IN SIMPLE TERMS, OUR PRIVACY PLEDGES TO YOU ARE
- We will only collect, keep, use & share Personal Data for legitimate business reasons that we explain in this document – or if we are legally required to do so.
- We will be as clear and open as possible on what Personal Data we collect and how it will be processed.
- We will keep all Personal Data up to date as far as we are aware and reflect your preferences.
- We will also keep all data safely and securely with appropriate measures to prevent abuse.
FOR OUR MEMBERS, REGISTERED USERS AND PURCHASERS
Personal Data entered directly from you through business processes such as your name, phone number, postal address, email address. The legal basis for the collection and processing of this data is the provision of goods that can include items such as but not limited to tickets purchased / provided, membership packs, clothing, information about the club and events.
Personal Data collected automatically from the use by you of the website such as but not limited to the data transmitted from your browser such as your IP address; the date and time of the visit; the pages accessed; the access status/HTTP status code; your browser; your operating system and interface as well as the language and version of the browser software. The legal basis for collecting and processing this personal data is to be able to operate the website and provide you with access to the pages you wish to access.
Personal Data exchanged indirectly with our authorised suppliers which enables us to send goods and create / store and record communications and payments history. For example our partner Brand Edition for clothing & novelty items or TOYO Tyres. The legal basis for collecting and processing this personal data is fulfilling orders and providing services to our Members and Registered Users.
We use your Personal Data – to contact Members with order confirmations, essential club communications & occasional event notifications. All of which we need to do in order to manage purchases, deliveries or organise events. For example to facilitate the process of the Annual Elections of Board Officers or simply to send tickets out for an event.
Google Analytics – a web analytics service provided by Google, Inc. (“Google”) also places cookies on your computer, to enable Google to provide us with activity reports relating to the website. Google uses this data only to provide us with information on how users use the website and does not associate your IP address with any other data held by Google. The information generated by Google cookies about your use of the platform – including your IP address – will be transmitted to and stored by Google on servers in the United States. Again, if you wish to stop this you can do so by stopping these cookies being collected by
changing the settings on your browser or by downloading and installing the browser plug-in available under – https://tools.google.com/dlpage/gaoptout?hl=en-GB.
- Facebook : https://www.facebook.com/privacy/explanation
- Twitter : https://twitter.com/en/privacy
- Instagram : https://help.instagram.com/155833707900388
FOR OUR FOLLOWERS ON SOCIAL MEDIA
If you follow one of our social media channels, the GTROC may receive Personal Data about you such as your account name, gender, general interests, location, and age. The legal basis for processing this data is our legitimate interest in providing social media and marketing content that is of interest to our followers on social media.
We may use this Personal Data to provide bespoke social media content; for example if you have expressed interest in attending an event run by the GTROC. Exceptionally we may create targeted content across all our social media channels for a specific event and we may find out more about our digital community – for example by analysing the geographical locations of our followers and use this data to choose locations/events for events/locations
FOR OUR WEBSITE VISITORS
By using our website, we are able to collect personal data about you such as :
- Ssite referrals, browsing pattern, browser type, location, general interests, gender, and age.
- The data transmitted from your browser includes your IP address, the date and time of the visit the pages accessed.
- The access status/ HTTP status code, your browser, your operating system and interface.
- The language and version of the browser software.
We do not actively process any of this data, however the legal basis for collecting and processing this personal data is our legitimate interest in operating the sites, providing you with access to the pages you wish to access, understanding the interests of our potential customers and providing you with relevant information about the GTROC.
We use this Personal Data :
- To collect site statistics to analyse usage and if necessary to block malicious usage or attacks.
- Much of this happens automatically within the protection and security systems we have in place to protect your data.
FOR OUR DATA PROCESSORS
We use third party processors to collect, export, process and store Personal Data on our behalf. The processors we use currently are the following :
- Google Drive: https://cloud.google.com/security/compliance/eu-data-protection/
- Social Media Platform: Facebook, some data centres located in the U.S. Privacy Shield Certified. https://www.facebook.com/privacy/explanation
- Email marketing, https://mailchimp.com/legal/privacy/Web Management Tools
- Google Analytics, located in the U.S. Privacy Shield Certified. https://www.google.com/policies/privacy/
- Woo commerce: https://woocommerce.com/privacy-policy/
INTERNATIONAL DATA TRANSFERS
We use data processors located outside the European Economic Area only after taking such steps as are required to ensure that Personal Data they process on our behalf receives protection equivalent to that provided in the EEA. Our processors are either certified as compliant with the EU-U.S. Privacy Shield Framework where they are located in the USA or have entered into an agreement with us containing the model clauses approved by the European Commission as providing contractual protection equivalent to that provided by the data protection regulations applicable in the EEA. To learn more about the Privacy Shield program then please visit www.privacyshield.gov.
We use a variety of technical and physical safeguards which exist to protect the security and integrity of your Personal Data. This helps protect it from accidental or unauthorised access, use, alteration or disclosure to unauthorised third parties. These measures include device encryption, firewalls and virus checking procedures. Where we keep Personal Data files on local devices these devices are protected and accessible only to authorised GTROC Administrators. As a matter of course, we undertake periodic reviews of our security systems to ensure that they remain fit for purpose and that your Personal Data remains safe and secure.
DURATION OF STORAGE
We will maintain records of your Personal Data for as long as you remain and active paid member of the GTROC which includes Lifetime Members and or a registered user of our website. If you have not opened any email communication from the GTROC or interacted in any other way with us for 36 months, we will regard you as an inactive subscriber and delete your details from our records except where retention is necessary to enable us to enforce our legal rights, or to protect the rights, property or safety of our members.
YOUR RIGHTS IN RELATION TO PERSONAL DATA
You can update your subscription preferences or unsubscribe from our marketing communications at any time by following the link in the footer of the last email you received from us – “Preferences” or “Unsubscribe” – or by sending your request with detailed instructions to : GTROC@gmail.com.
You have the right to update and correct the personal information on your account. You also have the right to request from us all personal information that we hold that relates to you, to request restriction of the processing of that data and to request that we delete that data. Where allowed by applicable law, there may be an administrative charge for supply of copies of data and we may also require you to provide us with appropriate identification before we comply with this request. You also have the right to object to our continued processing of your personal data. You may also have the right to data portability. If you have a complaint about the way in which we use your personal information, you have the right to complain to the Information Commissioner at www.ico.gov.uk.
GTROC is the Data Controller in respect of any Personal Data that you submit to us or that we collect from or about you. Our registered office is :
GTR Owners Club Ltd, First floor, 34 High Street, High Wycombe, Bucks, England, HP11 2AG
If you would like to know what information we hold about you, or if you have any other queries or complaints in relation to this Privacy Notice, then please email the GTROC Chairman at : firstname.lastname@example.org.
Thank you for taking the time to read this.