stored and processed shall be adequate, relevant and limited to what is necessary for the purpose of what it was originally collected for. Our standard policy is for information or data to be kept for only as long as necessary. In relevance to the RCOC, we update our personal information database Annually, after the Renewal Annual Subscriptions have been collected, which is normally in July. We also hold personal information for a period of Six (6) years to comply with treasury requirements for retention of financial transactions in relation to the Clubs running and business.
We do keep archived Databases for the interests of Members to trace the history of the Club, its past Members and Car Registration history. This is purely for historical reasons.

The Club Database and all associated Data and information is kept and stored on 2 x Memory sticks (1 is a back-up in case of problems), these are independent and stored away from any computer. The online activity and security of members Data is governed by the Policies and Terms and Conditions of the relevant Websites and Social Media platforms that people agree to when joining such platforms. The ONLY online activity that we the Club will be responsible for is in regards to our own Club Forum.

Your Rights
You have a number of rights under the GDPR. These include the right to:-

See the information we hold about you.
Request personal data to be amended if it is inaccurate or incomplete.
Request the deletion or removal of personal data where there is no compelling reason for its continued use;
Block or restrict the processing of your personal data; and
Object to the processing of your data.

There is also a right under the GDPR to receive your personal data (in a structured, commonly used and a machine-readable format) and to transfer your data to another service provider or data controller. This right applies where your data is being processed on the basis of your consent or in line with a contract to which you are party.
PLEASE NOTE:- That in the case of the RCOC the above paragraph is not applicable. We rely on our legitimate mutual Club interests to collect and process your supplied information data, rather than obtain individual consent or enter into individual contracts.

If you wish to exercise any of your rights, or have concerns about the processing of your personal data, or wish to raise any issues in relation to data protection then please contact:-

Gerry Harris
RCOC Membership Secretary and Club Data Controller
C/O 10 Hillyglen Close
Hastings
East Sussex
TN34 1XU

If you are unhappy with how your personal information is being handled by the RCOC, you have the right to make a complaint to:-

The Information Commissioner’s Office

This is an independent body set up to uphold information rights, which will investigate your complaint.

(RCOC Data Protection Policy and Notification – Issue 1 – May 2018)