What is GDPR?

GDPR is a new law on data protection and privacy that gives control over your personal information back to you. Although it is a European law, it (apparently) will still apply after Brexit. If you want to find out more about the detail of GDPR, the Information Commissioner’s Office (ICO) website is a good source, you can find that here

Who we are (in case you had forgotten)

We are the Oxford Academicals Rowing Club 🙂 Our website address is: http://www.oxfordacademicals.org.uk.

How and when we collected your information?

Your info can help us do things like organizing the training sessions (outings), preparing for regattas, organizing the “Learn to Row” courses or ordering kit so we look good when we race or train!  We collected your details in the following ways:

Where it’s necessary to perform our contract with you  and where you’ve given us your consent

•             When you applied for membership with the Oxford Academicals Rowing Club and filled up our form.

•             When you took part in the “Learn to Row” Course and filled up the registration forms.

•             When you talked to us on the phone, by email, or via electronic messaging (such as Whatsapp group, email), or when you wrote to us

•             When you ordered OARC rowing kit with us and gave us your cloth sizes.

All the information about how we collected your data can be found  in the section below.

What personal data we collect,  why we collect it, and how we use it.

Well, there is nothing very complicated. We simply need to be able to get in touch with you to organise outing sessions. So we need your email address so we can add you to our mailing list and we need a telephone number. This is just in case you don’t wake one morning and the cox can try reaching out or in case we need to cancel an outing at short notice, and we can reach you before you show up at the boathouse, on a call, miserable morning to find out the outing has been cancelled.

For health and safety reasons, for insurance purpose as well, we need to make sure we can row and make you row in the safest conditions possible. Hence, we ask you to make sure you are cleared by your GP to practice this sport.  Then, we need the contact details of a kin. This is really to be prepared, should anything serious happen. Some Bump races can get out of hand (but this is really exceptional!)

Membership forms:

What is that we store?

Why do we record it?

Who is it shared with?

Full Name

Person’s identification

Shared with club members

Signature

Person’s identification

No, not shared with anyone outside Committee members

Date of birth / Age

Race Registration Entry  + Regatta participation

No, not shared with anyone outside Committee members

Gender

Race Registration Entry  + Regatta participation

No, not shared with anyone outside Committee members

Email address

Communication with Club, outing organization, regatta, committee

No, not shared with anyone outside Committee members

Telephone number

Communication with Club, outing organization, regatta, committee.

No, not shared with anyone outside Committee members

Next of Kin Full Name

Communication is case of incident or medical emergency

Shared with crew captain (for race events)

NoK Telephone number

Communication is case of incident or medical emergency

No, not shared with anyone outside Committee members

Chronic Medical Conditions we need to know about

Individual and Crew Safety. If a club member has a chronic condition, such as asthma or diabetes, the OARC Safety Officer and OARC Captain of Coxes ought to know about it to ensure the crew mate has medication handy during each outing and that the whole crew can go out in safe conditions.

No, not shared with anyone outside Committee members (Coxes, Captains and Coaches

Consent to email/phone communication

GDPR compliance for record keeping

No, not shared with anyone

Comments

We have disable comments throughout our site. So no information about site visitors is tracked by that means.

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included.

We will always seek consent from the persons appearing in the pictures or video before publishing them. Also any member may request a picture where they appear to be removed at any time. We will oblige within 72 hours.

Cookies

If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracing your interaction with the embedded content if you have an account and are logged in to that website.

Who we share your data with

This is very simple. The OARC does not share club members data with any third parties.

How long we retain your data

We’ll only keep your information for as long as necessary (but no longer than we have to). Just in case you need to access records or there is a dispute to resolve.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

How do we store your data and How do we protect your data

At OARC, we take the protection of your data seriously.  We hold your contact details (including your email address and contact phone numbers) in our OARC Members database, which is a Google Spreadsheet held on Google Cloud services.  The access to this data is restricted limited to one or two essential club volunteers (Secretary, Treasurer) and you are able to access and amend it at any point. In terms of access authentication challenges, the google accounts of both the secretary and treasury require 2-factor authentication. Google Cloud services allows replication on local drives on computers or mobile devices (synchronization). The OARC mandates the folders to be encrypted.

Committee members will be requested to destroy all copies of information pertaining to their term in committee at the conclusion of their term and notify the acting committee that they have complied with the requirement.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Here we’ll explain the rights you have regarding your information:

Rights What does this mean?
1.      The right to be informed

 

You have the right to be provided with clear, transparent and easily understandable information about how we use your information and your rights. This is why we’re providing you with the information in this Privacy Policy.
2.      The right of access You’re welcome to ask us what information we have about you, any time you like.

You have the right to obtain access to your information (if we’re processing it), and certain other information (similar to that provided in this Privacy Policy).

This is so you’re aware and can check that we’re using your information in accordance with data protection law.

We won’t charge for this and we’ll do our best to get details back within 30 days.

Check out the Contacting Us section if you want to find out how to get access to your information.

 

3.      The right to rectification You’re entitled to have your information corrected if it’s inaccurate or incomplete. Just let us know where to make the changes!
4.      The right to erasure This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your information where there’s no compelling reason for us to keep using it. This is not a general right to erasure; there are exceptions.
5.      The right to restrict processing You have rights to ‘block’ or suppress further use of your information. When processing is restricted, we can still store your information, but may not use it further. We keep lists of people who have asked for further use of their information to be ‘blocked’ to make sure the restriction is respected in future.
6.      The right to data portability You have rights to obtain and reuse your personal data for your own purposes across different services. e.g. if you decide to switch to a new provider, this enables you to move, copy or transfer your relevant information easily between our IT systems and theirs safely and securely, without affecting its usability, such as your name and address.
7.      The right to object You have the right to object to certain types of processing, including processing for direct marketing (which we do only with your consent).

To exercise any of these rights at any time, check out the Contact Us section.

Your contact information

Should you have any question regarding OARC Data Privacy Policy or the information we have about you, please reach out to us.