Bristol Owners’ Club General Data Protection Regulation (GDPR) Policy - June 2020
Introduction
The purpose of this document is to set out the Club’s policy on GDPR.
The General Data Protection Regulation came into force on the 25th May 2018 and the Club is committed to operating within the new rules. The Bristol Owners’ Club respects members’ privacy, and will only use their information in the way described in this policy. When using members’ information, the Club aims to be fair, transparent, and to follow its obligations under UK data protection laws, and under EU data protection laws, until the UK’s exit from the EU is confirmed. The Club holds and processes members’ data only as necessary for the legitimate interests of the Club. Members’ information is used for administering club membership, communications, activities, and marketing of merchandise (formerly known as Regalia). Members’ data will be retained and processed on databases retained within our website. Only the minimum amount of data needed will be held.
A nominated member of the Bristol Owners Club management team is the Data Controller, currently Geoff Hawkins. For data related enquiries, our address is:
- The Bristol Owners Club Limited
- The Old Manse, 57 Chequer Street
- Fenstanton
- Huntingdon
- Cambridgeshire
- PE28 9JQ
- Email: registrar@boc.net
The Data Controller determines the purposes and means of processing personal data and is responsible for, and has to be able to demonstrate, compliance with the principles. The Bristol Owners Club officers, officials and the club’s General Registrar and type Registrars are data processors for the club and a full list of internal and external parties with which data is shared is found below under ‘Using Members’ Information’. The processors are responsible for processing personal data on behalf of the controller and are required to maintain records of personal data and processing activities and will have legal liability if they are responsible for a breach.
For general enquiries, our address is:
- The Bristol Owners Club Limited
- Pinewood House
- Pleasure Pit Road
- Ashtead
- KT21 1HR
- Email: hon.sec@boc.net
Geoffrey Hawkins, the Honorary General Secretary, can be contacted at the above address.
Awareness
All officers and officials of the club must be aware of the requirements and impact of the General Data Protection Regulation, and be familiar with the club’s policies and rules. The committee must review the club’s data protection policy annually, and ensure that officials are aware.
Information the Club Holds
The club collects members’ information when they fill in paper and online forms, membership applications or renewals, event entries etc. The club holds members’ data on a secure server, which administers the club’s website, and email services. All systems are secure and can only be accessed by authorised members of the Bristol Owners Club who hold the necessary passwords. The authorised members will generally be Club officers and officials. The data that the Club holds are names of members, and their partners, if provided to us, along with addresses, telephone numbers, email addresses, and details of Bristol cars owned by each member. The data is retained for Legitimate Interest purposes, but will be removed on request, with the exception of:
- The car chassis list on the Club’s website database, which is retained for the legitimate purpose of creating and maintaining an archive in the public interest. Members’ and former members’ names and addresses attached to the chassis list will not be disclosed, unless permission has been granted by the individual concerned.
- ’Bulletin’ and ’Newsletter’ electronic archives, where the material is considered to have been in the public domain.
- Concours d’Elegance trophy winners’ list, where current or previous ownership of a car will list only such information as necessary.
Using Members’ Information
Other than the following specific purposes, members’ personal data, is not shared with any person or organisation outside the Club. The specific purposes are for managing subscriptions, and other payments, through third parties, currently GoCardless for Direct Debits and Stripe for card payments; to manage the club’s database through its webmaster and the website host; to supply a member’s name and address to the Club’s printers for the purposes of distribution of the ’Bulletin’ and ’Newsletter’. The Club uses members’ names and addresses to circulate the Newsletter and the Bulletin magazine, which are included in their subscription, to remind members of subscription renewals, postal correspondence and emails, which includes AGM notifications, notifications of forthcoming events, and for the recording of participants on Club tours and other events. Additionally, Club Officials and Officers’ contact details, in an agreed format, are printed in the Club’s publications.
The car data on request, but not personal data, is shared with, and restricted to, the Bristol Owners’ Club of Australia (BOCA) and the Bristol Register of New Zealand (BRONZ).
Members’ data is available within the Club to members only upon login to the website using a secure password, or by specific request from an identified member to an officer of the Club. Any member or former member, may request the Club to provide a copy of all data held by the Club relating to that member, free of charge. The Club must respond within one calendar month.
Website passwords are not shared with anybody, not even the website’s database manager.
