What personal data do the Ramsey Model Aero Club (RMAC) collect?
The data we routinely collect includes members’ names, addresses, email addresses, telephone numbers, dates of birth and BMFA achievements. We collect this data directly from our members.
We also store data from those registering as potential members.
For some of our members we may have additional information such as committee memberships, teaching and training qualifications. We will also keep information relating to disciplinary matters and sanctions.
We also have general photos and some videos of members where individuals are not so easily identifiable.
What is this personal data used for?
We use members’ data for the administration of your membership: the communication of information including sending RMAC notices of competitions, information regarding club’s events and other relevant information updates.
Who is your data shared with?
Membership data is shared with the BMFA when required and all RMAC committee members for the sole use of the performance of their duties.
Your personal data is not provided by us for use by any organisations other than those indicated above.
Where does this data come from?
How is your data stored?
Most of our data, including our main membership database, is stored in digital form on computers, and we operate in “the cloud” using Dropbox Web Services in compliance with the GDPR (General Data Protection Regulation).
Who is responsible for ensuring compliance with the relevant laws and regulations?
Under the GDPR we do not have a statutory requirement to have a Data Protection Officer. The person who is responsible for ensuring the RMAC discharges its obligations under the GDPR is the Club’s Secretary (email@example.com).
The secretary is the person who is responsible for maintaining a log of data breaches and notifying the ICO and any members affected as necessary, in accordance with our legal obligations.
Who has access to your data?
Members of RMAC committee have access to members’ data in order to carry out their legitimate tasks for our club, such as responding to enquiries from those members.
Members of committees, will be given access to this data for any legitimate purpose to do with their roles as officers of the Club but will not be free to pass it on to any other organisation.
What is the legal basis for collecting this data?
RMAC collects personal data that is necessary for the purposes of its legitimate interests as a membership organisation.
For some data, such as that relating to financial matters, the basis for its collection and retention is to comply with our legal obligations.
Similarly, personnel data is kept in compliance with our legal obligations.
How you can check what data we have about you?
If you want to see the basic membership data we hold about you, you can email the Club’s Secretary (firstname.lastname@example.org).
There is not usually a fee for this, though we can charge a reasonable fee based on the administrative cost of providing the information if a request is manifestly unfounded or excessive, or for requests for further copies of the same information.
Do the RMAC collect any “special” data?
The GDPR refers to sensitive personal data as “special categories of personal data”.
Of these categories, we don’t record data
How can you ask for data to be removed, limited or corrected?
You may ask that any photograph of you that appears on the website be deleted by contacting the Club’s Secretary (email@example.com). You may also ask for changes in the same way.
How long we keep your data for, and why?
We normally keep members’ data for three years after they resign or their membership lapses. This is because we find members sometimes later wish to re-join. However, we will delete any former members’ contact details entirely on request.
Other data, such as that relating to accounting or personnel matters, is kept for at least the legally required or recommended period – 7 years for financial transactions.
What happens if a member dies?
We normally keep members’ information after they die for three years. If requested by their next-of-kin to delete it, we will do so on the same basis as when requested to remove data by a former member.