The GDPR is a European Union (EU) privacy law that affects businesses around the world. It regulates how any organization treats or uses the personal data of EU citizens, including organizations located outside of the EU.
Personal data is any piece of data that, used alone or with other data, could identify a person.
There are additional rules for under 16s. The UK Crossfires Club do not have members that are under 16, and therefore the additional rule does not apply.
UK Crossfires Club Implementation
The personal data held by the club is:
- • Name
- • Phone Number
- • Postal Address
- • Email address
This information is stored for the purposes of communicating with club members.
This information is never shared with any third party.
Consent is obtained when a member completes a membership form. The record of consent is being kept by the club.
Members can check the data held is correct by clicking a link “Update Subscription Preferences” on any email sent by the club. This also allows each member to update the information held on them directly.
The Club uses industry recognised electronic tools to store data. These are:
- • Mailchimp – used for emails
- • Dropbox -used to store and share information between the committee
Both are US Organisations and members data could be stored on servers within the EU or the US.
The GDPR contains provisions that address the transfer of personal data from EU member states to third-party countries, such as the United States. The GDPR’s provisions regarding cross-border data transfers of personal data is defined in the GDPR as an “adequacy decision.” An adequacy decision is a decision by the European Commission that an adequate level of protection exists for the personal data in the country, territory, or organization where it is being transferred. The “Privacy Shield framework” is one example of a compliant adequacy decision.
Both MailChimp and Dropbox are certified as compliant to the Privacy Shield framework.
Access to this information is restricted to serving committee members and is password protected.
Any paper documents are stored securely in committee members homes.
When Members don’t renew their membership, their details may be kept for marketing purposes to keep them in touch with Club activities and perhaps re-join in later years.
If a lapsed member does not wish the club to store their personal information, it will be deleted from the electronic systems and any paper documents will be shredded.