Top facebook2xnew Top twitter2xnew Top youtube2xnew Top instagram2xnew Top tiktok2xnew Top email2xnew Email us Top subscribe2xnew Subscribe Top search2xnew Join Basket Login
Home > About Us > Data Privacy Policy
☰ More
Home > About Us > Data Privacy Policy

Data Privacy Policy

1. About this Policy

1.1. This policy explains when and why we collect personal information about our members, contacts and instructors, how we use it and how we keep it secure and your rights in relation to it.

1.2. We may collect, use and store your personal data, as described in this Data Privacy Policy and as described when we collect data from you.

1.3. We reserve the right to amend this Data Privacy Policy from time to time without prior notice. You are advised to check our website www.sailingbarntgreen.com or our Club noticeboard regularly for any amendments (but amendments will not be made retrospectively).

1.4. We will always comply with the UK General Data Protection Regulation (UK GDPR) when dealing with your personal data. Further details on the GDPR can be found at the website for the Information Commissioner ( www.ico.gov.uk). For the purposes of the UK General Data Protection Regulation (UK GDPR), we will be the "controller" of all personal data we hold about you.

1.5. This policy was last updated in 24th March 2026.

2. Who we are

2.1. We are Barnt Green Sailing Club (BGSC). We can be contacted at:

The Club House
Upper Bittell Reservoir
Cofton Church Lane
Cofton Hackett
Worcestershire
B45 8BH
United Kingdom

Phone: 07565 356895
Email: secretary@bgsc.club

The data controller is Barnt Green Sailing Club.

3. Data protection principles

3.1. Barnt Green Sailing Club undertakes that personal information will be:

  • - processed lawfully, fairly and in a transparent manner in relation to individuals;
  • - collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;
  • adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
  • accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
  • - kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals; and
  • - processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures

4. Why we need personal information

4.1. The reason we need your personal information is to be able to administer your membership, and provide the membership services you are signing up to when you register with the club.

4.2. Our lawful basis for processing your personal information is that we have a contractual obligation to you as a member to provide the services you are registering for.

4.3. Reasons we need to process your personal information include:

  • - for membership and club management
  • - processing of membership forms and payments;
  • - sharing data with committee members, to provide information about club activities, membership renewals or invitation to social events;
  • - club mailings and newsletters promoting club activity; and
  • - publishing of race and competition results
  • - for training and competition entry
  • - sharing personal data with club instructors or volunteers to administer training sessions;

5. Information you may give us

5.1. You may give us information about yourself or other people by filling in forms on the BGSC website ( www.sailingbarntgreen.com), completing paper forms or by corresponding with us by telephone, e-mail or otherwise.

5.2. This includes information you may provide when you do any of the following things:

  • - become a member of BGSC, renew your membership or amend or update your membership details;
  • - subscribe to newsletters and website updates;
  • - purchase any of our merchandise, goods or services;
  • - register as a volunteer or instructor;
  • - register for training or coaching programmes;
  • - join any BGSC committee or sub-committee;
  • - enter or sign up for any sporting event, social event, or race ;
  • -register to use the BGSC website;
  • - search our website for information, guidance, a product or service;
  • - participate on club associated social media pages or groups;
  • - report a problem with the BGSC website;
  • - make an enquiry through the BGSC website function
  • - participate or enter a competition, promotion or survey run by BGSC

5.3 We may collect personal information from non-members (e.g. people who register on or make an enquiry through the club website, participate at an open meeting or training event) or from visitors to the club. We will review personal information collected from non-members annually and securely destroy information we no longer need.

5.4. Our lawful basis for processing data is consent. Therefore, we will need explicit consent from non-members to process this data, which we will ask for at the point of collecting it.

5.5. The club has the following social media accounts: Facebook, WhatsApp, Twitter. All members are free to join these pages or services. If you join one of the Social Media pages, please note that providers of the social media platform(s) have their own privacy policies and that the club does not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data on the club social media pages.

