Preface

Thames Valley IVC adopted a Privacy Policy in line with the General Data Protection Regulation (GDPR).  Based on a draft document recommended by the AIVC it uses clear language and a simple structure to make it easy for you to understand what information we collect and why. We have also included details about your rights, for example how to get access to your data and how to request that we stop using your data.  We use the information we hold to improve your enjoyment of the club services we offer. We won’t share your information for marketing purposes unless you give us permission to do so.

It can be downloaded as a PDF document, or viewed below.

Data Privacy Policy document

1.       Who are we?

1.1.     We are Thames Valley IVC. We can be contacted at  enquiries@tvivc.org.uk.

2.       About this Policy

2.1.     This policy explains when and why we collect personal information about our members, how we use it and how we keep it secure and your rights in relation to it.

2.2.     We may collect, use and store your personal data, as described in this Data Privacy Policy and as described when we collect data from you

2.3.     We reserve the right to amend this Data Privacy Policy from time to time without prior notice. You are advised to check our Agoria based website (www.tvivc.org.uk) regularly for any amendments (but amendments will not be made retrospectively).

2.4.     We will always comply with the General Data Protection Regulation (GDPR) when dealing with your personal data. Further details on the GDPR can be found at the website for the Information Commissioner's Office.  (https://ico.org.uk).

2.5.     We are committed to protecting the privacy and confidentiality of information provided by you as a requirement for being a member of the club.

2.6.     We respect your privacy and will hold your data responsibly and with integrity.
We will never unnecessarily disclose any of your details to any third party.
The information you supply will only be used for the purposes of club administration.

2.7.     Your data is stored on third party servers managed by two different companies:

     ActivityForum Agoria, which also hosts our club’s Agoria website (www.tvivc.org.uk).
For the purposes of the GDPR, we will be the “controller” of all personal data we hold about you on their server(s).

     Meetup, which hosts our Meetup group (www.meetup.com/Thames-Valley-IVC).
We do not have control over how your data might be used by Meetup or where it is stored.
You can view Meetup’s privacy policy here: https://www.meetup.com/privacy, https://www.meetup.com/terms, https://www.meetup.com/cookie_policy.

2.8.     Our Meetup group is the means by which we organise and publicise events, and welcome new members into the club.  All full members of the club are required to be members of our Meetup group, and normally may remain members of the group after resigning from the club.

2.9.     We use cookies on our Agoria based website for the purposes of managing your website experience.  They do not gather personal data and are not used to deliver adverts.

3.       What information we collect and why.

3.1.     ActivityForum Agoria

Type of information

Purposes

Legal basis of processing

Member's name, address, telephone number(s), e-mail address(es), membership category, joining & renewal dates, fees paid and due, payment method.

Managing the Member’s membership of the Club.
Contacting lapsed members.

Performing the Club’s contract with the Member.
For the purposes of our legitimate interests in operating the Club.

The Member’s e-mail address, login name, access permissions.

Login credentials to the club’s Agoria based web site.

Performing the Club’s contract with the Member.
For the purposes of our legitimate interests in operating the Club.

Member’s name and e-mail address.

Passing to the AIVC for the AIVC levies and to conduct surveys of Members and former members of the Club. See paragraph 5.3 below.

For the purposes of our legitimate interests in operating the Club and / or the legitimate interests of the AIVC in its capacity as the national body.

Member's emergency contact details.

Contacting next of kin in the event of emergency.

Protecting the Member’s vital interests and those of their dependants and / or next of kin

Member's date of birth or confirmation that over 18.

Managing membership categories which are age related.

Performing the Club’s contract with the Member.

Member's gender.

Provision of adequate facilities for members.

For the purposes of our legitimate interests in making sure that we can provide sufficient and suitable facilities (including changing rooms and toilets) for each gender.

Reporting information to the AIVC.

For the purposes of the legitimate interests of the AIVC to satisfy diversity compliance required by law.

Photos and videos of Members and any other persons present.

Putting on the Club’s website.

Consent. We will seek the consent of everybody who would appear in the photograph before taking it and give them the opportunity to withdraw.

Name, e-mail address and telephone number of each Club Officer.

Information made available to the AIVC, in each case as a point of contact at the Club, unless the officer requests it to be withheld.

For the purposes of our legitimate interests in operating and promoting the Club

Employees and representatives of suppliers to the Club.

Entering into and managing arrangements with suppliers

Entering into and performing contracts with suppliers

In the table above the word “Member” means either:
(i)  a Full Member of Thames Valley IVC, or
(ii) a member of another IVC who has agreed to be on the club’s membership list.

Information about a Full Member is retained whilst they are a member, and normally for up to 18 months after they cease to be a member unless they request it to be deleted.

