IBRSC Membership and Training Portal

IBRSC GDPR Policy

IBRSC GDPR Policy

Background

The introduction of the General Data Protection Regulations (GDPR) on 25th May 2018 requires that any organisation that collects and processes data from individuals must comply with and document how it meets these regulations.

The body responsible for data protection is the Information Commissioner’s Office (https://ico.org.uk).

This document describes, in great detail, the data we hold, how it is used, who can see it, how we protect it and how we retain it. The information here only applies to the membership database as is seen through the membership website (http://membership.islandbarn.org.uk). For the GDPR Policy for the main website please visit http://www.islandbarn.org.uk/privacy.

The other thing GDPR takes into account is that the measures taken should be in proportion to the sensitivity and importance of data being unlawfully disclosed or used. The only personal information we hold (excluding the medical details for course attendees while the course is running) are name, address, phone, email and date of birth. Most of this data is readily available through simple internet searches, nonetheless we take protecting all your data seriously.

Summary

The key points are mentioned here, if you don’t have the time or interest to read the details you can find in later in this document.

  • IBRSC never shares any data you provided or is related to you with any third party unless required to do so by a court order.

  • Your data will only be used to allow the club to carry out the normal activities of sailing club.

  • Access to your data is strictly controlled on a need to know basis.

  • You can view all the data we have on you by simply logging on to the membership website. You can edit your personal details at any time.

  • We retain the minimum of data to allow you to rejoin in the future and to support statistical analysis to help direct future club development.

  • The only sensitive data we may hold on you is a medical questionnaire if you have applied for a training course. This data is encrypted and is deleted immediately the course has finished.

Your Consent to this GDPR Policy

If you have joined the club, renewed you membership or booked on a training course and provide personal data to us we will endeavour to make it clear why we need this data and to obtain your specific consent to use it. Unless otherwise notified, you will be treated as having consented to our use of your personal data under the terms of this Policy.

For the purposes of the General Data Protection Regulations, the data controller is the Membership Secretary of Island Barn Reservoir Sailing Club.

Information We Collect and How it is Used

We may collect and process the following data about you when you fill in an online form or paper form to join, renew or signup for a course.

The membership details from joining or renewing may include:

  • Your name, address, email and phone number(s).

    • These are used to send you an information pack and to keep you up to date on club activities. Phone numbers will only be used in emergency or if email isn’t available or not working.

    • Your name, email and phone numbers will be on a duty roster or duty email reminders if you are part of a duty team. There is no opt out of this as running a duty system would not be possible and it is a condition of some membership categories to do duties. This allows the duty race officer to contact the team to confirm attendance or pass on other information that may effect the smooth running of the team.

    • Your name, email and phone numbers may be used in a members directory, if you give consent. You can change you mind at anytime. The directory can be viewed online and is only accessible to current members.

  • Your date of birth.

    • Certain membership categories or discounts are age related and we only use your date of birth to confirm the membership category or provide you with a discount.

  • Your skills that relate to taking part in duties, namely if you have RYA power boat or first aid qualifications or are able to manage a duty team and run racing.

    • Your skills allow us to offer you appropriate roles on a duty team, if your membership category has a duty commitment.

  • Your occupation.

    • The club is run by volunteers and sometimes we have need of someone with particular skills, e.g. an accountant or builder. If we can find someone in the club we may be able to get the work done quicker or for less money.

  • Any family members who are going to be using the club on a regular basis must also be listed providing their name, date of birth and occupation - how we use this information as already been covered.

    • We need to know who the members are in case of emergency, i.e. a family member has an accident.

    • Some aspects of our insurance only cover members.

    • Our bar licence only covers members.

  • A list of the boats you are going to sail on the reservoir or store at the club. Each boat is identified by its class and sail number. We recored if the boat and/or a road trailer are to be stored at the club.

    • These details allow us to calculate the correct membership fee.

    • The club rules require that boats to be sailed on the reservoir are registered with the club and insured.

    • It allows us to contact the owner in case of damage (e.g. from a storm) or the boat is found abandoned.

    • The boat and its owner’s name are held in a boats directory available for members to view online.

    • The boat identification and member’s name are used on race cards to facilitate the production of racing results.