6. The type of information we collect and its purpose

Type of InformationPurposesLegal Basis of Processing
User Digital Identifiers (IP addresses, login timestamps, browser type, and device info)To maintain website security, prevent unauthorised access (hacking), and troubleshoot technical issues with the members' portal.Legitimate Interests: To ensure the security and integrity of our digital platforms and protect member data.
Online Activity & Audit Logs (Record updates, event registrations, and payment confirmations)To provide an audit trail of changes to membership records and ensure accurate billing, booking, and duty rostering.Contractual Necessity: To manage your membership and fulfill the services you have signed up for.
Current Club Members
Member's name, address, telephone numbers, email address(es)Managing the Member's membership of the Club. Managing the duty roster.Performing the Club's contract with the member. For the purposes of our legitimate interests in operating the Club.
Managing the Member's membership of the Club. Managing the duty roster.Performing the Club's contract with the member. For the purposes of our legitimate interests in operating the Club.
Managing the Member's and their dependents' membership of the Club.Performing the Club's contract with the member.
Emergency contact detailsContacting next of kin in the event of emergency.Protecting the Member's vital interests and those of their dependents.
Date of birth / age related informationManaging membership categories which are age related.Performing the Club's contract with the member.
GenderProvision of adequate facilities for members. Reporting anonymised information to RYA.For the purposes of our legitimate interests in providing sufficient and suitable facilities. For the legitimate interests of the RYA to maintain diversity data.
Member's name, boat name and sail numberManaging race entries and results. Sharing results with other clubs/RYA. Allocating spaces in the dinghy park.For the purposes of our legitimate interests in holding races and promoting/operating the Club.
Photos and videos of members and their boatsPutting on the Club's website and social media pages and using press releases.Consent. (Sought at application/renewal; can be withdrawn at any time).
Member's relevant qualifications and/or experience (e.g. safety boat, first aid)Managing the Member's membership of the Club. Managing the duty roster.Performing the Club's contract with the member. For the purposes of our legitimate interests in operating the Club.
Member's name, phone number and email addressCreating and managing the Club's online Membership Directory.Consent. (Sought at application/renewal; can be withdrawn via the website portal or by email).
Member's name and email addressPassing to the RYA for member surveys for the benefit of the Club and the RYA.For the purposes of our legitimate interests in operating the Club and the interests of the RYA as a national body.
Member's name, telephone number, email address(Full Members only) Passing to Barnt Green Waters Ltd.For the purposes of our legitimate interests in operating the Club and/or the interests of Barnt Green Waters Ltd.
Former Club Members
Name, address, telephone numbers, email address(es)Managing the former member's contract. Enabling renewal at a future time. Establishing ownership of craft left at the Club.For the purposes of our legitimate interests in operating the Club and contacting owners of abandoned equipment.
Prospective Club Members
Name, address, telephone numbers, email address(es), dependents' names/ages, boat details, and qualifications.Managing the application for club membership and allocating facilities.For the purposes of our legitimate interests in operating the Club and processing applications.
Sailing Instructors
Name, address, email, phone, and relevant qualifications/experience.Managing instruction at the Club and providing contact details to members.For the purposes of our legitimate interests in providing training and ensuring instructor competence.
Training Course Participants
Name, address, email, phone, sailing experience. (Parent/guardian details if under 18).Managing course participation and contacting parents/guardians.Consent (via application form). Protecting the participant's vital interests.
Visitors to the Club
Name of visitor and the name of the associated club member.Ensure compliance with Club Rules, insurance requirements, and licensing conditions.For the purposes of our legitimate interests in operating the Club.
Participants in Open Meetings and Regattas
Name, address, email, phone, associated club, boat details. (Parent/guardian details if under 18).Requirement of club insurance and managing race entries.Consent (via entry form). For the purposes of our legitimate interests in holding races. Protecting vital interests.
Services and event tickets booked through the club's website
Applicant's name, address, telephone, email, and number of tickets.Managing the applicant's booking and associated attendees.For the purposes of our legitimate interests in operating Club events.

6.1. We may receive information about you from others on your behalf or at your request, for example if:

  • - any person makes a booking on your behalf;
  • - you are a minor and your parent or legal guardian provides us with information about you on your behalf

7. How we protect your personal data

7.1. Barnt Green Sailing Club (BGSC) takes the security of your data seriously. We have implemented modern technical and organisational measures to protect your personal information from loss, misuse, unauthorised access, or disclosure.

7.2. Digital Storage and Cloud Security Most of our data is now recorded and stored digitally.

  • Centralised Management: Primary membership data is held within our secure, dedicated membership management software (Sailing Club Manager).
  • Encryption: Data transmitted between your browser and our servers is protected using Industry Standard SSL/TLS encryption (HTTPS).
  • Access Control: Access to our digital databases is strictly limited to authorised Committee members (e.g., Membership Secretary, Treasurer) whose roles require such access. All administrative accounts are protected by strong passwords and, where available, Multi-Factor Authentication (MFA).

7.3. Local and Manual Data While we aim for a paperless environment, any physical forms or temporary local digital exports (such as duty rosters or training lists) are:

  • Stored in locked filing cabinets if in paper form.
  • Held on password-protected, encrypted devices if stored locally on a Committee member's hardware.
  • Securely deleted or shredded as soon as the specific task (e.g., a specific training course or race event) is completed.