Information about a member of another IVC is retained until either they request it to be deleted or they are no longer involved with the club.

3.2.     Meetup

Type of information

Purposes

Legal basis of processing

“No Shows” for any events a Member has booked for but not attended.

To keep count of how many events a prospective member has attended. To be aware of the reliability of a member in attending future events

For the purposes of our legitimate interests in operating the Club.

Role of Member in group.

All Full Members of the club are made Event Organisers or higher.

For the purposes of our legitimate interests in operating the Club.

Photos and videos of Members.

Putting on the Club’s website.

Consent. We will seek the consent of everybody who would appear in the photograph before taking it and give them the opportunity to withdraw.

In the table above the word “Member” means any member of Thames Valley IVC’s Meetup group.  Most are not Full Members of the club, though all Full Members are members of the Meetup group.

3.3.     Club Administration Information

Type of information

Purposes

Legal basis of processing

The findings of any formal complaint(s) about  a member (Full or Meetup-only), including member’s  name and address.

To enable future committees to be aware of any complaints against a member who wishes to re-join.

For the purposes of our legitimate interests in operating the Club.

Data in the table above will be held securely by two or more committee members.  When committee members leave their posts they must pass the data on to their successors and delete the copies they hold.

4.       How we protect your personal data

4.1.     We will not transfer your personal data outside the UK or EU without your consent BUT we will inform you if the Club’s hosted services, website and/or email server are outside of the UK or EU and therefore your data is held outside of the UK or EU.  We do not have any control over where Meetup data is stored.

4.2.     We have implemented generally accepted standards of technology and operational security in order to protect personal data from loss, misuse, or unauthorised alteration or destruction.

4.3.     Please note however that where you are transmitting information to us over the internet this can never be guaranteed to be 100% secure.

4.4.     For any payments, which we take from you online, we will use a recognised online secure payment system.

4.5.     We will notify you promptly in the event of any breach of your personal data, which might expose you to serious risk.

5.       Who else has access to the information you provide us?

5.1.     We will never sell your personal data. We will not share your personal data with any third parties without your prior consent (which you are free to withhold) except where we are required to do so by law or as set out in the table above or in paragraphs 5.2 and 5.3 below.

5.2.     We may pass your personal data to third parties who are service providers, agents and subcontractors to us for the purposes of completing tasks and providing services to you on our behalf (e.g. to print newsletters and send you mailings). We do this for the purpose of our legitimate interests in operating the Club and for performing our contract with you. However, we disclose only the personal data that is necessary for the third party to deliver the service and we have a contract in place that requires them to keep your information secure and not to use it for their own purposes. It is possible that third parties may themselves engage others (sub-processors) to process your data. Where this is the case, third parties will be required to have contractual arrangements with their sub-processor(s) that ensure your information is kept secure and not used for their own purposes.

5.3.     We may also pass your personal data to the AIVC for the purposes of carrying out surveys when it is in the legitimate interest of the club and the AIVC to do so. The AIVC may use third parties to carry out the surveys but disclose only the personal data that is necessary for the third party to do so and will have a contract in place that require the third party to keep your information secure and not to use it for their own purposes.

6.       How long do we keep your information?

6.1.     We will hold your personal data on our systems for as long as you are a member of the Club and for as long afterwards as it is in the Clubs’ legitimate interest to do so or for as long as is necessary to comply with our legal obligations. We will review your personal data every year to establish whether we are still entitled to process it. If we decide that we are not entitled to do so, we will stop processing your personal data

6.2.     We will retain your personal data in an archived form in order to be able to comply with future legal obligations e.g. compliance with tax requirements and exemptions, and the establishment, exercise or defence of legal claims.

6.3.     Although we don't store financial information (banking details) about members we temporarily hold member's cheques (which have account numbers) and might occasionally have to ask a member for their banking details (e.g. to make a payment into the account).  We will securely destroy all  such information once we have finished using it and no longer need it.

7.       Your rights      

7.1.     You have rights under the GDPR:
(a) To access your personal data.
(b) To be provided with information about how your personal data is processed.
(c) To have your personal data corrected.
(d) To have your personal data erased in certain circumstances.
(e) To object to or restrict how your personal data is processed.
(f) To have your personal data transferred to yourself or to another business in certain circumstances.

7.2.     You have the right to take any complaints about how we process your personal data to the Information Commissioner's Office.
Web: https://ico.org.uk/concerns/
Tel: 0303 123 1113.
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF

7.3.     For more details, please address any questions, comments and requests regarding our data processing practices to our Membership Secretary (enquiries@tvivc.org.uk) or Chairman (chairman@tvivc.org.uk).