YOGI Cycling GDPR Statement
Are we allowed to hold Personal information in an individual?
YES. The GDPR regulations allow several legal basis for holding a persons data, aside from a persons permission. Our reason is that we cannot provide Membership without knowing who you are, and is a legitimate reason as we effectively have a ‘contract’ to supply your Membership service.
What Personally identifiable information do we hold?
1. Name and contacts details – without this we would not know who has paid and hence a member or how to contact you.
2. Next of Kin – for emergency contact only – only name and contact numbers(s).
3. Date of birth – for statistical analysis, for working out how best to tailor the clubs rides. Just name and contact number(s).
4. Facebook name – as Membership of the FB group is part of the Membership.
5. Dietary requirements – for events that provide food.
How is it processed?
It is only used for YOGI Club Business. We never pass on the data to any other organisation.
Date of birth is only used in an anonymised format – I.e. what percentage of members are of a certain age band etc.
Food allergies and sometimes names are given to 3rd parties that process food for the club (e.g Christmas Party or other social events). This might be considered a special category as it’s effectively medical data, so care should be taken to ensure it is not passed on or distributed unless needed.
Who is the Data Controller?
Club Secretary – the designated responsible person, with authority to control decisions relating to the data.
Anyone asking to have their data removed, or issues arising relating to a persons data should be directed to the data controller. via firstname.lastname@example.org headed ‘Please Remove all MY Personal Data’.
Who has access?
Any current member of the Committee, plus event organisers, for the members taking part in a specific event – by accessing via the online Web collect portal. If you are given this access it must not be used for any other purpose and be deleted once it has been used for that specific purpose.
Where it is held?
Webcollect Club Membership database – cloud based (data is lost if there are no clouds visible!!)
The data is not used by any other organisations.
Webcollect have a privacy statement that covers their side.
No data will be held in any other place. That means that in no circumstances do we do not take copies and distribute
How long is it held?
For 1 year after Membership expires – We believe this is reasonable in case there are any issues that arise, accidents, or claims. And also to allow us to process Membership renewals, and send reminders. When we send reminders we will give you the option of telling us to remove your data and stop contacting you.