This policy applies to the work of the LAND ROVER REGISTER 1948-1953 (‘The Register’).
This policy details how personal data will be stored and managed in line with Data Protection principles and the General Data Protection Regulation (GDPR) 2018. The policy is reviewed on an ongoing basis by the Register Committee to ensure that the Register is compliant under the regulations.
The Register has determined that the lawful basis for holding and processing data on personal members is Legitimate Interest for the purpose of administrating the Register.
The Register Committee is the Data Controller with the contact being the Secretary. Full details are available via the current Register Newsletter (‘Full Grille’) or in ‘Who to contact’ below.
The Register Committee will seek to ensure that personal member information is not used inappropriately and to this end will appoint a Data Protection Officer. This will be the Secretary.
We use your personal data to manage and administer your membership. This includes the collection of payments and verifying your identity when you contact us to discuss your membership. We undertake at all times to protect your personal data, including any financial interactions, in a manner which is consistent with the requirements of Data Protection and all associated legislation. We will also take all reasonable security measures to protect your personal data in storage.
The key component of your membership and the services we offer is the delivery, by post, of the Register Newsletter (‘Full Grille’). Holding your name and address is therefore essential. Your personal details will be used to communicate with you for the purposes of managing your membership (e.g. renewal notification).
All members of the Register, whether resident in the United Kingdom, European Economic Area or the Rest of the World will have their personal data managed and administered in the same way in accordance with this policy and in line with UK Data Protection legislation.
Members will be asked to provide us with personal data either on your application form, renewal form, via an online application or renewal, by email communication or over the telephone (we do not record telephone conversations). We may also keep information contained in any correspondence you may have with us by post. This includes:
· Name
· Address
· Email address
· Mobile and/or landline telephone number
· Vehicle details including registration number and vehicle serial number (sometimes known as the chassis number)
This information will be maintained within the ‘Crossmember’ membership database and will be used in order to manage and administer your membership whilst you remain a member of the Register. Please also see the ‘Period of Data Retention’ section. Any information that you choose to give us will NOT be used for marketing purposes by us. We will hold your personal data only for the purposes of administering and managing your membership.
The Register Committee is responsible for ensuring that the Register remains compliant with data protection requirements and shall ensure that new members joining the Register Committee receive an induction into how data protection is managed within the Register. The Register Committee will review what data is held, data protection and who has access to information on a regular basis. This is detailed within the Register Access Control Policy.
Accuracy of Information
ln order to provide the highest level of membership support, we need to keep accurate personal data about you. Please help us with this by keeping us informed of any changes when they occur.
Sharing of Personal Data Internally
From time to time we may share your personal information within the Register with:
· Treasurer – for the purposes of accounting and financial regulation.
· Secretary – for the purposes of maintaining and collating records of vehicles and their production history.
· Membership Secretary – for the purposes of managing your membership.
· IT Officer – for the purposes of administering the website and dealing with any interface issues that may arise between the Register and the operator of the ‘Crossmember’ membership database.
Sharing of Personal Data Externally
We will only share your personal details outside the Register in order for you to be able to receive the benefits of Register membership. These are detailed below: · Mailing and printing agents – The Lavenham Press Ltd – that provide a service to us in order to deliver the Register Newsletter (‘Full Grille’), making use of their secure data portal and on the understanding that they keep the information in line with their own Privacy Policy. · Register Membership database and software providers –Wire Wheels Webbers Ltd – who provide The Lavenham Press Ltd with their secure online database and membership software ‘Crossmember‘.
The Register has Data Processing Agreements in place with both The Lavenham Press Ltd and Wire Wheels Webbers Ltd.
The Register is a member of the Federation of British Historic Vehicle Clubs (FBHVC), but no individual information is passed to the FBHVC unless an individual has a role in supporting the activities of the FBHVC and there is individual agreement in place.
The Register is also a member of the Association of Land Rover Clubs Ltd (ALRC) and each Register member is an individual member of the ALRC.
The ALRC must gather individual address data for membership purposes under the Companies Act 2006.
The Register has an agreement with the ALRC that your personal data will not be transferred to any other person or organisation and will be deleted from the records in line with the Companies Act 2006.
Period of Data Retention
In line with UK company law, we keep your information for a minimum of 7 years from the time your membership expires. This is also retained to assist should you wish to re-join the Register after a period of your membership being lapsed. A continuous review of the personal information held will be undertaken and information which is no longer required for the above reasons will be disposed of securely.
Subject Access Requests
You have the right to ask for all the information we have about you, the services you receive from us. When we receive a request from you, we must give you access to everything we’ve recorded about you, formal response shall include the following:
· Details of the personal data we hold about you
· Sources from which we acquired the information
· The purposes for processing the information, and
· Persons or entities with whom we are sharing the information.
Correction of Inaccurate Information
You have the right to obtain from us, without undue delay, the rectification of inaccurate personal data we hold about you.
Delete of Personal Information
In some circumstances you can ask for your personal information to be deleted, for example:
· Where your personal information is no longer needed for the reason why it was collected in the first place.
· Where you have removed your consent for us to use your information.
· Where there is no legal reason for the use of your information.
· Where deleting the information is a legal requirement.
Please note that we can’t delete your information where:
· We are required to have it by law.
· It is for scientific or historical research, or statistical purposes where it would make information unusable.
· It is necessary for legal claims.
Where Data Has Been Shared
We shall communicate any rectification or erasure of personal data or restriction of processing as described above to each recipient to whom the personal data has been disclosed.
Right To Data Portability
You have the right to receive your personal data, which you have provided to us, in a structured, commonly used, and machine-readable format and have the right to transmit this data to another controller, without hindrance from us.
Right To Object
You shall have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you, including any personal profiling; unless this relates to processing that is necessary for the performance of a task carried out in the public interest or an exercise of official authority vested in us. We shall no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing, which override the interests, rights and freedoms of you, the data subject, or for the establishment, exercise, or defence of legal claims.
Automated Data Processing
We do not carry out any automated processing, which may lead to an automated decision based on your personal data.
Who to Contact
If you would like to contact the Register about any of the above, please contact the Secretary by post at ‘Highmoor’, 17 Abbey Road, Sheringham, Norfolk NR26 8NN. The Secretary is the Data Protection Officer for the Register.