The East Anglian Sailing Trust (referred to hereafter as ‘EAST’, ‘we’, or ‘us’) is committed to protecting and respecting your privacy.
This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
For the purpose of the Data Protection Act 2018 (the Act), and General Data Protection Regulations 2018 (GDPR) the Data Controller is The East Anglian Sailing Trust, Suffolk Yacht Harbour, Levington, Suffolk, IP10 0LN.
Who does this policy apply to?
Any member of EAST, as well as any other individuals taking part on our keelboat sailing sessions, cruises or visiting our Waterside Community Centre. It also applies to contractors, consultants, agents, suppliers and sponsors, or any other person associated with us (“associated persons”).
Information we may collect about you
Because we have a ‘legitimate interest’ in managing your membership with EAST we may lawfully collect and process the following data about you:
Information you give us. You may give us information about you by filling in our membership forms and questionnaires or by corresponding with us by phone, e-mail or otherwise. The information you give us may include:
your name, address, e-mail address and phone number, personal descriptions and photograph;
the name, address, email address and phone number of your next of kin and/or emergency contact;
details of any relevant training records and training plans;
details of your qualifications including the results of any examination, assessment or training course provided by us or by any recognised training centre and any accompanying notes and observations regarding your performance;
details of your participation and performance in sporting events and competitions;
details of any relevant boating, yachting or other sea faring experience you may have;
any relevant dietary records and details of your dietary requirements.
Other information you give us may be sensitive or processed for reasons other than the management of your membership such as:
Health information (‘Special Category Data’) including details of your age, gender, height, weight and any health conditions or mental or physical impairments you may have. When we collect this information, we ask for your explicit consent via our ‘Data Protection Consent Agreement’ to store and process this information for the specific purpose of assisting us in providing you with safe sailing experiences. You may withdraw your consent at any time by contacting firstname.lastname@example.org.
Disclosure and Barring Service (DBS) search results. As a volunteer for the East Anglian Sailing Trust we may conduct a DBS search on your behalf. Any results will be returned to you directly and if necessary, will only be discussed with a designated Trustee for the section in which you volunteer.
Non-membership data. If you are not a member of EAST and we need to collect personal data from you, we will review the lawful basis upon which we may store and process your data at the time we collect it. If necessary, we may ask you to provide consent to store and process your personal data. Such data will be stored and processed in accordance with the procedures outlined here for membership data.
Our Website. Our website does not currently use any form of data tracking. If this is changed, we will tell you about any personal data we collect from our website by updating this policy. However, our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
Uses made of the information
We will use information you give to us:
to fulfil our obligations to you in the following ways:-
to administer your membership and provide membership information and membership benefits to you;
to carry out our obligations arising from any contracts entered into between you and us and to provide you with any products and services that you request from us including: race entries; equipment loans; participation events; social events; coaching and training services; and examination and assessment services;
to register you as a qualification or credential holder, volunteer, committee member or in some other capacity.
to keep you updated in the following ways:
if you are a member of EAST, to notify you about our activities;
to notify you about cancellations of our service;
changes to our membership benefits, products, facilities or services;
to notify you of any changes or proposed changes in any laws, regulations or best practice in relation to boating, yachting and other related activities which we feel may be of interest to you.
Other Uses of the information we hold about you:
if you ask us to provide any verification of your qualifications or experience or if you refer any person to us to obtain any verification of your qualifications or experience, we may use your data to provide the verification sought;
to consider any complaints made to us about you which is of legitimate concern to us.
Marketing and fundraising. We will only contact you for the purposes of promoting our activities and fundraising in accordance with your preferences collected on our ‘Data Protection Consent Agreement’. You may update your preferences and elect to not receive such communications at any time by notifying email@example.com.
Photographs. We ask for your permission on our ‘Data Protection Consent Agreement’ for photographs taken of you during sailing experiences to be used in promotional material, as part of fundraising campaigns, in newsletters and on social media. These photographs will be securely stored and may be deleted on request. You may withdraw your consent at any time by contacting firstname.lastname@example.org.
Disclosure of the information
We may share your information with selected third parties including:
examiners, assessors, trainers and coaches who require the data in order to provide services which you have requested or to conduct any examinations or assessments which you have requested;
organisers of events who require the data in order to look after your welfare and who may require passing the same to emergency and medical services providers;
We may also disclose your personal information to third parties if we are under a duty to disclose or share your personal data in order to comply with any legal obligation.
