About this Policy
This policy explains when The Ski Club of Manchester (‘the Club’) collects personal information about it's members and instructors, how the Club uses the data, how it keep it secure and members' rights in relation to it.
The Club will always comply with the General Data Protection Regulations (GDPR) when dealing with personal data. Further details on the GDPR can be found at the website for the Information Commissioner. For the purposes of the GDPR, the Club will be the “controller” of all personal data it holds.
The Club can be contacted via the Club Secretary.
What information the Club collects and why
Type of information stored and processed
- Members' full Names and Addresses, Telephone numbers, Email addresses, Type of membership, S.C.G.B. membership numbers (if applicable), Gender and Date of Birth.
- Any special needs information (eg dietary requirements), titles and the names of their insurers for Members' joining Club holidays.
- Club instructors' relevant qualifications and insurance details.
- to manage membership.
- to keep members informed of Club activities.
- to verify eligibility for Club activities.
- to provide Snowsport England, annually, with the number of Club members and the names, postal and email addresses of those members for insurance cover.
- to provide SCGB with a list of SCGB members who are also SCoM members. Only names, postcodes and the relevant SCGB membership numbers are forwarded.
- to ensure we meet requiremenbts regarding the safeguarding of members under 18 years old.
- to organise room sharing on Club holidays.
- to ensure Members' dietary needs are met on Club holidays.
- to provide tour operators with required information when booking Club holidays.
- to manage Club ski coaching and intruction sessions.
Lawful basis of processing
Performing the Club's contract with it's members. For the purposes of the Club's legitimate interests in operating the Club.
Who else has access to the information you provide us?
The Club will never sell members' personal data. The Club will not share members' personal data with any third parties without their prior consent (which they are free to withhold) except where required to do so by law or as set out above or the paragraph below.
The Club may pass members' personal data to third parties who are service providers, agents and subcontractors to use for the purposes of completing tasks and providing services to members on the Club's behalf (e.g. to manage the membership records, send mailings and to book Club holidays). However, the Club will disclose only the personal data that is necessary for the third party to deliver the service and shall have a contract in place that requires them to keep your information secure and not to use it for their own purposes.
How the Club protects your personal data
The Club will ensure that generally accepted standards of technology and operational security are in place in order to protect personal data from loss, misuse or unauthorised alteration or destruction. Any third-party organisations that the Club use to store data, such as Yammer or OneDrive, have their own data protection policies and are compliant with the GDPR.
Please note however that data transferred between members and the Club via the internet can never be guaranteed to be 100% secure.
The Club will notify members promptly in the event of any breach of their personal data.
How long does the Club keep your information?
The Club will hold members' personal data on it's systems whilst they remain a member of the Club and for no more than 12 months after membership is terminated. The Club will review member's personal data every year to establish whether the Club is still entitled to process it. If the Club decides that it is not entitled to do so it will stop processing the personal data except where it is retained in an archived form. This is to be able to comply with legal obligations (e.g. compliance with tax requirements and exemptions) and the establishment, exercise or defence of legal claims.
The Club will securely destroy all financial information once it is no longer needed.
Members have the following rights under the GDPR:
- to access their personal data
- to be provided with information about how their personal data is processed
- to have their personal data corrected
- to have their personal data erased in certain circumstances
- to object to or restrict how their personal data is processed
- to have their personal data transferred to themselves or to another business in certain circumstances
To exercise their rights a member may make a Subject Access Request (SAR) to the Club Secretary who can provide a standard form if required. They may be requested to submit proof of identity by providing, for example, a copy their passport, driving licence or a utility bill.
Members have the right to take any complaints about how the Club processes their personal data to the Information Commissioner.
For more details address any questions, comments and requests regarding the Club's data processing practices to the Club Secretary.