We respect and understand your need for privacy and discretion. We know that many of our customers rely on that discretion and that they trust us with their data. Our business depends on you feeling comfortable to attend our events and engage with the community we represent in a safe and discrete way.
We encourage you to read this document carefully and contact us with any questions via our email address: email@example.com
Who are we?
The data controller for Alert! (trading as Club-Alert Ltd) can be contacted via firstname.lastname@example.org or email to The Data Controller, Club-Alert Ltd, 15 Eastcombe Avenue, Salford, Lancashire, UK, M7 3EA. Data may also be accessed by our senior management team all of whom are authorised by the Data Controller to do so, strictly and solely for business purposes.
What information do we collect?
We collect data in a number of ways:
- Via our third-party mailing list host company (YMLP) who are governed by GDPR regulations. This is an ‘opt-in’ service. The data is only used to provide a managed mechanism by which we can keep you informed of club activities and news. They collect only your email address. You can opt out again at any time.
- Via our online shop where we record only the data necessary to process payments and deliver your order. This includes details of your name, address, and other contact information. Specific banking information is processed via our payments portal and is not retained by us.
In the form of photographs taken at events. Wherever possible we seek your permission to take photos of you. Photos are used in publicity material and are retained in our archive. Typical publicity may include (but is not limited to) social media outlets, our website, in email distribution to our mailing list, or in print such as magazine or poster promotion.
- On our social media platforms, in the form of followers. Typically, these are ‘opt-in’ services, such as following us on Twitter, Facebook or Instagram. We do not retain your usernames or any other information ourselves but you should be aware that we have no control over third-party applications.
- Via emails you may have sent us. If you need to contact us via email there will be a short-term archive of your email address and the contents of any messages while your contact is being dealt with. We do not keep a long-term archive of emails.
How do we use personal information?
- We use your information for the following purposes:
- To keep you up to date with event details and club news
- To process your online orders
- In publicity material (Photos) where we may use your image to promote our events
- We also record details of transactions made via our shop (online or event card sales). These are required as part of our record keeping obligations and may form part of our HMRC annual returns.
- We do not retain your specific bank details, credit card details or anything which would allow the fraudulent use of your banking information.
What legal basis do we have for processing your personal data?
- We process your information on the basis of the following:
consent – ie where you have opted into a specific mailing list, facebook group or other social media feed
- contract – ie when you make a purchase with us your details are shared with payment processing third parties (these are, as of 29 May 2018: Paypal payment portal for online transactions, iZettle for event card transactions and our bank, Nat West.)
- legitimate interests – to keep you informed of information pertaining to our events or your purchase
- legal obligation – to meet our needs to provide detailed tax returns and other information as required by HMRC and other legitimate government bodies
When do we share personal data?
We do not share your data with any outside agencies without your consent. Your data is used solely for activities pertaining to our events or shop. We do not pass your data onto other bodies for ANY reason outside meeting statutory legal requirements or the functionality of processing orders.
Your images may be shown on our website – if you ever wish for a photo to be removed you should send a copy of the image to email@example.com and we will delete it from our website and our archive.
Our photo archive is stored on encrypted hard disks to which only our data controller has access. Occasionally we may share images with the senior management team via secure dropbox but this is only ever pertaining to our usual business requirements (such as creating a poster or video campaign). We share images via social media outlets (Twitter, Facebook and Instagram) and may use them on our website or in our email newsletters.
Where do we store and process personal data?
Data is stored securely within the UK, with access limited by password and physical access. The server on which we store all images is password protected and kept in a location accessible to nobody other than the Data Controller
How do we secure personal data?
We protect any data stored by us via a backup to a separate archive server. This happens as files are changed or data added. We only keep electronic copies of your data and have no hard copy archive. Any information provided on hard copy to us is shredded and destroyed responsibly.
Our web server is backed up daily to a secure dropbox. Where your data is being processed via a third party this is always something you opt into and we aim to make it clear which part of any process is being handled by a third party. For example, we make it clear when you are leaving our website for the credit card payment part of the purchase order process.
How long do we keep your personal data?
We retain photographic data for our historical archive and this may be kept for an indefinite amount of time. As this is an archive we expect to maintain it for as long as we are trading.
We keep information relating to purchase orders and sales for the length of time predetermined by HMRC.
We do not retain a database of members or record other personal information. Any paper-based membership applications are shredded once the application has been processed.
Your rights in relation to personal data
We respect the right of data subjects to access and control their personal data. We have always done this and know that our business is dependent on your need for discretion. You have the right to ask us to:
- provide access to personal information we hold about you, why we have it and how you can ask for it to be deleted/destroyed
- provide correction and deletion
- withdrawal your consent if you no longer wish us to use/hold your data
- restriction the use of your data
- lodge a complaint with the Information Commissioner’s Office if you think we are in breach of the GDPR rules, your desired use of the data or how we have handled your data
You can contact us at any time via firstname.lastname@example.org or in writing to Club-Alert Ltd, 15 Eastcombe Avenue, Salford, M7 3EA. We will aim to respond to all data requests within 48 hours. Please be aware that we are legally obliged to store some data relating to sales or purchases as this may be required by HMRC as part of our annual tax return or in respect of any queries they may make. If removing your data would infringe a legal obligation placed upon us, we will explain this to you, and where possible look to finding a way to anonymise as much of that data as possible. Please note that photos shared on social media outlets or our website will then be in the public domain and whilst we will remove any photos at your request, this will not necessarily remove them from the rest of the internet. So it is better that you decline your permission at the time the photo is taken rather than at a later stage when it may be difficult to recall the image. We assume that if you pose for a photo you understand that it may be shared.
How to contact us?
You can contact us by email to email@example.com or in writing to The Data Controller, Club-Alert Ltd, 15 Eastcombe Avenue, Salford, Lancashire, UK M7 3EA
Linking to other websites / third party content
We use the following third-party sites which may require an information share of part or all of the data you supply. These are all opt-in services however if you do not opt-in, you may be unable to complete your purchase. These are:
- Paypal (although this assumes that you already have a Paypal account and so the information shared is already common to both platforms (your login with us and your Paypal account)
- iZettle – the payment portal for card transactions taken during events, where your name and transaction details may be recorded