Pelynt Social Club (“The Club”) complies fully with the General Data Protection Regulations (GDPR). The GDPR has been designed to give you more control over your personal data and how it is used by organisations. You have the right to be informed about what data we hold about you, what we use it for, how long we keep it, who we share it with and how we store it. We inform you via this privacy notice. A full list of your rights under the GDPR is on the bottom of the second page of this notice.
The person responsible for ensuring The Club complies with the GDPR is Richard Stevens, Chair of the Committee. The Club will review this notice regularly and in line with guidance from the Information Commissioner’s Office.
To manage our membership, we collect information from you about you, your guests and any junior members you hold parental or delegated responsibility for, which is known as ‘personal data’. We collect only what we need.
We also process personal data about employees and that is detailed in section 2 of this notice.
Please be informed that this site is monitored by CCTV to protect our legitimate interests in keeping the site safe and free from any misconduct and/or criminal activity.
We collect name, address, telephone number and email address when available. We do so to process your membership and we do so on the basis of contract.
Junior members will require an adult signature to process membership and their personal data.
Where you have given us your specific consent, from time to time we may send you emails that are of interest to you about events at the Club.
Where you have given us your specific consent we will take photographs and occasionally videos of you at the Club at events or otherwise to share on our website and social media.
For any data processed on consent, you may withdraw your consent at any time.
We process most employee data based on fulfilling our contract with you including but not limited to name, address, contact number, date of birth, bank details and national insurance number. Employee data processed based on contract is kept for six years after the employee has left the Club.
We process some employee data based on legal obligation such as Health and Safety incidents and near misses, financial and tax information for HMRC, and proof of right to work for the Home Office.
We process some employee data based on our legitimate interests and this includes CCTV monitoring as outlined above, performance management including appraisal, records of training undertaken (other than any qualifications that may be required by contract) and data required to meet our insurance obligations.
For data processed under legitimate interests the Club asserts that a Legitimate Interests Assessment has been completed.
Some data will need more protection such as health and medical details and this is known under the GDPR as ‘special categories’ of data. To process this data, we will ask for your specific, written consent.
How long do we keep your personal data?
We keep records of our members for one year after the expiry of your membership unless required to keep it longer for our legal obligations. In each case we keep only the data we are required to keep and use anonymised data where appropriate.
When paying with a club payment card, your name will be recorded with the transaction data in the till and back office systems. We are required by law to keep these for 7 years.
We keep records of Health and Safety incidents for 3 years, unless they are for a child and then it is until their 21st birthday.
Where we have consent to use images and videos we keep them for two years unless legal proceedings require us to keep them for a longer period.
We keep CCTV footage for 5 weeks unless it is related to any Health and Safety incident or criminal activity in which case we keep it for as long as legally obliged and as directed by the relevant authority.
We keep employee data for six years after you have left the employment of the Club except for data processed based on legal obligations which will be processed for the duration of the legal obligation, for example we keep pay and taxation records for 7 years for HMRC.
Who do we share your data with?
The Club does not share your personal data with third parties unless required to by legal obligation, for example reporting a Health and Safety incident or near miss; or financial data for HMRC.
The Club does not transfer personal data outside the EU.
Is my data safe?
The Club has physical records for both members and employees which are stored in locked filing cabinets when not in use and accessible only by the Secretary and Accountant.
Records which are stored electronically are on password protected devices and encrypted when appropriate (in the case of special categories of data).
Premises are locked and keys are held by the Manager and select Committee members.
What are my rights?
- You have the right to withdraw your consent for any data we process about you based on consent;
- You have the right to ask to see what data we hold about you;
- You have the right to be ‘forgotten’ by the Club when you are no longer a member or employed by us. This right does not apply to data processed based on legal obligation;
- You have the right to correct data we hold about you if it is inaccurate;
- You have the right to restrict processing if you have requested your data be rectified until you have verified the accuracy of the personal data;
- You have the right to restrict processing if The Club does not need the personal data but you require the data to establish, exercise or defend a legal claim;
- You have the right to object to your data being processed for our legitimate interests;
- You have the right to restrict processing where you have objected to processing based on legitimate interests and The Club is considering whether its legitimate grounds override those of your own.
In all cases speak to the Manager or the Secretary and we will respond to you without undue delay and within 30 days. We may request some of the above be put in writing. If you are unhappy with how we have processed your data, please speak to the Chairman in the first instance.
You also have the right to complain to a supervisory authority if you are unhappy with how the Club has handled your personal data. To complain to the Information Commissioners Office, please go to www.ico.org.uk or call 0303 123 1113.