Terms & Conditions
Use of Personal Data and GDPR
We as a club we adhere to The EU General Data Protection Regulation (GDPR), effective 25 May 2018. We take your privacy issues and use of personal data very seriously. Details of how we use your data is listed below.
GDPR replaces the Data Protection Directive 95/46/EC and was designed to harmonize data privacy laws across Europe. This includes replacing the Data Protection Act 1998 in the UK (regardless of the situation of the UK leaving the European Union). We as a company will have to continue to abide by the rules of the GDPR as we deal with members in the European Union.
One of the main changes brought into effect by the introduction of the GDRP is that now you, as a customer, will have to opt for us to use your details for marketing purposes. Previously, websites were able to have a pre-ticked box on their website to add you into mailing lists. This is no longer the case. Now if you would like to hear from us, you will need to explicitly authorize us to do so.
Upon Joining the CTCRC, we will require the following information from you:
- Phone number
- Email address
- Competition License No
- Car details
- Engine Builder
- Engine Builder Number
This information is used to complete your membership application / Race Entry and to ship to your delivery address. We ask for your email address and phone number to be able to contact you in an emergency or to update you of club activity via email and SMS, as well as to inform you if there are any issues.
Unless you have explicitly given us permission, we will not be using your personal details for any other purpose
How We Use Your Data
As a club, we will need to hold some of your data as well as share some with other companies. This is done to allow us to function as a Club. A list of the companies that will be able to see your personal data are listed below:
- Word Press (Website)
- Google Analytics (Analytical data, number of page views etc.)
- PayPal (Payment)
- Royal Mail (Courier)
- BARC (Race administrators)
- Uncle Luke’s (Stickers)
- Mail chimp (Bulk emailing system. Only used if you have chosen to receive promotional material from us).
All of these companies in turn will also be regulated and adhere to the GDPR rules. Only relevant information is shared with these companies (e.g. all payments made through our website will be processed through Pay Pal). This company will have access to your card details in order to process your payment, but will not have access to other irrelevant data, such as occupation).
As a club run on ecommerce we take the protection of all of your personal data very seriously and have several protocols in place to protect it from accidental and malicious leaking.
In the unlikely event that there is a breach of these protocols and we suspect that your personal data may have been compromised, we will inform you as soon as feasibly possible in order to allow you to take any necessary precautions.
This notification will include the following:
- The nature of the personal data breach
- Recommendations for you to mitigate potential adverse effects.
Under the new GDPR rules, we are now obligated to inform the Information Commissioners Office (ICO) of any data breaches with 72 hours of us becoming aware of it (wherever feasible). This is a new piece of legislation that was not previously required under the Data Protection Act (1998).
Right to Be Forgotten
Also included in the GDPR you as a customer has a “Right to be forgotten”. This means that you will be able to make a request to us for your personal data to be erased.
Protection of Personal Data
We have taken every possible precaution to create a secure environment to protect the personal information supplied by you to us when joining the club or entering a race meeting. . In order to comply with the GDPR and for maximum peace of mind we can advise that we have implemented strict security procedures in relation to the storage and disclosure of information, which you have given to us for the purpose of preventing unauthorized access. For security reasons and to protect your right to privacy we may occasionally request proof of identity from you before disclosing any sensitive information to you.
We do not store your financial details (Credit or debit card numbers).
Cookies are small pieces of information that websites transfer to your computer hard drive and we use to enable our website to provide features such as automatic login, personalized greetings and storage of items in your Shopping Basket. Cookies can be turned off in your browser or you can be notified when you receive a cookie so you choose whether to accept it. The Help menu of your browser should contain information on how to do this. However, changing these settings may mean that you will not be able to take advantage of some of the advanced features on the site. If you do wish to remove cookies after a visit to the site, perhaps because you are using a shared computer, you can clear the cookies by clicking on the sign out link.
Disclosure of Information to Third Parties
We do not sell trade or rent your personal information (data) to others. We may provide statistics or analytical records about our customers, sales, and traffic patterns to reputable third party vendors such as sponsors but this information will not include any personally identifying information on you.
We employ third parties and individuals to perform certain functions on our behalf. Examples of these might be a courier delivering your goods to you, analysis of data, provision of marketing assistance, processing paypal payments. Please rest assured that those companies and individuals who have access to any such personal information are not permitted to use this information for any other purposes and they are required to process any such data in accordance with the GDPR.
Transfer of Data
Access to Information
You may obtain details of the personal information we hold on you by e-mail firstname.lastname@example.org. Our Data Protection Officer will revert to you within 28 working days