We undertake to respect everyone’s privacy and use the personal information they provide only for the specific purposes we describe here.
We hold very little personal information – and none of it is particularly sensitive. In general, we will not pass personal information on to a third party without express permission. The only exceptions are:
- Information needed to book riders into hotel rooms and onto ferries
- Names and email addresses passed to our email service: MailChimp
We comply with the Data Protection Act and – in particular – the data protection principles as well as the EU General Data Protection Regulation (GDPR).
Data is held in a database that supports this web site. The database is stored with our Internet Service Provider (ISP): 1&1. Copies are also held by our Admin committee member and sent to ride organisers as necessary.
Lawful basis of processing
The GDPR requires us to declare why our processing of personal data is lawful. We claim a ‘legitimate interest’ defined as “Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.”
Guidance from the Information Commissioner’s Office is that “It is likely to be most appropriate where you use people’s data in ways they would reasonably expect and which have a minimal privacy impact, or where there is a compelling justification for the processing”.
We see the legitimate interests as being:
- Our interest in administering the list of people wanting email updates from us
- The interest of people wanting to be kept informed via occasional emails
- Our interest in administering rides that we organise
- Riders’ interest in being kept informed of arrangements and having bookings made on their behalf
- Rider’s interest in having emergency contacts notified if necessary
We hold the following information about riders:
- First name
- Last name
- Preferred name
- Occupation, if provided
- Address including postcode
- Email address
- Contact number
- Emergency contact number
- Room share arrangements
- Jersey size
- Date of birth
- Whether the rider has ridden with us before
- How they heard about the ride
- Any special requirements
- Sponsored charity details
The above is the full list for the annual Hayling Cycle Ride. We do not require all the above for other rides we organise.
We retain information about past rides for insurance and statistical purposes. We will anonymise information held about a rider on request to email@example.com.
If you want to find out what information we hold about you or make corrections, please contact us at firstname.lastname@example.org.
Access to supporter or subscriber data
Only committee members and our web site developers have access to subscriber or rider data.
Securing web site data
We keep a number of backups of web site data:
- We assume that our Internet Service Provider keeps backup copies but we don’t rely on them.
- We make a backup copy every day for storage on the web site. The backup file is encrypted with a strong key known only to our web site developers and a committee member.
- We copy each day’s encrypted backup file to a PC held by one of our web site developers (who is also a regular rider) where they are retained for at least 20 days.
Access to administer the site is restricted to committee members and web site developers who log in with their personal username and password. Passwords are encrypted before they are stored in such a way that no-one, not even site administrators, can retrieve the password (we use a process known as one-way encryption).
Access to web site programming and site administration details is restricted to our web site developers.