Policy
The Club recognises its responsibility under the Data Protection Act 2018 to actively manage the collection, storage and availability of data in such a way as to satisfy the requirements of the law and to protect the privacy of its members. Data is, for the purposes of this policy, any information held by the Club about each member, however that information is stored.
Data collected by the Club will be used solely for the bona fide purposes of managing the Club and, unless required by law or to allow a supplier to fulfil their contract with the Club, will not be provided to a third party.
All officials of the Club who store and use personal data must retain full confidentiality except as stated in the paragraph below headed Privacy Statement.
Personal data which is no longer relevant to the proper management of the Club will be disposed of in such a manner as to ensure its confidentiality.
Access to the personal data held by the Club will be restricted to officials of the Club on a “need to know” basis.
Personal data relating to members will be held on an official Club database and, in some cases, may be held at Section level electronically or as hard copy.
Data will be exported in readable form only to officials of or suppliers to the Club and then only data relevant to a specific purpose. The Club uses commercial suppliers who may hold encrypted data anywhere in the world.
Exported data will be disposed of as soon as it is no longer required for the purpose for which it was exported.
Data which is statistical in nature and which permits neither members’ identities nor contact details to be identified, such as used for planning and marketing purposes, may be exported and used freely.
Personal banking data used in connection with the payment of expenses will be held only by the Treasurer and used solely for this purpose. Such data will not be made available to any other official.
Why we process data
We process data to facilitate the activities of the Club. These include, but are not limited to, the granting and renewal of membership, the distribution of The Journal, the organisation of social and special-interest events and the management of the Club Forum.
Our basis for data processing
The Act specifies six lawful bases for data processing. For the purposes of the Act our lawful basis for data processing is Contract as the Club processes data to fulfil its’ obligations to members. Where an event organiser retains data for the purpose of issuing invitations to subsequent events the basis for data retention is Consent, which the organiser must explicitly seek from each attendee. Where a person joins the Forum the basis for processing is Consent as the person concerned has chosen to join.
What data do we hold?
Personal data held in the Club membership database while someone is a member will be limited to the title, name, age, postal address, date joined and renewal date of each member, together with optional details of their motorcycles owned, year of birth, telephone number, e-mail address, how they heard about the Club and preferences for Register membership. The database also stores the date of last membership fee payment, how much it was and what form the payment took (“cash”, “cheque”, etc). When a member upgrades their Forum account the database will also store the username of their Forum account to allow access to members-only areas. Where a member chooses to renew by Direct Debit the service is provided by a trusted (BACS registered processing bureau) 3rd party. No members banking details are held by the Club.
Organisers of social and similar events (such as the National Rally, track days or Annual General Meeting) will hold only such personal data as is needed to ensure the proper running of the event. This data, which will be disposed of after the event, will be held in whatever form the event organiser finds convenient subject to the requirement that it is held securely (for example in a locked filing cabinet or on a password-protected computer). This may include data relating to non-members. Should the organiser of a recurring event wish to retain data (perhaps to invite attendees to subsequent events) he must, as stated earlier, obtain the attendee’s explicit consent before storing data.
The Club Forum currently runs in isolation from the main membership database. The Forum database holds only sufficient data to allow the Forum Administrator and his assistants to manage the Forum. This is currently limited to the Forum member’s email address and user name.
Access to membership database
Write access to the full database is limited to the Membership Secretary and Assistant, the Treasurer, President and the General Secretary
Write access to individual Section data is limited to the Section membership processor (one person within the section whose role is to process membership matters). This person will also have read-only access to all other section’s membership data for the purposes of assisting a member who has moved into their area.
Read-only access is granted to the secretaries of the four special interest registers so that they may contact the members in their register regarding register matters.
Access to Forum database
Currently the Forum software also has a direct link (as it runs on the same server as the database) to look-up a member and determine their current membership status to enable the member to be “upgraded”. This facility may be disabled in the near future (with the arrival of the new database) at which point the “upgrade” will become a manual process and require the Forum Administrator to have read-only access to the whole membership database. The Forum database is accessible only to the Forum Administrator and his appointed assistants.
Guidelines
Am I an official?
If you have been elected or appointed as an officer of the Club, or are responsible for planned Club business, then you are an official of the Club.
Do I need the data?
If you could not complete the task without the data, yes.
Can I pass on information to members other than officials?
No, because this would not be for bona fide Club business. You should contact the member whose data is requested and seek their permission to release it or suggest they contact the originator of the request for the information, as appropriate.
How long should I keep the data?
Only for as long as is necessary to have completed the task properly.
How should I dispose of the data?
In such a way that it cannot become available to a third party.
Who do I ask if I’m not sure?
The Club’s Data Controller, who is the General Secretary.
Who is included in our data?
We hold the data mentioned in the “What data do we hold?” section above for all current Club members. We also retain this data for members for two calendar months after their membership lapses to give the member the opportunity to renew late and so retain their existing Club membership number. This data is also held for a period of ten years after membership lapses in compliance with the Companies Act 2006 sections 112 to 121.
Who can amend data?
The Club’s Membership Secretary, Assistant Membership Secretary, Treasurer, President and General Secretary can amend the data held against any member in the membership database. Section membership processors can amend data for members in their section (only). The Forum Administrator and his assistants can amend the data held within the Forum database but cannot amend the main membership database.
Who do we make data available to?
Outside of the Club officials the data is only made available to the Mailing House to distribute the Club magazine “The Journal”. We do not sell personal data to external organisations or offer mailing facilities other than inserts in The Journal.
Privacy Statement adopted by the National Committee on 16th June 2012
Personal data will not be published or passed on to a third party, except where a member becomes an official of the Club and such action is necessary for the convenience of the members. The Club defines an official as an elected or appointed officer, a member designated to carry out a particular task on behalf of the Club or a member who has volunteered to organise or assist in the organisation of a Club event. Club members should be aware that certain service providers used by the Club for publicity purposes reserve the right to use data lodged on their systems for promotional purposes. Should a member who becomes an official of the Club require that personal data is not used in this way, a written statement to this effect must be made in advance to the General Secretary.
Complaints
If you have any concerns or complaints in relation to how The BMW Club collects and/or processes your personal data, you should contact their Data Controller (the General Secretary, whose details are published in each edition of The Journal) in the first instance. If you are dissatisfied with how your concern/complaint is dealt with by The BMW Club, you have the right to report your concern/complaint to the Information Commissioners Office (www.ico.org.uk)