7.4. International Transfers Your data is stored on secure servers located within the United Kingdom or the European Economic Area (EEA). We will not transfer your personal data outside of these jurisdictions without ensuring equivalent protections are in place or obtaining your explicit consent.

7.5. Your Role in Security Where we have provided you with a login for the BGSC members' portal, you are responsible for keeping your password confidential. We recommend using a unique password and never sharing your login credentials with others.

7.6. Data Breach Protocol In the unlikely event of a data breach that is likely to result in a high risk to your rights and freedoms, we will notify you and the Information Commissioners Office (ICO) without undue delay, and within 72 hours of becoming aware of the breach where required by law.

8. Who else has access to the information you provide us?

8.1. We will never sell your personal data. We will not share your personal data with any third parties without your prior consent (which you are free to withhold) except where required to do so by law or as set out in the table above.

8.2. We may pass your personal data to third parties who are service providers, agents and subcontractors to us for the purposes of completing tasks and providing services to you on our behalf (e.g. to provide membership management services, to print newsletters and send you mailings).

8.3. However, we disclose only the personal data that is necessary for the third party to deliver the service and we have a contract in place that requires them to keep your information secure and not to use it for their own purposes.

8.4. Barnt Green Sailing Club has a contractual relationship with Sailing Club Manager Ltd to process data on the club's behalf. Sailing Club Manager Ltd is based in Cowes, UK and their databases are located in UK datacentres. You can read about Sailing Club Manager's GDPR policies through their website. https://www.sailingclubmanager.com/terms/gdpr

8.5. The transmission of information over the internet is not completely secure. We will do our best to protect your personal information, we cannot, however, guarantee the security of your data transmitted to us and consequently any transmission to us is at your own risk. Once we have received your information, we will use appropriate security features to try to prevent unauthorised access.

8.6. The BGSC website is SSL certified and uses HTTPS - SSL (Secure Sockets Layer) is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and integral.

8.7 Financial transactions and third-party payments:

  • Payment Processing: We use third-party payment providers such as Stripe to process payments for memberships, training, and events.
  • Data Minimisation: Barnt Green Sailing Club does not store or "see" your full credit card or debit card details. All payment information is provided directly to our third-party processors, whose use of your personal information is governed by their own Privacy Policy.
  • Compliance: These processors adhere to the standards set by PCI-DSS (Payment Card Industry Data Security Standard) to ensure the secure handling of payment information.

9. How long do we keep your information?

9.1. We will hold your personal data on our systems for as long as you are a member of the Club and for as long afterwards as is necessary to comply with our legal obligations or for the purposes of our legitimate interests in operating the Club

9.2. We will review your personal information every year to establish whether we are still entitled to process it.

9.3. If we decide that we are not entitled to do so, we will stop processing your personal data except that we will retain your personal data in an archived form in order to be able to comply with future legal obligations e.g. compliance with tax requirements and exemptions, and the establishment exercise or defence of legal claims.

9.4. We securely destroy all financial information once we have used it and no longer need it.

10. Your responsibilities

10.1. Where we have given you (or where you have chosen) a password which enables you to access certain parts of the BGSC website, you are responsible for keeping this password confidential. We ask you not to share passwords with anyone.

10.2. It is your responsibility to ensure that the information that we hold about you is accurate and up-to-date. You can view and amend your personal information by logging in to the BGSC members only portal. This includes the level of information shared with other members in the Members Directory.

11. Your rights

11.1. You have rights under the GDPR:

(a) to access your personal data

(b) to be provided with information about how your personal data is processed

(c) to have your personal data corrected

(d) to have your personal data erased in certain circumstances

(e) to object to or restrict how your personal data is processed

(f) to have your personal data transferred to yourself or to another business in certain circumstances.

11.2. As a data subject you may have the right at any time to request access to, rectification or erasure of your personal data; to restrict or object to certain kinds of processing of your personal data, including direct marketing; to the portability of your personal data and to complain to the UK's data protection supervisory authority, the Information Commissioner's Office about the processing of your personal data.

11.3. You are entitled to have access to the information we hold about you. Access request must be made by e-mail to the BGSC Honorary Secretary (secretary@bgsc.uk). We will respond within a reasonable period but not more than one month.

11.4. As a data subject you are not obliged to share your personal data with the Club. However, if you choose not to share your personal data with us we may not be able to register or administer your membership.

11.5. You have the right to take any complaints about how we process your personal data to the Information Commissioner:

https://ico.org.uk/concerns/

Telephone : 0303 123 1113.

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

For more details, please address any questions, comments and requests regarding our data processing practices to our Club Secretary email: secretary@bgsc.club

Downloads

Last updated 20:39 on 24 March 2026

© 2026 Barnt Green Sailing Club powered by Sailing Club Manager