With effect from 25 May 2018, the Data Protection Act 1998 will be replaced by the EU ‘General Data Protection Regulation’ or ‘GDPR’ as amended by the UK Data Protection Bill.

Contact of members by the Club:

Under GDPR, members must agree to be contacted by the Club IN CONNECTION WITH CLUB ACTIVITIES rather than ticking a box to ‘opt out’.
It is therefore vital that members tick the box on the membership renewal or application form agreeing that the Club can contact them by eMail in connection with Club activities.

The Club endorses and adheres to the principles of Data Protection legislation and will:

Information Held:

The membership database is held on the Club Computer, the Software is password controlled.  Access is limited to the Membership Secretary and Bar Manager.

Data comprises

Adult members: title, name, address, telephone number, mobile number and e mail, plus date of birth required to specify category of membership (senior or adult).
Junior members: name and date of birth (check age €“ only under 18’s).
Further information relating to sections, renewals, start and end membership date
Data is deleted within 2 years of when membership ceases for any reason.

Use of Information by the Club:

General

Email and/or Address will be used to contact members concerning club membership including renewals and key club closures, AGM invites etc.
Where approval has been received from a member to contact them by email IN CONNECTION WITH CLUB ACTIVITIES, e.g.  quiz nights, race nights, dance events.  This information will be sent by email only; letters etc will not be sent and any such communication will be blind copied (bcc).

Squash Club

In the case of Squash members, the data is transferred to that section to include in the online booking system My Courts to allow members to book squash courts and as appropriate to pass on to England Squash and Berkshire Squash.  The data can also be used by Squash Club management to contact members related to Club Squash activities subject to your approval.
MyCourts, Squash England and Berkshire Squash have assured all their customers that they will be GDPR compliant by 25 May 2018.

Bowling Club

The bowling club maintain their own data which meets the GDPR regulations. On a regular basis they pass details of their members to add/modify the member data on the Club’s Membership database.

Other sections

Monday: Ballroom and Latin Section
Tuesday: Sequence Section
These sections will obtain permission from their members to receive email notification of their events.  They will comply with the Club’s data protection policy.

Health, Safety and Security Systems

CCTV

The BCSA uses CCTV to capture images of individuals or information relating to individuals for Health and Safety and crime prevention.
Data is processed fairly and lawfully and images of people and the information which is derived from images €“ e.g. vehicle registration numbers,are covered by the Data Protection Act.
Recorded material is password protected and stored for a maximum of 28 days.
Advisory Signs are in use at the premises.

Access Systems

Basic data for all members is held on the Paxton Net2 access control system.  This is a stand-alone system held on the Club computer and is password controlled.  This is purely used to control the access and expiry of members’ fobs.

Electronic payments

The BCSA complies with the security requirements of the credit card Payment Card Industry Data Security Standard (PCI DSS) Program and compliance is validated annually.
PCI requirements apply to all systems that store, process, or transmit cardholder data.  Electronic storage of cardholder data is not conducted or permitted.

Accident Reports

Accident reports will be held for 6 years and then shredded.

Registration:

The Club is not registered with the Information Commissioner’s Office as it is exempt.

Right to see information held by the Club:

Members may contact the Membership Secretary to see a copy of the information held for them on the membership software.