GODALMING NAVAL CLUB
01483 415168

About this policy
This policy explains when and why we Godalming Naval Club collect personal information about our members and how we use it; keep it secure and club member’s rights in relation to it. This includes members, visitors and guests. We will collect, use and store personal data, as described in this Data Protection Policy when people engage in activities at the club. Normally this will be through membership.
We reserve the right to amend this Data Protection Policy from time to time without prior notice. You are advised to check our Club notice board regularly for any amendments. We will only share your personal data with any third parties as outlined below.
We will always comply with the General Data Protection Regulation (GDPR) when dealing with your personal data. Further details on the GDPR can be found at the website for the Information Commissioner (www.ico.gov.uk).
Responsible person
For the purposes of the GDPR, The Club Secretary will be the “controller” of all personal data we hold about club members and others. The Secretary is responsible for making sure the club complies with the General Data Protection Regulation (GDPR) which applies from 25 May 2018. We will review personal data every year to establish whether we are still entitled to process it or not.
Member’s rights
You have rights under the GDPR:
· To access your personal data
· To be provided with information about how your personal data is processed
· To have your personal data corrected
· To have your personal data erased in certain circumstances
· To object to or restrict how your personal data is processed in certain circumstances
For more details, please address any questions, comments and requests regarding our data processing practices to the Secretary.
Specific use and sharing of personal information
Your personal data (name, address, date of birth) will be used when you join the club and for any appropriate notifications as required by law. In general, your personal data will only be used for the purposes of membership management (renewals etc.) and your email and telephone numbers may be used for communication about news about the club. Your personal data will not be passed to anyone else outside the club and your email will only be given to someone outside the club with your permission.
The Lawful reasons for processing your data.
We have three lawful reasons for processing your data, which are:
(a) Processing is necessary for compliance with our legitimate interest – operating and running a private members’ club
(b) Processing of your data is necessary for the administration of your membership.
(c) You have given consent to the processing of your data by signing our privacy statement for the specific purposes set out in this policy.
The tables below give further explanation of which legitimate interest applies to which data, why we collect it and who we may be required to share it with.
What Information we collect, why we collect it, and who we share it with
In addition to the reasons stated below we may have to disclose your data where we have an inescapable legal obligation.
Data processed under our legitimate interest
Requirements of Friendly Societies Act 1974
The club is a private members’ Club. This means that the club will maintain a register of all members to include name, address, date of birth and any contact details.
TYPE OF INFORMATION ………………………………………………………….. PURPOSE ……………………………………………... SHARED WITH
Members, guests and visitors address ……………………………………….. To meet our legitimate interest …………………. Committee
Date of birth
Contact details (telephone/email)
Members names only ……………………………………………………………. To meet our legitimate interest ………………….. Bar Staff

Data processed as a requirement of managing your membership
TYPE OF INFORMATION …………………………………………………………. PURPOSE ……………………………………………….. SHARED WITH
Members, guests and visitors, address, …………………………………….. Managing membership of the Club ……………... Committee
telephone numbers, e-mail address
Date of birth ………………………………………………………………………. Managing membership categories which are age related.

Data processed with your consent
The club will seek consent in the application form before processing any information as outlined below.
TYPE OF INFORMATION .......…………………………………………………... PURPOSE .…………………………………………….. SHARED WITH
Member's, guests and visitors address, ……………………………………..Managing membership of the Club …………….. No information is to be shared
telephone numbers, e-mail address
Date of birth / age related information.......................................…..Managing membership categories which are age related.
Member's name, address, telephone numbers, e-mail address,...…...Members consent will be requested when applying for membership/renewal
Website access/newsletter distribution

Enquiries and other communications with the club
When enquiring about the club we may hold your details for a period of time to deal with the enquiry. Any emails and other communications with the club will only be retained for a period of time appropriate to the content or request. Club emails will be purged on a regular basis.
How we protect your personal data
The Data Controller will process membership information electronically and hold all information on a database on a secure computer/laptop. A backup of this information will be held on a data storage stick. Paper copies of data will be held by the bar staff and secured at night in safe storage.
In the unlikely event of a breach of the security of data we will notify members promptly and we will never sell or pass on your personal data.
Request to see your personal information
If you wish to know what personal data the club holds please email the Secretary (gnc.godalming@mail.com) and he/she will respond within 14 days of the request (depending on availability).
Accuracy and retention of data
Each individual member is responsible for keeping the Secretary informed of changes to their data (e.g. address/telephone number etc. and this is updated at least once a year at renewal and you are at that time authorising the club to hold such data on file.
The data are kept on file at the Secretary’s home address. The data will normally be kept for up to 3 years.
CCTV Images
CCTV is used to record activities on club premises in the interests of safety and crime prevention. All images are stored onsite in a code protected hard drive. The images/data are stored for 61 days and then these are over written.
For these reasons the information processed may include visual images, personal appearance and behaviours. This information may be about club members, customers and offenders and suspected offenders, members of the public and those inside, entering or in the immediate vicinity of the area under surveillance. Where necessary or required this information is shared with the data subjects themselves, employees and agents, service providers, police forces, security organisations and persons making an enquiry.
Any complaints which rely on this about theft/bullying/abuse etc. must therefore be made within 61 days of the incident otherwise the images will have been overwritten.