Old Hall Walking Club takes the privacy of our members’ data seriously and will only use your personal information for club administration purposes and for communicating with you about your membership and Club activities.
Only the relevant committee members and Webmaster will be able to access your details. Regarding the storage and transmission of data, only the Committee (or a designated individual appointed by the Committee for a specific purpose) shall have access to the relevant Dropbox files. We will use your data to communicate with you about your membership and activities organised by the Club. The Committee will ensure that personal data is secure.
We will never share or sell your data without your prior permission.
Personal data is only collected for specified, explicit and legitimate purposes. The data we collect is limited to what is necessary for Club activities. Every reasonable attempt is made to ensure that personal data is accurate and up to date, and will be deleted at your request, and when you cease to be a member. The Club will re-ascertain consent on a regular basis.
To ensure the privacy and security of our members’ personal details, the following procedures have been put in place:
1. All members will be contacted annually to confirm by email that they wish their personal details to be included on the OHWC’s database. Only those members who reply in the affirmative will remain on the database.
2. All committee members and the webmaster must ensure that members’ information contained on Dropbox is retained securely and that personal computers are password-protected.
3. The committee will closely control individuals who have access to club information on Dropbox and OHWC website.
4. Each committee member will be personally responsible for deleting all extraneous information on a regular basis in order to ensure that only relevant details are retained.
5. Compliance with GDPR will be a regular item included on the agenda of OHWC committee meetings and at the AGM.
6. The Walk Programme Officer is responsible for obtaining the permission of each current walk leader to include contact details on circulated walk briefs. This permission will be sought on an annual basis.
7. Members’ personal details will not appear on the OHWC website.
8. On joining the club, a member’s permission will be sought regarding the sharing of photographs on the club’s website, and sharing with other club members.
In formulating this policy and establishing a precise set of procedures, the club is in compliance with the General Data Protection Regulation (GDPR), which replaces the Data Protection Act 1998 on 25 May 2018. Our data protection policy describes general principles regarding why and how we collect and manage personal information, as well as how we store and keep secure the personal information that is collected.
Changes to data protection regulations are required as the advances over recent years and the different ways that personal data is now processed (collected, stored, shared, etc.) with this new technology need to be included. GDPR will make it clearer for the club to understand data protection requirements. The reason that the club needs to comply is that data is collected (names, addresses, e-mail addresses, telephone numbers etc). Additional data may also be collected (such as: date of birth, gender, emergency contact details, medical conditions).
In formulating our policy, we have:
1. Considered what data we hold and who has access to it
2. Considered where that data comes from, and how regularly it is updated, and how long we hold it for
3. Considered what we do with the data: who we give it to, how we transfer it to other people/organisations/companies
4. Considered the security of the data: when do we hold data, what data do we encrypt/password protect
5. Considered whether we have permissions from members to use the data provided, and who is entitled to use the data
6. Considered whether we have an active data protection policy, the extent to which it is adhered to and if is it accurate
- Any processing of club member data through a third party, such as storing data on an external data storage system such as Dropbox, Google Docs or iCloud.
- Consent is required to share someone’s personal data with members such as via committee contact lists or club member contact lists.
Consent for these types of activities can be gained from members via the club membership form but it must be a free choice to opt-in rather a pre-ticked box where members need to opt-out
The following are points that we have considered if the club wishes to continue providing member details to other members
- For member details to be made available to other club members (in any format) the specific consent from each member will be needed
- We must allow members to opt-in to what details are circulated and must allow members the option of not having any details circulated. It must not be a condition of membership of the club that details have to be shared.
- We will re-ascertain consent on a regular basis, ideally at least once a year
- We are mindful that even though consent may have been given at one point it can be withdrawn at any future point. If an individual withdraws their consent the club needs a clear way to action the withdrawal of that data.
- The club needs to ensure that data is accurate. If a member changes their contact details after the list has been produced, we have considered how the club ensures that the lists are updated, and that inaccurate data is not available to other members.
- The club has considered what data needs to be circulated for communications between members in the most appropriate form.
- The club will tell members what they can/can’t do with the data provided for a specific purpose, i.e. they can’t pass or sell the data on to anyone else, and members can only use the data for club-related communication and activities.
- The club will ensure that data is not held for longer than is needed. A system is in place to ensure that club lists are deleted by members once superseded / not needed.
GDPR relates to the protection of ‘personal data’ by organisations and entities that process such data. ‘Personal data’ is any information relating to a natural (living) person that can be used to identify them. The club will typically hold personal data on each of our members, including everything from simple contact information through to records of attendance at meetings and training events, email newsletter mailing lists, booking out club property, receipt of purchases of publications/guidebooks, etc. The data is likely to have been gathered directly from the member but not always, and permissions for personal data previously gathered on an annual club affiliation /membership / renewal form may not cover what the club actually does with the information.
The new rules regarding the collection, use and retention of this personal data represents a major change, especially when we consider that the rules will be applied across the board, for example there will be no distinction made between a voluntary sports club and a direct marketing company.
‘Processing’ data is any operation or set of operations which is performed upon personal data or sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaption, alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, restriction, deletion or destruction.
1. Personal data must be processed lawfully, fairly and in a transparent manner;
2. Personal data must only be collected for “specified, explicit and legitimate purposes”;
3. Data collected must be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
4. Personal data must be accurate and where necessary kept up to date;
5. Personal data that is no longer required should be deleted;
6. Processors should ensure all personal data they hold is secure.
What are cookies?
Cookies are tiny text files that are stored on your computer, tablet or mobile phone when you visit a website. The cookies mean that the website will remember you and how you’ve used the site every time you come back.
What Cookies don’t do
Cookies don’t search your computer for information. Cookies register the information you provide through your browser. When you enter personal and/or financial information on a website, the cookies store your information, both for ease of use on your next visit, and for ad tracking.
Information stored by cookies is usually encoded; it is protected from potential computer hackers by the websites security features.
Cookies only store the information you provide. A cookie cannot “grab” your email address. A cookie can store your email address on the website—if you have typed in your email address; a cookie stores all information you voluntarily give when you visit a website.
Cookies themselves contain very little information other than the URL of the website that created the cookie. Because there is so little information, a cookie can’t be used to identify you by name or other personal information. However, advances in technology have seen an increase in how companies can manipulate cookie information to create a profile of your web surfing habits. Again, this is a profile of a particular consumer’s surfing habits and product preferences, there is no name (your name) attached to the profile.
Cookies are harmless. They cannot introduce viruses on your computer.
If you want to know more about cookies, head to the Incormation Commissioners Office (ICO). (Please note: this link opens a new window or browser tab).
In this policy we have used the following categories of ‘cookies’
- Strictly Necessary cookies
This categorisation has been defined by The International Chamber Of Commerce (UK).
Strictly Necessary cookies
Cookies are set to help support the structure of the pages that are displayed to you. These help the website to function and enhance the look and feel of the website. They also help to improve navigation around our website and allow you to return to pages you have previously visited. This type of ‘cookie’ only lasts for the duration of the time you are visiting the website, your session. When you leave the website they are deleted automatically.
Cookies are used to provide aggregated statistics on visitors to our websites and their browsing behaviour. The data is aggregated and anonymised, which means you cannot be identify as an individual. Currently the Club does not use any performance cookies
Cookies are used to remember that you have provided a username and password so you don’t need to re-enter your details on every page you request during a visit session.
Targeting cookies i.e. Third Party and Advertising Cookies