Privacy Statement

PRIVACY STATEMENT

1. INTRODUCTION

We are committed to protecting your personal data and respecting your privacy. This notice explains how we collect, use, and safeguard your information when you interact with us, in accordance with applicable data protection laws.

2. WHAT DATA WE COLLECT

We collect, use and are responsible for certain personal data about you. When we do so we are subject to the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We may collect the following types of personal data:

Contact information (e.g. names, email addresses, telephone number, emergency contacts).
Other personal data (e.g. gender, DOB, membership status, financial details, club photos).
Members, volunteers, suppliers, partners.
Employment information (e.g. job title department).
Technical data (e.g., IP address, browser type).
Usage data (e.g., how you interact with our services).
Any other information you voluntarily provide.

3. HOW WE COLLECT YOUR DATA

We collect most of this personal data directly from you—in person, by email and/or via our website. However, in limited circumstances we may also collect information from third parties who you have given your consent to.

4. HOW WE USE YOUR DATA

We use your data to:

Provide and manage our services.
Communicate with you.
Improve our systems and services.
Comply with legal obligations.
To obtain valuable user insights via cookies on our website: please refer to our cookies policy for more information.

5. LEGAL BASIS FOR PROCESSING

We process your personal data based on:

Your consent.
The necessity to perform a contract.
Compliance with legal obligations.
Our legitimate interests, such as improving services and ensuring security.

6. DATA SHARING & TRANSFERS

For some business activities we may share your data with:

Service providers and partners who support our operations.
Service providers (e.g. CRM platforms, payment processors).
Regulatory bodies (e.g. British Cycling, ICO).
Event partners (e.g. race organisers).
Legal advisors or insurers.

The Club only transfers personal data outside the UK/EEA where one of the following applies:

An ICO-approved adequacy decision exists.
Standard Contractual Clauses (SCCs) are in place.
Explicit, informed consent has been obtained.

Where data is transferred outside the UK or EEA, we ensure appropriate safeguards are in place.

7. DATA RETENTION

We retain your personal data only as long as necessary for the purposes outlined in this notice or as required by law. Once no longer needed, your data will be securely deleted or anonymized.

8. DATA SECURITY MEASURES

We implement a range of technical and organizational measures to protect your personal data, including:

Encrypted cloud storage.
Strong password enforcement.
Device encryption and firewalls.
Role-based access controls (RBAC).
Annual security reviews.
Audit logging for data access and changes.
Staff training on data protection and information security.
Incident response procedures to address potential breaches.

While we strive to use commercially acceptable means to protect your data, no method of transmission over the internet or method of electronic storage is 100% secure.

9. YOUR RIGHTS

You have certain rights in relation to the processing of your personal data, including to:

Request access to your personal data (commonly known as a “Subject Access Request”). This enables you to receive a copy of the personal data we hold about you.
Request rectification of the personal data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below).
Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. If you object to us using your personal data for marketing purposes we will stop sending you marketing material.
Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data, for example if you want us to establish its accuracy or the reason for processing it.
Request the transfer of your personal data to another party (data portability).
Automated decision-making. You have the right not to be subject to a decision based solely on automated processing which will significantly affect you. We do not use automated decision-making.
Right to withdraw consent. In the circumstances where you may have provided your consent to the processing of your personal data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we are permitted by law to do so.

How to exercise your rights
You will not usually need to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances. If you wish to exercise your rights, please contact us.

10. HOW TO CONTACT US

For any queries about your personal data or to exercise your rights, please contact our Chairperson.

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO).

11. FURTHER INFORMATION

For further information on how we protect your personal data, and to learn more about your rights under GDPR, please refer to our full Data Protection Policy available on our website here.