    • Racing results are publicly available on the club’s main website.

  • The number of times you are likely to participate in sailing, training, duties or volunteering at the club.

    • The club status is that of a Community Amateur Sports Club (CASC) and this gives us many financial benefits, however, we need to show sufficient participation by our members to keep our CASC status. Collecting your likely participation level on joining or renewing is the least intrusive way for us to do this, while still fulfilling the CASC rules.

If you sign up for a course the information collected about the participant may include:

  • Their name, address, email and phone number(s).

    • These will only be used if there is a need to contact you, for example if a course is postponed due to inclement weather.

  • Date of birth.

    • Some courses have an age restriction so this is used to make sure you can do the course.

  • Sailing experience.

    • This helps the course organiser make sure the course is at an appropriate level for your abilities.

  • Emergency and/or parent contact details.

    • These will only be used in the unlikely event of an accident or if the course participant falls ill while attending the course.

  • Medical conditions.

    • The medical conditions are used by the course organiser to assess if there is any risk to you by doing the course.

    • In the event of an accident or illness while attending the course your medical details will be reviewed to guide any course of action and may be passed on to any medical professionals called to the scene.

    • The medical data is held encrypted.

    • The medical data is deleted as soon as the course has finished.

  • Consent and doctor’s details if the participant is a child.

    • Child protection is very important to us but we may need to take some action regarding your child, if for some reason, you are not present or available. We will endeavour never to act without your permission, but we need to make sure the child’s best interests can be served and any volunteer helpers are enabled to assist your child, if necessary.

  • Participant’s details if the participant is a child.

    • The 'Can swim' question is important as learning to sail a dinghy without being able to swim may result in a drowning accident. Part of learning to sail involves capsize drill and if the participant is not confident in water then this can be dangerous.

    • Sailing qualification and experience help the course organiser to determine if this is the correct or suitable course for the participant.

    • The 'In junior sailing school last year' question is asked because courses where a club boat is used have limited capacity. We want to encourage new sailors and discourage previous year’s sailors from 'hogging' boat usage.

    • The 'Sailing own boat' question allows the course organiser to allocate club boats appropriately.

  • Parent’s details if the participant is a child.

    • The courses are run by volunteers and parental help on land and on the water forms an important part of this. These questions find out what the parents can help with and if they are willing to do so. The course organiser will use this information to allocate helpers during the training sessions.

All data collected at enrolment time is deleted two years after the course has finished with the exception of the participant’s name and this is only retained so we can make sense of the course payment.

If the course leads to an RYA qualification your contact details may be passed on to the RYA to register your pass with them.

Some of the above information may be statistically aggregated (fancy way of saying counted) to help answer the annual RYA questionnaire on club health, but no individual details will ever be released.

In addition to the information you provide directly we also may hold additional data derived from the running of the club. This data includes:

  • What you have bought from the club by way of membership subscriptions, berthing and trailer storage fees, course fees, social fees, donations and any discounts. How and when you paid.

    • This information is used to reconcile the club’s bank statement, manage the club’s finances and prepare the annual accounts and tax submissions.

    • It is used to derive statistical information (past and present) about the club to help guide future club development.

    • We never store or see any information relating to your bank account, credit or debit cards.

  • What boats you may have owned. When you delete a boat because you no longer sail it at the club we may still keep a record that you once owned the boat.

    • This is only used if the boat is found during a berthing audit and may help us find the new owner. For example, you sold the boat and the new owner hasn’t registered it.

  • What duties you have been allocated, if you said you would attend and if you did attend.

    • This helps us review how well the duty system is working.

    • This allows us to potentially chase up members that don’t do their duties as required by the terms of their membership.

We don’t store any data on your computer (as 'cookies') except the minimum necessary to maintain a logged in session. We are legally allowed to do this without asking your permission.

Who can see Your Data

You can see everything we hold on you (profile, purchases, courses, etc.) by simply logging in and looking under the 'Your Data' menu. This satisfies the GDPR requirement: 'your right to see your data'.

No other member can see any of your data unless they are a club official.

Club officials have the following access privileges:

  • Membership Secretary can see and edit everything (only because they administers the membership website and database).

