The GDPR replaces existing data protection legislation on 25 May 2018. Henley Rugby Club has undertaken a detailed review and concluded that it already complies with the GDPR. There are three key facts that are of direct relevance to you as a member.
This policy sets out the following:
All personal data is collected and processed in accordance with English and EU data protection laws.
Personal data means any information relating to you which allows us to identify you, such as your name, contact details, customer account/reference number, payment details etc.
We will collect personal data from you when you join or renew your club membership, or when you contact us or register interest.
Specifically, we may collect the following categories of information:
When will we collect it?
We collect certain personal information from and about you during your membership and when you get in contact with us or use our website, loyalty card system or as part of providing our services to you.
We may also monitor and record any communications we have with you, including phone calls, emails, web chats, letters and social media exchanges to make sure we are providing you an excellent service. We may contact you by telephone, web chat, email, post or in person as necessary.
Your data may be used for the following purposes:
When you first provide your personal information to us, we will use Legitimate Interest as the legal basis to process your data. We may use your identity, contact, usage and profiled data to tell you about new products and services from us. We collect data through our website, membership portal and the club loyalty card system. You may be contacted by email, post or telephone.
If you decide you want to opt-out of receiving marketing communications or want to change how you receive them, you can always change your preferences by contacting us at any time. This won’t affect any marketing information we sent to you before you let us know.
Processing your Data
We will only process your personal data where we have a legal basis to do so. The legal basis will depend on the reasons we have collected and need to use your personal data for. In most cases we will need to process your personal data so we can enter into our contract with you.
We may also process your personal data for one or more of the following reasons:-
We will not retain your data for longer than is necessary to fulfil the purpose it is being processed for. To determine the appropriate retention period, we consider the amount, nature and sensitivity of the personal data, the purposes for which we process it and whether we can achieve those purposes through other means.
We must also consider periods for which we might need to retain personal data in order to meet our legal obligations or to deal with complaints, queries and to protect our legal rights in the event of a claim being made.
When we no longer need your personal data, we will securely delete or destroy it. We will also consider if and how we can minimise over time the personal data that we use, and if we can anonymise your personal data so that it can no longer be associated with you or identify you, in which case we may use that information without further notice to you.
Who do we share your data with?
We do not share your data with any of our sponsors or advertisers.
Disclosing information outside the EU
Sometimes the organisations listed above may be outside the EU, so we may pass your personal information to countries that do not have the same standards or protection for personal information as the UK. If we, our agents or our service providers do this, we will try and ensure that these organisations adequately secure your personal information.
Protecting your personal information
We follow strict security procedures to protect your personal information. This includes following certain guidelines (for example, checking your identity when you phone us).
We strongly recommend that you do not disclose any membership or loyalty card account login details to anyone. Please always remember to logout of your account when you have finished using any of our websites.
From time to time, our website may provide hypertext links to sites which are created by external individuals and companies. We do this if the site is relevant to the topic you’re reading about. Whilst we always try to check that the content of these sites is suitable, we cannot take any responsibility for the practices of the companies who publish the sites that we link to, or the accuracy or relevance of the content on them.
We understand the importance of taking extra precautions to protect the privacy and safety of children. You must be over 18 to sign up and have a contract with us, therefore anyone under this age should not have access to any membership account details. We will delete any membership account created by a person under the age of 18, as soon as we are made aware of it.
When our use of your personal data is based on your consent, you have the option to withdraw your consent to our processing and delete your personal data at any time by contacting us and requesting this.
We keep your personal information contained in your membership account until such time you request it is erased. Please note that general retention periods apply to any personal data we collected to enter into a contract with you or to perform that contract or because we have a legal obligation to process it.
Requesting your Data
The club has a dedicated person to oversee compliance with this policy. You have the right to make a complaint at any time to this person.
Under certain circumstances, by law you have the right to:
If you want to exercise any of these rights, then please contact us:
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it