As a member of the Club, members have accepted the Articles of Association, the Club’s rules and Objects, in particular paragraph 4.2.1 of The Articles of Association (maintain and circulate a Membership List as a basis for mutual contact). This, and paragraph 4.2.5 Publish to the membership at large (in physical, electronic or any other form) news about or considered to be of potential interest to the owners of Bristol Cars including without limitation news about:
- (i)
- the activities of the Club and its Members;
- (ii)
- relevant technical data;
- (iii)
- Bristol Cars and related spare parts and merchandise made available for sale by the Club or its Members allows the Club to use their data as outlined above. However, should any member not want specific personal data and/or data relating to the ownership of their car(s) to appear on the website, or to be shared with any other members, then the Club would honour that request.
Unless a member has requested otherwise, members’ personal address, telephone number, email address and car details (but never bank details) as retained by the Club, are published in the Bristol Owners’ Club Membership and Car List. The data and information contained within the Bristol Owners’ Club Membership and Car List, whether this be gleaned from the website or from a hard copy (current or previous edition) may not be shared outside the Club, nor used for any kind of commercial purpose. The Membership and Car List remain the property of the Club, and should be returned upon ceasing membership. The Membership and Car List should be safeguarded at all times, and loss must be reported to the Club.
Members must be aware that the Club’s Newsletters, Bulletin magazines and website, may contain personal data including pictures, which show car registration numbers. The Club’s publications also contain car related advertising from companies, who pay the Club an income to do so. These companies do not have access to members’ data, and cannot directly target an individual member or members. Copies of the Club’s publications are circulated to car related magazines, FBHVC, and also members of the public at car shows etc. A copy of each issue of the Bulletin is lodged with the British Library (ISSN 2631-3650).
Our Website
When members use our club website we will collect their IP (Internet Protocol) address, by using cookies. Cookies help us to recognise them when they return to the website, and they may also help the member to login securely to our web-based services, including on-line entry and payment. For more detail about how we use cookies please view our cookies policy within the Website Privacy Policy. The club website might contain links to other websites such as online entry and payment sites, partners, and advertisers. If you follow or publish links to other websites please review the privacy policy for each site because we are not responsible for information shared on those sites.
Members’ Rights
Unless subject to an exemption (under GDPR), members have the following rights with respect to their personal data:
- The right to request a copy of their personal data which the Bristol Owners’ Club holds, and a list of locations that data is held, and who it is shared with
- The right to request that the Bristol Owners’ Club corrects any personal data that is found to be inaccurate or out of date
- The member may ask the Bristol Owners’ Club to stop using their information, and to delete it, although the club may maintain a skeleton, or basic set of their information. There is a minimum amount of data that the club must hold if a person is to remain a member of the Club, so if a member asks the club to delete all of their personal data from all locations, the club will no longer be able to continue the contract with that member
- The right where there is a dispute in relation to the accuracy or processing of personal data, to request a restriction is placed on further processing
- The right to lodge a complaint with the Information Commissioners Office (www.ico.org.uk)
Lawful Basis for Processing Personal Data
The Bristol Owners’ Club considers ’legitimate interests’ [Article 6(1)(f)] as a lawful basis to process personal data. The Bristol Owners’ Club believes the basis is the most appropriate to enable the club to function and maintain its long-standing business model, keeping membership lists, distributing magazines and newsletters, building historical car records, informing members of club benefits, services, technical items, events and activities, by post, telephone, website and email. The Bristol Owners’ Club has checked that the processing is necessary and that there is no less intrusive way to achieve the same result. A balancing test has been undertaken and the club is confident that individual’s interests do not override those legitimate interests. The club only uses individual’s data in ways that members would reasonably expect.
Data Breaches
The Club undertakes to hold all information securely and guard against any data breach. The Club will notify members immediately should it become aware of any data breach. Any data breaches will be investigated thoroughly and once the breach details have been found the ICO will be informed. If the investigation determines that the breach was intentional and identified the processor, then disciplinary action may be taken which could include suspension or dismissal. If the investigation determines that the breach was unintentional then action will be taken to modify the process to avoid a similar breach. If any data breach or unauthorised disclosure takes place then members have a right to complain to the Information Commissioner, although we hope that they would take up any issues with an officer of the Club first. Should a member discover that the Club’s GDPR policy is not being followed, particularly with regards to the deletion of former members data, the member should immediately inform the Chairman, who will address the problem. It could be a breach of GDPR in itself, to express to a non-member that the club has not deleted a former member’s data, and this could lead themselves to be subject to disciplinary action.
User Compliance and Security
All officers and officials that collect or share the above personal data, must read, understand and abide by this policy.
Changes to this Policy
We may amend/update this policy by publishing a new version on this website at any time.
Issue 5.5, dated 4th March 2024.