Tideway Owners Association (TOA)

Data Protection Privacy Policy and Information Notice

This document sets out when and why the TOA collects personal data, how it is used and kept secure and members’ rights in relation to it. The document may be amended without prior notice but any amendments will not apply retrospectively. The TOA complies with the General Data Protection Regulation 2015 (GDPR) and the Data Controller is the TOA which may be contacted via the Secretary as set out below.

Except where otherwise stated personal data (data) includes names, addresses, telephone numbers, email addresses, last contact information and boat types, names and sail numbers (boat details) and photographs and videos of members and their boats. It also includes bank account details of those members who have supplied them to the TOA for the purpose of arranging standing orders.

Members supply data during the course of application for membership and subsequently. Non-members supply data in relation to the boat register.

Advertisers suppliers and venues where TOA meetings may be arranged supply data at the time of first contact with the TOA and subsequently.

1.Data will be held and used by the Committee, non-committee officers of the TOA and those members who are preparing organising and managing: – the web site, meetings, distribution and mailing of the newsletter, the listing of boats for sale and boats wanted, boat register, archives, answering technical queries and other enquiries and for all other normal activities of the TOA.

2.The data will be used for collection of subscriptions, recording sales income and other financial transactions relevant to the TOA. Standing order forms will be shared with the member’s bank.

It will also be used to maintain the membership records, to issue log books and to keep the TOA Committee and non-committee officers informed of current membership and boat ownership. It will also be used to maintain historical records of boats and boat ownership and archive material for historic research purposes when it may be shared with members seeking historical information retained in the register and archives.

The data will also be used to send copies of TOA publications to members and to communicate with them for the purposes of the TOA. For the purpose of printing TOA publications this data may be shared with commercial printers. It may also be shared with a commercial distributor for the purpose of distribution of TOA publications. It will not be shared with any other commercial organisation other than the accredited press when only the name and boat details of the member may be disclosed for the sole purposes of publishing racing results or promoting the TOA or the boat.

Email addresses and telephone details may be used to communicate with members for the purposes of the TOA including the arrangement of meetings of members.

Names of members involved in racing and their boat details may be shared with the body organising such racing and the RYA and may be published in the newsletter and/or on the TOA and organisers’ websites, and in hard copy by the organisers or the TOA. Names of members and their boat details may be published in articles and in captions to photographs in the TOA newsletter.

Data will also be used by the Committee if supplied by prospective members enquiring about membership of the TOA.

Data supplied by members and non-member third parties who are in the process of selling or acquiring Tideway dinghies will be used for that purpose and may be communicated to prospective purchasers and sellers as a necessary step in that process.

The names address and email addresses of members may appear in a list of members and those of new members or members with changed addresses in the newsletter published to members but the specific consent of those members will be obtained before publication. The names addresses email addresses and telephone numbers of those members whose personal data is published to enable the TOA to function may appear in the newsletter and on the website but only with their prior specific consent.

Photographs and videos of members and their boats may be published in the newsletter and/or on the TOA website and in TOA promotional documents only. Photographs and videos are not kept as part of a structured filing system and the GDPR does not apply to them. If however a member or his crew object in writing to the Secretary to the use of their image in this way the image will be removed within a reasonable time but it should be appreciated that once a newsletter or promotional document is in circulation it cannot be removed until the document is replaced and therefore objection should be made immediately or before publication.

3. The lawful basis of such use is the contractual basis of membership of the TOA the legitimate interests of the TOA and where obtained the prior consent of members (and if appropriate that of the non-member third parties). The TOA is a voluntary association of members with a common interest in promoting the sport and history of sailing and in particular the classic sailing dinghy known as the Tideway and has a legitimate interest in promoting itself and the boat, maintaining the integrity of the name, logo and design of the Tideway, including the issue of log books, arranging and reporting on meetings of its members, communicating with them, facilitating Tideway racing and cruising, keeping records of the boats and data for historical research purposes and assisting in Tideway restoration projects. Where such data is held or is used solely by virtue of the specific consent of a member (or non-member) that person may notify the Secretary in writing that he or she no longer consents in which case the data will be removed/deleted within a reasonable time.

4 The TOA will not transfer data without the member’s consent. It keeps it either in hard copy in files held by the Officers or on their personal computers, in respect of which the Officers have implemented generally accepted standards of technology and operational security in order to protect the data from loss, misuse, unauthorised alteration or destruction. It should be understood that transmitting data over the internet is not entirely secure. The TOA will use its reasonable endeavours to notify members of any breach of security likely to expose them to serious risk. The TOA will not sell or share any member’s data other than as stated above without the consent of the member.

5. The TOA will review the data every year to establish that it is still entitled to process it. If it is decided that it is no longer entitled to do so it will stop processing it but will retain it as set out below. The TOA will securely destroy all financial information once it has been used and is no longer required.

6. The data shall be retained by the TOA so long as necessary to comply with all legal obligations, the objects and rules of the TOA including the maintenance of proper financial and membership records, the TOA boat register, archives and listings of Tideway dinghies for sale and wanted.

7. There is no legal requirement on a member to provide data to the TOA. There is no automated decision making or profiling.

8. Members have the following rights under the GDPR :-

a. access to the member’s own personal data

b. to be provided with information as to how that data is processed

c. to have it corrected

d. to have it erased in certain circumstances

e. to object to or restrict how it is processed

f. to have it transferred to themselves or another organisation in certain circumstances

9. If a person whose data is held by the TOA believes that that there is any problem  in the handling of that data such complaint should initially be addressed to the Secretary for the time being who may be contacted  via its website (www.tidewaydinghy.org ) and whose name and address is published in the Newsletters of the TOA. There is a right of complaint to the ICO (www.ico.gov.uk  tel 0303 123 1113).

Issue 1a dated 26 March 2018