Lancaster John O’Gaunt
Rowing Club

Privacy Policy

Lancaster John O’Gaunt Rowing Club – GDPR Policy

Effective Date: [Insert Date]

Approved By: [Committee Name]

1. Purpose of this Policy

Lancaster John O’Gaunt Rowing Club (“the Club”) is committed to protecting the personal data of our members, in line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
This policy explains:
– What personal data we collect
– Why we collect it
– How we use and store it
– Your rights regarding your data

2. Data We Collect

We only collect the personal data necessary for the safe and effective running of the Club. This may include:
– Contact details: Member names and email addresses
– Photos: Images taken during training, events, and competitions
– Competency records: Details of rowing, coxing, and safety assessments
– Assessment results: Dates and outcomes of any safety or skill-based assessments passed

3. Why We Collect This Data

We process personal data for the following reasons:
– To communicate with members about club activities, events, and safety information
– To maintain accurate records of members’ rowing competencies and safety clearances
– To promote the club through event and activity photos (with consent)
– To meet our duty of care by ensuring only competent individuals are assigned to specific rowing roles

4. How We Store and Protect Your Data

– Data is stored securely on password-protected systems or encrypted cloud storage
– Competency and assessment records are held by authorised club officers (e.g. Captain, Safety Officer) only
– Photos are stored securely and used in accordance with your consent preferences
– We do not share personal data with third parties unless required by law or with your explicit consent

5. Lawful Basis for Processing

Under UK GDPR, we process personal data on the following lawful bases:
– Contract: To provide you with membership benefits and access to club facilities
– Legal obligation: To comply with safety and safeguarding requirements
– Legitimate interests: For internal record-keeping, event organisation, and promotion of the club
– Consent: For using photos in public communications (website, social media, newsletters)

6. Data Retention

– Contact details and competency records will be kept for the duration of your membership and up to 2 years after leaving the club (in case of rejoining or safety queries)
– Assessment records will be kept for as long as the qualification remains valid
– Photos will be kept indefinitely unless you withdraw consent

7. Your Rights Under UK GDPR

You have the right to:
– Access the personal data we hold about you
– Request correction of inaccurate data
– Request deletion of your data (subject to safety and legal requirements)
– Withdraw consent for photo use at any time
– Restrict or object to certain types of processing
– Lodge a complaint with the Information Commissioner’s Office (ICO) if you believe your data is being mishandled

8. Consent for Photos

When you join the club, you will be asked to confirm whether we may use photos of you in promotional materials. You can change your preference at any time by contacting the Club Secretary.

9. Contact Details

If you have questions about how your data is used, or wish to exercise your rights, please contact:
Club Secretary – [Name]
Email: [Club Email]

10. Review of Policy

This policy will be reviewed annually or sooner if UK GDPR requirements change.