Membership & Club Kit
Westerlands Cross Country Club (the Club) is committed to protecting and respecting your privacy. For any personal data you provide for the purposes of your membership, the Club is the Data Controller and is responsible for storing and otherwise processing that data in a fair, lawful, secure and transparent way. Your data is not processed for any further purposes other than those detailed in this policy without further consent.
1) What personal data we hold on you and why we need your personal data
You may give us Personal Data by filling in forms at an event or online, or by corresponding with us by phone, e-mail or otherwise. This includes information you provide when you register or renew your membership with the Club, or participate on our website.
The reason we need your Personal Data is to be able to administer your membership, and provide the membership services you are signing up to when you register with the Club or a Club Event. Our lawful basis for processing your personal is that we have a contractual obligation to you as a member to provide the services you are registering for.
The information you provide to the Club may be used:
For membership and club management:
The Club may collect and process your name; a method of communication (normally e-mail address); and membership status (including ordinary; life; or social member) to be able to deliver the services you signed up for. These data will be gathered by membership form and updated annually upon membership renewal to ensure the data is up to date. In addition, the Club may collect and process other personal data including: e-mail address(es), phone number(s); address(es); athletics identifier(s); social media identifier(s); age information (including race age category; and date of birth); gender; and the details of any other athletics club(s) that you are registered with.
This information may be used in:
- processing of membership forms and payments;
- sharing data with and from committee members to provide information about Club activities and membership renewals;
- sharing data with a governing body including Scottish Athletics; and Scottish Hill Runners;
- respond to and communicate with members regarding questions, comments, support needs or complaints, concerns or allegations in relation to Club matters;
- sharing data with and from Club members to arrange events and races;
- sharing data from Club members to promote Club activities, achievements and running related news;
- analysing anonymised data to monitor Club trends;
- sharing anonymised data with event organisers to track numbers of participants;
- sharing data with committee members to arrange a member vote or petition member opinion;
- sharing data with club team managers, and competition providers for entry in events;
- publishing of race and competition results; and
- sending marketing communications about selling Club kit, merchandise or fundraising.
For electronic payment
In addition to those details required for membership and club management, the Club offers electronic payment methods (including BACS transfer) that may require the Club to process your banking details (including account number; and sort code). These will not be shared with any third party except the Club’s banking services provider(s) and will be deleted as soon as practicable after any transfer has been made.
The Club’s banking service providers are Santander and PayPal who have their own privacy policies and the Club does not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these services.
For the organisation of catered events
In addition to those details required for membership and club management, the Club may gather information on dietary requirements and allergies for Events where food is provided. These anonymised data may be shared with catering providers: both third party caterers and other members of the Club providing catering to the Event. Any special category health data we hold on you is only processed for the purpose(s) of safe running of the Event. We process this data on the lawful basis of consent. Therefore, we will also need your explicit consent to process this data, which we will ask for at the point of collection. This information will be deleted at most one month after the Event. Third party catering providers have their own privacy policies and that the club do not accept any responsibility or liability for these policies.
For the organisation of races and running events
The Club operates races and running events open to both members and non-members. In order to operate races and running events safely, the Club may need to collect and process Personal Data. The Club may require: name; race category (age grouping and gender); contact details (including email, address and phone number); club affiliation; social media and athletics identifiers; the emergency contact details of another person (including email, address and phone number); any timing data generated during the Event; and any information in photographs and video taken at the event.
The Club may also need to collect a declaration of your fitness and competence to complete the Event. Any special category health data we hold on you is only processed for the purpose(s) of safe running of the Event. We process this data on the lawful basis of consent. Therefore, we will also need your explicit consent to process this data, which we will ask for at the point of collection.
The Club may gather your Personal Information directly, or using a third party race entry or timing provider. Race entry and timing providers have their own privacy policies and that the club do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these services.
All personal data gathered for the Event will be held by the Race Organiser and may be processed by Race Officials (including registration officials and marshals). This data will be processed by the Race Officials for the duration of the Event and held for up to six weeks by the Race Organiser, after which it will be securely destroyed.
This data may be used for:
- sharing with the Race Organiser and Race Officials for operating the race or running event;
- sharing with the Emergency Services and related organisations in case of emergency;
- sharing anonymised data with governing bodies and to promote the Event;
- sharing data with Scottish Hill Runners, Scottish Athletics or any affiliated organisation for the purpose of insurance and licences;
- sharing data with Club committee members to provide information about Club activities; and
- publishing name, athletics club affiliation, race category and timing details either for the Event alone or combined with or compared to other events.
For using the club website and the club email list:
The Club operates a website and email list to assist with processing member information and providing additional functionality. In addition to those details required for membership and club management, operating the Club website and email list requires additional personal information, including a username; email address; and password. All precautions are taken to protect personal data processed through the website and email lists. Traffic is secured using SSL, the servers are located within the UK and kept up to date with security updates. The website is hosted with Maroculous IT Services and uses third party applications to provide additional functionality, including: WordPress; MailMan and their associated providers. These web service providers(s) have their own privacy policies and that the Club do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these services.
The data is processed by roles defined within the website structure, including Editors and Administrators. Administrators have full access to the WordPress installation and the data held and this level of access will be reserved for the webmaster and senior committee members only. Editors will have access to information regarding member generated web content??? The Secretary and Webmaster have access to the main Mailing List. The Webmaster has access, manages the other mailing lists.
Sending an email to named accounts associate with the Club may result in the details contained within and any associated electronic information including email addresses and IP info being distributed to several personal email accounts, including office bearers; committee members and the whole club.
There is no obligation to use the Club website as part of membership or to join the Club e-mailing list to partake in Club events and activities.
Visitors to the Club website should acknowledge that they are providing information, including IP address, to the club web service provider: WordPress. WordPress has their own privacy policies and that the Club do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these services.
On social media
The Club operates on social media including: Facebook; Strava; and WhatsApp. All members are free to join these pages. Social media providers(s) have their own privacy policies and that the Club do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these services.
Gathering data from non-members
On occasion, the Club may collect personal data from non-members (including non-member participants who participate in taster events; participants in open races; and guests to social events). The Personal Data may be processed by the Club and shared with Event organisers for the purposes of arranging the Event. This information will be stored for up to six weeks after an event and then destroyed securely. Our lawful basis for processing data is consent. Therefore, we will also need explicit consent from non-members to process this data, which we will ask for at the point of collecting it.
2) Who we share your personal data with and how we store your data
The Club processes and shares your Personal Data for specific purpose(s) as detailed in Section 1. The Club does not supply any Personal Data it holds to any other third party.
The Club aims to store, transfer and process Personal Data within the UK. Where the Club does transfer your personal data overseas (including for processing as cloud data storage) it is with the appropriate safeguards in place to ensure the security of that personal data.
3) How long we hold your personal data
The Club will hold your personal data on file for as long as you are a member with us. Your data is updated every year on annual membership forms. Any personal data the Club holds on a member will be securely destroyed after four years of inactivity on that member’s account.
4) Your rights regarding your personal data
As a Data Subject you may have the right at any time:
- to request access to, rectification or erasure of your personal data;
- to restrict or object to certain kinds of processing of your personal data, including direct marketing;
- to the portability of your personal data; and
- to complain to the UK’s data protection supervisory authority, the Information Commissioner’s Office about the Club’s processing of your personal data.
As a data subject you are not obliged to share your personal data with the Club. If you choose not to share your personal data with us we may not be able to register or administer your membership.