Effective Date: 22/06/2023

This Club Website GDPR/DPA (General Data Protection Regulation/Data Protection Act) Policy outlines the privacy practices and data protection measures implemented by Surrey Rifle and Pistol Club ("the Club") to protect the personal information of its website visitors, members, and users ("users," "you," or "your"). This policy explains how we collect, use, store, and disclose personal data, as well as your rights and choices concerning your information.

1. Data Collection and Usage

1.1 Personal Information: The Club collects and processes personal information provided voluntarily by users through our website, including but not limited to names, contact details, email addresses, and any other relevant information necessary to provide our services or fulfil our contractual obligations.

1.2 Legal Basis: The Club will collect and process personal information solely on the basis of the following legal grounds:

a) Consent: When you provide your explicit consent for specific data processing activities.

b) Contractual Necessity: When processing is necessary to perform a contract or provide requested services.

c) Legal Obligation: When processing is required to comply with applicable laws or regulatory requirements.

d) Legitimate Interests: When processing is necessary for the Club's legitimate interests, provided it does not override your fundamental rights and freedoms.

1.3 Purpose of Data Collection: The Club may collect personal information for the following purposes:

a) Providing and improving services offered on the website.

b) Managing and maintaining membership accounts and communications.

c) Processing payments and handling transactions.

d) Sending relevant newsletters, updates, and promotional materials (with your consent where required).

e) Responding to inquiries, requests, or feedback submitted through the website.

f) Complying with legal obligations and resolving disputes.

1.4 Data Retention: The Club retains personal information for as long as necessary to fulfil the purposes outlined in this policy, unless a longer retention period is required by law.

2. Data Security and Sharing

2.1 Data Security Measures: The Club implements appropriate technical and organizational measures to safeguard the personal information against unauthorized access, disclosure, alteration, or destruction. These measures include encryption, access controls, firewalls, and regular security assessments.

2.2 Third-Party Service Providers: The Club may engage trusted third-party service providers to assist with website operations, payment processing, communications, and other related services. These providers may have access to personal information solely for the purpose of performing their obligations on behalf of the Club and are obligated to maintain the confidentiality and security of the data.

2.3 Data Disclosure: The Club will not disclose personal information to third parties unless:

a) It is necessary to comply with legal obligations or respond to lawful requests.

b) It is required for the establishment, exercise, or defence of legal claims.

c) It is necessary for the Club's legitimate interests or those of a third party, provided it does not override your fundamental rights and freedoms.

d) You have given your explicit consent for such disclosure.

3. Data Subject Rights

3.1 Access, Rectification, and Erasure: You have the right to access, correct, update, or request the erasure of your personal information held by the Club, subject to any legal restrictions or legitimate interests. Requests can be made by contacting the Club through the provided contact information.

3.2 Data Portability: Upon request, the Club will provide you with a copy of your personal information in a structured, commonly used, and machine-readable format.

3.3 Withdrawal of Consent: If you have provided consent for the processing of your personal information, you may withdraw your consent at any time. This will not affect the lawfulness of any processing conducted prior to the withdrawal.

4. Cookies and Tracking Technologies

4.1 Cookies: The Club's website may use cookies or similar technologies to enhance user experience, track website usage, and collect information about your preferences. You can manage your cookie preferences through your browser settings.

4.2 Analytics: The Club may use website analytics tools to gather information about website traffic, usage patterns, and visitor demographics. This data is used to improve the website and understand user preferences, but it is generally aggregated and anonymized.

5. Updates to the Policy

The Club reserves the right to modify or update this GDPR/DPA Policy periodically. Any changes will be posted on the website, and the revised policy will indicate the effective date. We encourage you to review this policy regularly for any updates.

6. Contact Information

If you have any questions, concerns, or requests regarding this GDPR/DPA Policy or the Club's data protection practices, please contact us at:

[email protected]