ITCA Data Privacy Policy
The International Topper Class Association (Great Britain) ("ITCA", "we" or "us") is committed to promoting and protecting the Topper class in Great Britain, and arranging national and area regattas and training events. In order to do this we collect and use personal data.
This policy describes what personal information we collect or obtain about you and how we use it.
- About this Policy
- This policy explains when and why we collect personal information about our members and people connected with ITCA, how we use it and how we keep it secure, and your rights in relation to it.
- We may use and store your personal data, as described in our Data Privacy Policy and as described when we collect data from you.
- We reserve the right to amend our Data Privacy Policy from time to time without prior notice. You are advised to check the ITCA website, www.itca-gbr.co.uk, but amendments will not be made retrospectively.
- We will always comply with the General Data Protection Regulation (GDPR) when dealing with your personal data. Further details on the GDPR can be found at the website of the Information Commissioner, www.ico/gov.uk.
- Who are “We”.
- We are ITCA and will be the ‘controller’ of all personal data we hold about you. We can be contacted at [email protected].
- What information we collect and why.
- We will collect personal data for the efficient management of our Association in meeting ITCA’s aims and objectives.
- We will hold personal data which relates to our members, officers, staff and volunteers, that are involved with ITCA, and where appropriate, data on those individuals who provide services and or supplies to ITCA.
- We will hold data to enable us to execute the functions and events that ITCA undertakes, which may include visitors and guests.
- We will maintain a data collection register to document the type of information, the purpose of the information, and the “legal basis” for processing the information. (Appendix A)
- How we protect your personal data.
- We will not transfer your personal data outside the EU without your consent.
- We have implemented generally accepted standards of technology and operational security in order to protect data from loss, misuse, or unauthorised alteration or destruction.
- Please note that where you are transmitting information to us over the internet this can never be guaranteed to be fully secure.
- For any payments which we take from you online we will use a recognised online secure payment system.
- We will notify you promptly in the event of any breach of your personal data which might expose you to serious risk.
- Who else has access to the information you provide us?
- We will never sell your personal data. We will not share your personal data with any third parties without your prior consent (which you are free to withhold) except where we are required so to do by law or as set out in the “Data Collection Register” on Appendix A or in paragraphs 5.2 and 5.3 below.
- We may pass your personal data to third parties who are service providers, agents or subcontractors to us in order that they may complete tasks and provide services to you on our behalf. We do this for our legitimate interest in operating ITCA and the performance of our contract with you. We will disclose only the personal data that is necessary for the third party to deliver the service to you and we have a contract in place that requires them and or their subcontractors to keep your information secure and not to use it for their, or their subcontractors’ own purposes.
- We may also pass your data to the RYA for the purposes of carrying out surveys when it is in the legitimate interest of ITCA and the RYA so to do. The conditions set out in 5.2 apply.
- How long do we keep information.
- We will hold your personal data on our systems for as long as you are a member of ITCA and for as long afterwards as it is in ITCA’s legitimate interest to do so as long as it is necessary to comply with the ITCA’s legal obligations.
- We will review your personal data every year to establish that we are still entitled to process it. In the event that this is not the case, we will cease processing your data but may retain the right to continue to hold this data in an archived form in order to be able to comply with legal obligations.
- We undertake to destroy, in a secure manner, all financial information once we have used it and no longer need it.
- Your rights.
- You have rights under the GDPR:
(a) To access your personal data held by us.
(b) To be provided with information about how your personal data is processed
(c) To have your personal data corrected
(d) To have, in certain circumstances, your data erased
(e) To object to or restrict how your personal data is processed.
(f) To have your personal data transferred to yourself or, in certain circumstances, to another business. - You have the right to take any complaints about how we process your personal data to the Information Commissioner. Details are shown in appendix B.
- For more details, please address any questions, comments and requests regarding our data processing policy or practices to the ITCA committee, or by contacting the Data Protection officer at [email protected].
- You have rights under the GDPR:
Appendix A
ITCA Data Collection Categories
Type of information | Purposes | Legal Basis of Processing | |
---|---|---|---|
1 |
Members name, address, phone, email, Date of Birth |
Managing the membership of ITCA |
Contract with the member Legitimate interest |
2 |
Gender |
Provision of adequate facilities for members |
Legitimate interest |
3 |
Names and ages of member’s parents, guardians, or next of kin |
Managing the membership of ITCA |
Contract with the member Legitimate interest |
4 |
Emergency contact details |
Contacting next of kin in emergency |
Vital interest |
5 |
Event entrants name, address, phone, email, sail & champ number, telephone number |
Managing race entries and race results Sharing results with other clubs, RYA, local and national media |
Legitimate interest Legitimate interest |
6 |
Photos and videos of members and their boats |
Managing racing and training events Publication on ITCA Web sites, social media and press releases |
Contract with the member. Consent. When using images for publication |
7 |
Members name and email |
Managing ITCA’s online directory |
Consent. Membership application and renewal |
8 |
Bank account details (member) |
Members subscriptions, ,services and expenses |
Contract with the member |
9 |
Bank account details (other) |
Payments for services, functions, and expenses |
Contract |
10 |
Employee’s name, address, email, telephone number, CV, NI, bank details, tax code, holidays |
Contract of employment, payroll |
Statutory Staff contract/ pay and conditions |
11 |
Supplier’s name, address, bank details |
Provision of goods and services |
Legitimate interest |
12 |
Volunteers name, address, phone number, emergency phone number |
Provision of services |
Legitimate interest, Vital interest |
13 |
Historic membership, lapsed members data |
Potential statutory obligations |
Legitimate interest, statutory |
Appendix B
ITCA Legal Basis
|
Title |
Description |
A |
Consent |
The individual has given clear consent for you to process their personal data for a specific purpose. |
B |
Contract |
The processing is necessary for a contract you have with the individual, or because they have asked you to take specific steps before entering into a contract. |
C |
Legal Obligation |
The processing is necessary for you to comply with the law (not including contractual obligations). |
D |
Vital Interests |
The processing is necessary to protect someone’s life. |
E |
Public Task |
The processing is necessary for you to perform a task in the public interest or for your official functions, and the task or function has a clear basis in law. |
F
|
Legitimate Interests
|
The processing is necessary for your legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests. (This cannot apply if you are a public authority processing data to perform your official tasks). |
For full details of the Legal Basis for Processing, please visit the ICO website: at https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/lawful-basis-for-processing/legitimate-interests/
To contact the Information Commissioner:
Log onto https://ico.org.uk/concerns/
or by telephone to 0303 123 1113,
or in writing to: Information Commissioner’s Office.Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.