  • Commodore, Vice Commodore, Hon Treasurer and Hon. Secretary can see everything.

  • Trustees can see financial information.

  • Sailing Secretary can see and edit events and duty information.

  • Course Administrators can see and edit courses information and see participant information.

  • Course Helpers can see course and participant information.

  • Social Secretary can see and edit socials.

How we Protect Your Data

All the membership data is held in a database on a server hosted by Valcatto Ltd. The server is located in the UK and is fully protected against illegal physical access and is continually being monitored for illegal network accesses or hacking. This is obviously outside our immediate control and we trust they are doing a good job here as their business relies on this.

Access to the server required a strong password and all interaction for development purposes happens over an encrypted communications channel via SSH. Even if this is breached then the database is protected with a different, strong, password.

Regular access to the database is via a web browser and the web app developed specifically for the membership website. All data transfers between the web browser and the web app is done over an encrypted channel using the https protocol. The web app uses the Rails web framework to implement all interactions except the immediate user interface and business logic so have industry strength security measures in place to prevent SQL injection, spoofing, form tampering, etc..

The database consists of many relational tables, such as Users, Members, People, Boats, Payments, Events, just to name a few. Access to each table is controlled by the role(s) assigned to the logged in user and so restricts if they can see the table or what records they can see in a table. Your login name and password uniquely identify you to the system and hence your access rights. Obviously the user interface will limit what you can see but editing the URL manually will not allow you accesses beyond your those rights given your role.

Under GDPR, sensitive data (racial or ethnic origin, political opinions, religious beliefs, trade union membership, sexual life, physical or mental health condition, criminal offences or record) requires special treatment. The only sensitive data we hold are medical records for anyone attending a course, just for the duration of the course. The medical records are stored using strong encryption in the database so even if unauthorised access to the database occurs the medical records will not be readable. The encryption keys are not stored in the database.

The login credentials are stored encrypted and salted. The salting prevents reverse lookup of encrypted passwords harvested from the internet.

How you prevent unauthorised access to your data depends on having a strong password and keeping your password secret and secure. If you are lax in this and your data leaks out then we cannot be held responsible.

Data Retention

We retain data about you in the database after your membership has lapsed because:

  • It allows you to rejoin in the future with minimum of effort.

  • We have a tax obligation to retain financial records for at least 6 years.

  • It allows membership trends and statistics to be generated to better guide the future development of the club.

  • It allows some hope that owners of abandoned boats can be traced.

However, to prevent the retention of potentially erroneous data we erase your address, email, phone numbers and date of birth after your membership has lapsed for 6 years. Note that data relating to your purchases and boats are kept indefinitely.

All the paper membership records prior the membership database have been shredded. Any paper membership applications are shredded once entered into the database.

How Data is Deleted

In the interest of full disclosure here are a few notes about how data in the database is deleted or destroyed.

The database system has four mechanisms to allow the recovery of data deleted by:

  • accident

  • as a result of some sort of system failure

  • malicious intent

and these mechanisms also make deleting data deliberately more complicated than it seems.

The four mechanisms are:

  1. Every database transaction (create, update and delete) are recorded in a change history. This allows every transaction to be undone so provides a similar facility to the common undo found in word processors, etc.. It also shows who did the transaction so allows forensic analysis to be done if data is unexpectedly changed or deleted or someone reports something strange happening to their account. The change history goes back 6 months and is only accessible to the club officers.

  2. Every access to the database over http (i.e. from a web browser) is logged. For deletions this shows what record(s) were deleted, but doesn’t reveal their contents (unlike create or an update). The logs are kept for 30 days and are only really used when an error occurs and are used to try and understand what caused it so the error can be reproduced and fixed.

    • Sensitive data such as passwords and medical data are not logged.

  3. The backups done by the hosting company. They take a backup every 5 days and keep 4 historical backups.

  4. The database is backed up every day off site to a secure location and kept for 30 days.

When a database record is deleted it is no longer available through the normal user mechanisms immediately, but can take up to 6 months to be completely purged from the system (ignoring what is happening at the OS level reusing free space on a disc). The GDPR recognises that there might be a big delay between data being deleted and not normally accessible to being totally unrecoverable.