Responsibility for your data:
Luton ibc is subject to the General Data Protection Regulation and the Data Protection Act 2018.
Why we collect data:
We collect, store and process personal data for the following purposes:
Enquiries to Luton ibc.
- Services we provide to our customers.
- Staff and consultants related information.
- Delivering and maintaining our coaching.
- Potential participants on our coaching events as well as those who have attended.
- Processing the personal data associated with enquiries associated with the Luton ibc
- Programme of activities. We will only collect data we need to give you a better experience; to improve and deliver our services to you; and to meet our responsibilities to you.
How we use personal data:
Please note that luton-ibc.org.uk (“this site”) might contain links to external sites as well as advertisements for purchasable products or services from third parties. This privacy statement does not cover the activities of such third parties. You should consult those third party sites’ privacy policies for information on how your data is used by them. Luton ibc does not sell or pass on personal contact details to any organisation and will not do so in future without asking you for a specific opt-in to that scheme.
What personal data do we collect?
Memberships: we collect personal data such as name, contact details and gender, for the purposes of fulfilling our services.
We collect personal data such as your name, phone number and email address in order to reply to your query.
This information may be used in conjunction with information we hold against any services that you have signed up for (such as but not limited to, those listed above) where it is appropriate to helpfully reply to your enquiry. This information is used to administer and deliver to you the support you have requested, to operate our indoor bowls club efficiently and improve our service to you, and to retain records of our business transactions and communications.
If you contact us via telephone, we do not use telephone recordings.
Trading in personal data:
Some of your personal data may be collected and processed with the intention of providing it to other named organisations (i.e. access to key reports or events), but this will only done where you have given your consent at the time of accessing such content or signing up for such an event (separately to this privacy statement).
Public forums, message boards and blogs:
Our facebook site uses message boards on blogs and users can participate in these facilities. Any information that is disclosed in these areas becomes public information and you should always be careful when deciding to disclose your personal information.
Our legal process for processing personal data:
Under the General Data Protection Regulation (GDPR) and the Data Protection Act 2018, organisations are required to have a legal basis for processing personal data. The legal bases we use for processing data are:
- Legitimate interests for the purposes of fulfilling our activities and the provision of our services.
- Consent when people opt into our mailing lists .
We will only send you further information about the partners involved in Luton ibc and their specific services, if you have actively consented to us doing so (e.g. you have opted to join their mailing lists). Individuals signed up to receiving these, can withdraw their consent at any point by contacting email@example.com.
How long do we keep data?
Personal data that you have submitted as part of an enquiry to us is archived after one calendar year except where they result in a purchase in which case they are retained longer as part of our financial records
Inactive Luton ibc users are archived after 24 months
Unless you are an active Luton ibc user (as above) or you consent to hearing from the indoor bowls club about their services, we store and retain your personal data for the duration of the coaching programme and for a further 12 months after the programme has completed.
Collection of personal data:
Our primary goal in collecting personal data from you is to give you an enjoyable customised experience whilst allowing us to provide services and features that most likely meet your needs. We only collect personal data from you through data inputted through enquiry forms (if submitted), Mailchimp newsletters and events (if joined) and site usage data. We do give you access our sites’ homepages without subscribing or registering or disclosing your personal data.
Please note that we do not intend to collect any personal data from children under thirteen years of age and no child under thirteen should submit any personal data to any of the sites. Should we discover that any such personal data has been delivered to any of the sites, we will remove that information as soon as possible.
Under the GDPR and the Data Protection Act 2018, you have the following rights:
Right to be informed. This Policy provides you with information in relation to how your data is processed. This ensures that we are transparent about what we will do with the information you supply to us.
Right to object to the processing that is likely to cause you damage or distress. Where you challenge the accuracy or lawful processing of your information, we will consider this.
Right to receive an electronic copy of any information you have consented to us holding. You can ask us to provide you with the personal data about you we hold, securely and in a machine-readable format, so it can be moved, copied or transferred to be used across different services or for you to give to another organisation. This is called a subject access request and we will need to verify your identity before giving such information.
Right to object. We will ensure that we have the right consents in place for sending you information. You can unsubscribe from our mailings and remove your details at any time. If you wish to stop receiving communications from us, you will be able to do so by contacting our secretary (firstname.lastname@example.org)
Rights related to automated decision making. If there is additional profiling based on the information we hold, then you can object to us making decisions about you based on such processing.
You can make a request at any point by email to email@example.com. We will respond to a request within one month of receipt. However, where a request is received to erase data, we may not be able to delete all data (for example where data is linked to financial transactions that must be kept for a set period of time under financial regulations).
Data storage and transfers
Your personal data is stored on servers in the UK.
Location: VIRTUS Data Centres Stockley Park near London Heathrow airport – virtusdatacentres.com
If we share your personal data with any third-party service provider in the course of providing you with our services, those third parties are required to process your data in accordance with contracts which comply with current data-protection legislation.
Information collected at one site may be used by any other Charity Digital services for the purposes listed above. We may also disclose your personal data to other third parties, including, without limitation, professional advisers, or governmental or State institutions or regulatory authorities, where necessary in order to exercise or defend legal rights or where required by law. We may transfer, sell or assign any of the information described in this policy to third parties as a result of a sale, merger, consolidation, change of control, transfer of assets or reorganisation of our business.
Confidentiality and security of your personal data:
We are committed to keeping the data you provide us secure and will take reasonable precautions to protect your personal data from loss, misuse or alteration. The transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features described above to try to prevent unauthorised access. We have implemented information security policies, rules and technical measures to protect the personal data that we have under our control from:
- unauthorised access
- improper use or disclosure
- unauthorised modification
- unlawful destruction or accidental loss
All our employees, contractors and data processors (i.e. those who process your personal data on our behalf, for the purposes listed above), who have access to, and are associated with the processing of your personal data, are obliged to keep the information confidential and not use it for any other purpose than to carry out the services they are performing for us in line with the standards set out in the GDPR.
Who we share data with:
We do not share data with anyone outside of Luton-ibc, unless;
We are required to share data with the appropriate authorities (e.g. police, law enforcement agencies where we have a legal obligation. For example, for the detection and prevention of fraud, or where data is required in relation to a criminal offence.
We do not sell or share data with any other third parties other than those listed above, covered under the trading data clause and where we use a third party to securely process our data on our behalf eg payments