Data Privacy

General Data Processing Regulation (GDPR) and Data Privacy

The GDPR is the new law of data protection for the country and is in effect from 25th May. Being a Regulation of the EU it comes into effect in EU countries without any further action and it is understood that the Government intends that it will survive Brexit. Compared with the previous law the Club, as a Data Controller, is required to be more transparent in what it does and there are stronger sanctions for breaches of the enhanced requirements; individuals will have increased rights in relation to the information the Club holds; know how it keeps the personal information secure; how the information is used; and, the legal grounds the Club has for doing so.

Data Protection is now commonly being called Data Privacy and a Data Privacy Notice for The Riley Motor Club (including Riley Motor Club Spares Limited) has been written that provides additional details and to make it easier for persons whose personal information is recorded by the Club to find out how their data is used and protected. The Notice sets out the Principles the GDPR embodies and the responsibility of the Club as Data Controller for compliance. The Club won’t be changing the ways it uses the personal information. healthordisease.com. The main bodies of personal details that the Club has are the membership records containing information that has been provided by each member, particularly in membership application forms containing relevant data protection statements, and records of sales by Spares and of Regalia.

GDPR updates legal protection of processing and recording of personal information and the rights of the individual and the Club will comply through its commitment to the terms of its Data Privacy Notice. If changes occur or are needed in the future the Notice may be modified and this will be communicated through Riley Record and the website.

General Data Processing Regulation (GDPR) and Data Privacy

The Riley Motor Club – Data Privacy Notice
1. Introduction
This notice explains the processing of personal data by the Club according to the General Data Protection Regulation, which is law in the United Kingdom from 25th May, 2018. It describes how, when and why the Club may use the personal information, as well as the rights of the data subject in relation to this information. The Club comprises two companies, The Riley Motor Club and Riley Motor Club Spares Limited and is committed to protecting the information that it holds.

Article 5 of GDPR requires that personal data shall be:
Processed lawfully fairly and in a transparent manner in relation to individuals
Collected for specified explicit and legitimate purposes
Adequate relevant and limited to what is necessary
Accurate and where necessary kept up to date
Kept in a form that permits identification of data subjects for no longer than is necessary
Processed in a manner that ensures appropriate security of the personal data

And that the controller shall be responsible for and be able to demonstrate compliance with
the principles

2. Information the Club holds
Information the Club holds will generally have come from the data subject directly (eg when application was made to join the club or renew membership and in joining and taking part in the online forum and social media); this may include the following:
Personal details (eg name)
Contact details (eg postal address, phone numbers, email address)
Transactional details (eg payments made and received)
Financial information (eg bank account details) provided to the Club for payments
Information about any other Club products and services the data subject has or held

If the data subject does not provide personal data that the Club states is required, it may be unable to provide services or perform its obligations to the data subject The Club will also hold information collected from other sources, including interactions with the Club on its website and social media and its own records of Club products and services provided

If the data subject gives the Club details about other people, such as family members, which it will use to provide services, or if it is asked by the data subject to share that information with third parties, then the data subject confirms the other peoples’ awareness of the information in this notice about how the Club will use their personal data

3. What the Club uses the data subject’s information for and the legal basis for doing so
The Club must have a legal basis for to process the personal data, which in most cases will be
one of the following:

To take actions that are necessary to provide membership services as performance of
the contract between the Club and the data subject

To allow the Club to comply with its legal obligations

To meet the legitimate interests which the Club has (eg to understand the needs of the members of the Club and to develop as well as improve the Club)
Where it has the data subject’s consent to do so

The table below contains the purposes for which the Club uses the personal data (including its legitimate interests) and, below in each case, its legal basis for doing so:

To provide, manage and personalise services to data subjects
where necessary to perform an agreement or enter into an agreement and
where the law requires and where it is in the Club’s legitimate interests

To communicate about membership and services
where necessary to perform or enter into an agreement and where the law requires

