We (GRC) treat our members’ privacy rights seriously. In order to be able to operate as a club, we have to collect and use certain personal information from each member, specifically name, postal address and, if the member has them, telephone number, mobile number and email address. We use it to communicate with the member about our activities. The information is collected when the member joins, the Treasurer will request an update at annual renewal time and it can be updated at any time by the member by contacting the Treasurer.
The information will be stored in a password protected encrypted spreadsheet, copies of which are held by the members of the Committee. It is maintained and accessed by them and also shown annually to our external Accounts Verifier. To provide contact information for prospective walkers, a truncated version of the information (familiar name, sometimes the initial letter of surname, telephone and/or mobile numbers) may be used on the club’s publicly accessible website and printed walks programmes and in third party publications. We also publish on the web site and in our printed programmes, small photographs which may include images of members. Further, after most walks, we distribute other walk photographs by email to the members. We will respect the wishes of members who do not wish to be included in or to receive such photographs, provided that they make those wishes known in good time to a Committee member.
Whenever groups of members need to be emailed this will be done using the BCC (blind copy) option so that no member (other than Committee members) sees the email address of any other member. The full data may be made available annually to the club’s Accounts Verifier.
If requested it may also be made available to our public liability insurers and/or to statutory authorities. If the latter happens the affected member or members will be informed and told the reason for the disclosure. The data will be kept whilst the member is a member and for about one year thereafter unless there are legal or insurance circumstances that require information to be held for longer while such a matter is investigated or resolved. Where this is the case the affected member will be informed as to why and for how long the information will be held and will be in formed when it is deleted.
Were a data breach to occur we will take action to minimise the harm by ensuring all Committee members and affected members are aware that a breach had taken place and how the breach had occurred. We will then rectify the cause of the breach as soon as possible to prevent any further breaches. If members believe that there has been a breach, they can contact the Committee and have the matter dealt with by a Committee member not involved in the breach