This policy advises you how Kingston Wheelers Cycling Club (the “Club”) will handle and collect personal information or data about you. If you are aged 16 or under, please obtain your parent or guardian’s consent before you provide any information to us.
What is personal information?
Personal information is information which can be used to identify an individual. This includes, but is not limited to:
- first and last names;
- home address;
- email address;
- date of birth;
- gender;
- contact telephone number(s);
- payment details or instructions;
- medical information/details of any allergies.
What personal information does the Club collect about or from you?
The legal basis upon which we collect and process your personal information will depend on the personal information and how it is collected, but, we will only use your personal information in the following circumstances:
- where we have your consent to do so;
- where we need to process your personal information for the legitimate interests of the Club, provided those legitimate interests are not overridden by your own data protection interests;
- where the personal information is required to perform a contract with you;
- where we have a legal obligation to collect personal information from you; or
- where we need the personal information to protect your vital interests or those of another person.
On joining the Club, you will have provided us with personal information as well as additional details when signing up for events or races organised by or through the Club. You will also have provided certain personal information when you signed up to use the Club’s website and forum. We may also collect information about your computer, including where available your IP address, operating system and browser type, for system administration and to report aggregate information to our advertisers. This is statistical data about our users’ browsing actions and patterns, and does not identify any individual. For the same reason, we may obtain information about your general internet usage by using a cookie file which is stored on the hard drive of your computer. Cookies contain information that is transferred to your computer’s hard drive. You may refuse to accept cookies by activating the setting on your browser which allows you to refuse the setting of cookies. However, if you select this setting you may be unable to access certain parts of the Site. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you log on to the website.
In addition to cookies, the Club will record the activity of users signed in to our website and the forum.
How does the Club use personal information?
Under GDPR, you have the right to know how the Club use the information we hold about you and to whom it will be disclosed. We may use the information held by the Club in the following ways:
- to assist in the smooth management and administration of the Club and event management;
- to assist in the promotion and reporting of events organised by the Club e.g. photographs of members participating in the annual Gil Jessop Sporting 14 TT or John Bornhoft Hill Climb;
- to keep you updated with regard to the any changes in the identity of the supplier of Club kit, or the design of the kit;
- to monitor who has bought Club kit or made other purchases through the Club shop on the website;
- to monitor the Club’s membership levels;
- to monitor race results;
- to monitor attendance levels at the Club events e.g. races, the summer BBQ, or the Awards night;
- to record who has volunteered at events;
- to keep an up-to-date list of qualified timekeepers referees;
- to ensure that membership fees are paid;
- to ensure we recognise the achievements of our members by keeping a record of those performances (e.g. Club records, award winners, write-ups of races or cycling trips abroad);
- to send monthly membership updates to the members (unless you have chosen to unsubscribe from the update, in which case, you will need to monitor when your membership expires yourself); and
- to comply with national and regional sports bodies’ (e.g., British Cycling, CTT, Audax UK, Surrey League) registration and membership requirements.
The forum on the Club’s website is used by the members for a wide variety of reasons, for example: to organise the Sunday Club runs or ad hoc rides to various destinations; who is racing where and when; to inform members about events which are being organised by the Club (e.g. road races, the Club 10 series, a cyclo-cross race, track days at Herne Hill, or an audax); who is riding a particular sportive; request for recommendations for or reviews about a local bike shop or wheel-builder; or even news about charity places being available for events such as Ride London.
Does the Club share your personal information with third parties?
The Club will not share personal information with third parties without consent, except:
- where it is necessary to disclose such information to organisations such as British Cycling to enable them to administer races, league affiliation or membership; or
- where the Club has a legal obligation to disclose the information (such as responding to a court order), to protect the Club’s legal rights or to prevent fraud.
We will take all steps which are reasonably necessary to ensure that your data is secure and protected from unlawful and/or unauthorised access. Please note, however, that the transmission of information or data via the internet is not completely secure, so we cannot guarantee the security of your information when it is transferred from your device to the Club’s website.
You should also ensure that the password which you use for logging into the Club’s website and using the Club’s website and forum is kept secure at all times and that you do not share it with anyone.
Transfer of data outside the European Economic Area (the “EEA”)
The company which runs our website, Karisto Ltd., is based in the UK. However, the website is hosted by eApps (https://www.eapps.com), a company which is located in the U.S.A., so the personal data or information you provide by signing into and using the website and forum will be transferred outside the EEA. As eApps is outside the EEA, GDPR requires that certain safeguards are put in place to ensure that your personal information remains secure. The EU has not endorsed the privacy laws of the United States but has approved a framework for the transfer of personal data called the EU:US Privacy Shield under which eApps has a valid certificate enabling us to lawfully transfer your personal data to them.
Their certificate can be found here:
https://www.privacyshield.gov/participant?id=a2zt0000000GndoAAC&status=Active
eApps’ Privacy Statement can be found here:
https://www.eapps.com/company/privacy-policy.php
The Club’s webmaster is based in Switzerland. However, the European Commission has ruled that Switzerland has data protection laws in place which provide an equivalent level of protection to those under EU law, so no additional measures are required to protect the transfer of personal information to Switzerland.
We will not, without your consent, transfer your personal data outside the EEA for any other reason.
How long will we keep information about you?
We will only hold information about you for as long as we need it for the purpose for which it was collected. For example, if personal information is collected for the purpose of organising a race, that information will be deleted within a reasonable period of time after the race, except where that information is used for the reasons set out above.
As long as you remain a member of the Club or use the website, we will retain and process information about you. If you leave the Club, we will delete all information about you within a reasonable period after you cease to be a member of the Club, subject to us retaining information to maintain records about our members’ achievements (as explained above) and any legal obligations on the Club to retain the information.
Your rights
The new data protection laws grant you certain rights in relation to the information we hold, namely:
Right of access: You have the right to obtain a copy of the personal data we hold about you.
Right of rectification or erasure: You have the right to require any personal data we hold about you to be rectified or corrected if it is inaccurate or incomplete.
Right to portability: You have the right to receive your personal data which you have provided to us in order to transfer it onto another data controller.
Right to withdraw consent: You can also ask us to delete data we hold about you if you can show that we no longer need it or if you withdraw your consent for us to process it. The Club will, however, be entitled to retain your personal data if it is under a legal obligation to do so.
Right to object: You have the right to object to us processing your personal data where the basis of the processing is our legitimate interests.
Right to restrict processing: You have the right to request that we stop processing your personal data where:
- you dispute its accuracy or the processing is unlawful and you object to it being erased; or
- we no longer need to retain your data, but you need us to do so to establish, exercise or defend any legal claims; or
- we are in dispute about the legality of the way in which the Club has processed your personal data.
Right to complain: You have the right to lodge a complaint about the manner in which we process your personal data with the Information Commissioner’s Office (also known as the ICO). Their contact details can be found on the ICO’s website: www.ico.org.uk – https://ico.org.uk/global/contact-us/
Changes to our Privacy Policy
We will notify you of any changes which need to be made to this Privacy Policy.
How to contact us
If you have any questions about this Privacy Policy, please contact the Committee, use the contact feature on our website if you don’t have the details.