To manage complaints, undertake mediation and to resolve queries
where necessary to perform or enter into an agreement and where the law
requires and where it is in the Club’s legitimate interests

To analyse, assess and improve the Club’s services and to record any communications between the data subject and the Club
where the law requires and where it is in the Club’s legitimate interests

To apply for or obtain quotations for insurance and to assist insurers with
administration and servicing of insurance
where necessary to perform or enter into an agreement and where the law
requires and where it is in the club’s legitimate interests

To comply with regulatory and legal obligations of the Club
where the law requires and where it is in the legitimate interests of the Club

Where the Club processes personal data to meet its legitimate interests it puts in place safeguards to ensure that the data subject’s privacy is protected and to ensure that the Club’s legitimate interests do not override the data subject’s interests or fundamental rights and freedoms

4. Who the Club will share a data subject’s information with
The Club will keep the data subject’s information confidential but may share it with third parties (who also have to keep it secure and confidential) such as the following:
Payment processing service providers and others (eg banks and credit card
companies) and others that help the Club to process payments Independent third-party service providers which a data subject asks the Club to share
information with eg motor insurance brokers and DVLA. In these cases the Club will have no control over how the information is used. The data subject must agree the scope of such use directly with the third-party
The Club’s service providers and agents (including their sub-contractors) eg the organisations that print and distribute the Riley Record magazine and any other publications of the Club and organisations that may be involved in motor shows, Club rallies and other activities and services of the Club Regulators, law enforcement agencies and authorities in connection with their duties

5. International data transfer
The Club may share personal data with other organisations in other jurisdictions and will ensure they agree to apply levels of protection for personal data as the Club does.
If a data subject asks the Club to share personal data the responsibility will be devolved.

6. Retention of personal data
The Club will keep personal data for as long as it has a relationship with a data subject. Once a relationship has come to an end (eg following ceasing to be a member of the Club), it will only retain personal data for a period of time that may be helpful to the data subject or to the Club (eg during which time the data subject may have unexpired membership benefits or may re-join)
The Club will only retain information that enables it to:
Maintain business records
Comply with record retention requirements under the law
Defend or bring any existing or potential legal claims
Maintain records of anyone who does not want to receive renewal information
Deal with any future complaints regarding the services the Club has delivered
The retention period is often related to the amount of time available to bring a legal claim, which in many cases is six or seven years following a cause or transaction

The Club will retain personal data after this time if required so as to comply with the law, if there are outstanding claims or complaints, or for regulatory or technical reasons. Whilst retained, the Club will ensure that privacy is protected

7. Rights of the data subject
Rights include:
To request a copy of the personal data that the Club holds
To request the supply of an electronic copy of the personal data that the data
subject has provided to the Club
To inform the Club of a correction necessary to the personal data
To exercise the right to restrict the Club’s use of the personal data
To exercise the right to erasure of the personal data
To object to particular ways in which the Club is using the personal data
The ability to exercise these rights will depend on a number of factors and in some instances the Club will not be able to comply with the request (eg because there are legitimate grounds for not doing so or because of legal obligations of the Club).
Data subjects are requested to ask the Club to update or correct information if it changes or is inaccurate

8. How to contact the Club
Please go to www.rileymotorclub.org to contact the Club and resolve queries about this notice or request a copy of this notice.
If more information is required on the rights of a data subject or it is wished to exercise them please make a request to the Club’s Data Protection Officer, contactable by email at
dataprotection@rileymotorclub.org

The Riley Motor Club is the Data Controller for personal data held by the Club. This means it is responsible for deciding how it can use personal data it processes.
The Club is committed to working with data subjects to obtain a fair resolution of any complaint or concern about privacy. However, a data subject has the right to make a complaint to the data protection authority of the UK using its website www.ico.org.uk

9. Changes to the privacy notice
The Club may modify this notice from time to time

25th May, 2018

Comments are closed.