We are most likely to share your information with:
The emergency services. In the event of an accident or any point where your wellbeing or health requires emergency medical support, we will share your medical data with the emergency services as per your consent obtained on our ‘Data Protection Consent Agreement’.
The Disclosure and Barring Service. Any personal data you provide in relation to a DBS check will be sent directly to the Disclosure and Barring Service, we will not retain a copy of your application form or the personal data contained within it. For further information on how DBS uses your personal information please see: https://www.gov.uk/government/publications/dbs-privacy-policies.
Where we store your personal data
We store the membership forms you complete securely and store most of the information collected from them electronically, on a membership database. This database is hosted through the security architecture of Microsoft Azure Database for MySQL. For further details of Microsoft 365 security features please visit https://www.microsoft.com/en-us/trustcenter/. Access to this database is restricted to volunteers and Trustees who have an operational need to do so to manage your membership.
We strive to keep the data on this database as accurate and relevant as possible. As a member you may be asked each year when you renew your membership to confirm the accuracy of the data, we hold about you. Any personal data we hold about you will be securely destroyed two years after your membership ends. Any health information we hold on you will be securely destroyed one year after you cease to sail with us. Non-membership personal data will be reviewed annually and destroyed if such data is no longer in use. To update or review your membership data please contact email@example.com.
Our volunteers are encouraged to send and store all emails, correspondence, and other electronic files and information within the Microsoft Office 365 security hardened system which provides:
Encryption at rest protecting data on servers.
Encryption in transit with SSL/TLS protecting data in transit.
Threat management, security monitoring, and file/data integrity to prevent or detect any tampering of data.
Exchange Online Protection to provide advanced security and reliability against spam and malware to help protect information.
We recognise that your health information as ‘Special Category Data’ is especially sensitive, so any documents which contain health information are stored securely in paper form, with the minimum amount of data added to our membership database or any other electronic files. These forms are kept in locked storage whenever possible and accessible only by those who need the information to conduct the risk assessments and resource assessments necessary to provide you with safe sailing sessions and cruising experiences.
Unfortunately, despite our efforts to choose and maintain secure electronic methods of securing your data, the transmission of information via the internet is not completely secure. We cannot therefore guarantee the security of your data transmitted to us; any transmission is at your own risk.
You have the right to be informed. This Data Privacy Statement aims to tell you everything you need to know about the data processing activities we carry out.
You have a right of access. You have the right to make a ‘Subject Access Request’ to obtain a copy of the personal data we hold about you. You may make a verbal request to the Duty Instructor of your Keelboat sailing session or the Cruise Co-Ordinator/Skipper of your cruise or make a request in writing to firstname.lastname@example.org. We will provide a disclosure of the information within one month.
You have the right to rectification. We conduct and annual review to ensure the personal data we hold is accurate and complete. You may however make a request to review and rectify any errors in the data we hold at any time and we will comply within one month.
You have the right to erasure. You can ask us to stop processing your personal data. If there is no overriding legitimate interest to continue processing your data, we will securely destroy or delete any information we hold on you. We retain the right to refuse to erase your personal data where it is processed:
to exercise a right of freedom of expression and information;
to comply with a legal obligation or for the performance of a task of public interest;
for the exercise or defence of legal claims; or
for purposes relating to public health, archiving in the public interest, scientific/historic research or statistics.
You have the right to restrict processing. You can limit the way we use your personal data if:
you have contested its accuracy;
you have objected to the processing and you are considering whether you have a legitimate ground which overrides this;
processing is unlawful;
we no longer need the data, but you require it to establish, exercise or defend a legal claim.
You have the right to data portability. To allow you to move, copy or transfer your personal data from one IT environment to another in a safe and secure way, without hindrance to usability, we will provide your personal data in a structured, commonly used and machine-readable format upon your request.
You have the right to object. You have the right to ask us not to process your personal data for certain categories of use. One such objection may be for marketing or fundraising purposes. We ask you for your preferences on our ‘Data Protection Consent Agreement’. You may change your chosen preference at any time by notifying email@example.com.
We do not apply any automated processing to your personal data, so your rights regarding automated decision making are not currently applicable.
To exercise any of these rights please make a request to firstname.lastname@example.org.