The Eagle Ski Club takes your privacy seriously. With the introduction of the General Data Protection Regulation (GDPR) we have revised this privacy notice. We are a “controller” of the personal information that you provide to us and this privacy notice sets out how, why and for how long we will use your personal data, as well as who it is shared with. It also explains your legal rights as a data subject and how to exercise them.
What we need from you
When you register as a member of the Eagle Ski Club or renew your membership (including if you are registering or renewing on behalf of a young person aged 16 or under), or register for a club tour or other event, we may ask you for some or all of the following personal information:
- Contact details – e.g. name, address, email address and phone number.
- Date of birth – to calculate membership category and eligibility for grants and courses.
- Payment details – bank account number and sort code.
- Safety and emergency details – e.g. next of kin, relevant health conditions.
If you do not provide us with all of the personal information that we need this may affect our ability to offer you our membership services and benefits.
Why we need your personal information – contractual purposes
We need to collect our members’ personal information so that we can manage your relationship with us. We may use our members’ personal information to:
- Provide you with core member services, including confirmation of membership and end of year renewal.
- Set up an online membership account enabling you to manage your membership and communication preferences.
- Organise club activities and manage risk and safety if you join a club tour or meet.
- Register your membership with Mountaineering Scotland and our insurers, to ensure that you are included in the club’s liability insurance cover.
- Provide you with news and updates about the activity of the club, opportunities to get involved in club tours, meets, training, general meetings or other events.
Why we need your personal information – legitimate purposes
We also process our members’ personal information in pursuit of our legitimate interests to:
- Raise awareness of the club’s activities by capturing photos, videos, or live streaming at events. We will use this for promotion, education and development purposes.
- Compile statistics on membership distribution and participation in club activities.
- Respond to and investigate your questions, comments, support needs, complaints, concerns or allegations.
Other uses of your personal information
We may ask you if we can process your personal information for other purposes. Where we do so, we will provide you with an additional privacy notice explaining how we will use your information for these purposes.
Other organisations with whom we share your personal information
When we register your membership with Mountaineering Scotland we pass on your personal data and Mountaineering Scotland becomes a controller of your personal data. Mountaineering Scotland provides full details of how it uses your personal data in its own privacy notice (available at https://www.mountaineering.scot/about-us/business-matters/privacy-notice) and will not use it for any other purpose.
We may be required to share personal information with statutory or regulatory authorities to comply with statutory obligations. Such organisations include the Health & Safety Executive and the Police for the purposes of safeguarding children. We may also share personal information with professional and legal advisors for the purpose of obtaining advice.
Third party suppliers with access to members’ personal data
The Eagle Ski Club may use third party suppliers to provide services. These suppliers may process personal data on our behalf as “processors” and are subject to contractual conditions to only process that personal information under our instructions and protect it.
In the event that we share personal information with external third parties, we only share such information strictly required for the specific purposes and take reasonable steps to ensure recipients shall only process the disclosed personal information in accordance with those purposes. Currently the following third-party suppliers use members’ personal data to provide specific services to the club:
- Equiom Group processes payment transactions securely on our behalf.
- GoCardless provide Direct Debit processing services for the club.
- Mailchimp distribute some of our email communications. Their servers are based in the US and they uphold the EU Privacy Shield to certify their data security.
- Wufoo is used to create some forms used, e.g., for booking events. Their servers are based in the US and they uphold the EU Privacy Shield to certify their data security.
- The Lavenham Press distribute copies of the Yearbook to members’ postal addresses.
- My Repro Limited distribute other hardcopy material to members’ postal addresses.
- Instructors, coaches and event organisers receive details of training or competition participants.
Other third parties
The club has private groups and other presence on various social media sites (for example, Facebook and Strava), which members may join if they choose, possibly subject to confirmation from the club that they are bona fide club members. The club is not a Data Controller for these sites, and does not provide data to them; members should refer to the privacy policies, terms and conditions of the relevant site.
How we protect your personal information
Your personal information is accessed by duly authorised club officers only for the purposes set out above. It is stored by our club in the online membership database as part of the club website, and (for financial information) in an encrypted off-line database. Where necessary, personal data are transferred to third-party suppliers by emailing a password-protected documents.
Non-members' personal information
Non-members may provide their personal information to the club for various purposes, including:
- for contact purposes, when using the website contact form.
- for addition to a regional mailing list, for example for receiving information about events of interest such as regional lectures.
- when applying for a Memorial Award.
When using a contact form, your email address is passed to the recipient of the form. Your email address will be used to respond to your query, and not for any other purpose.
When joining a regional mailing list, you will receive email targetted to the list. Your email address will not be used for any other purpose, and you can unsubscribe from the list at any time, either by contacting the owner of the list or by using the unsubscribe link in the list emails.
When applying for a Memorial Award, your personal information is used to administer the awards scheme, and will be deleted at the end of the membership year following the year of application.
How long we keep your personal information
We only keep your personal information for as long as necessary to provide you with membership services. Unless you ask us not to, we will review and delete your personal information where you have not renewed your membership with us for one year.
You have a right to:
- Change your communication preferences or restrict the processing of your personal data for specific purposes.
- Request that we correct your personal data if you believe it is inaccurate or incomplete.
- Request that we delete your personal information.
- Access the personal data that we hold about you through a “subject access request”.
You can contact us via the membership secretary.
If you are dissatisfied with our response, you should first make a complaint to the club president. You also have a right to raise a complaint with the Information Commissioner’s Office.