Menu
Log in
Forgot password
Go to Home Page

Club Business - Data Privacy Policy

   My Account
   Log Out

About this Policy

This policy explains when and why we collect personal data about you, how we use it, how we keep it secure, and your rights and obligations in relation to it.  It applies to full members, temporary members, applicants for membership, former members whose membership has ceased and guests who also attend our events.

In order to access the website and to participate in the events we organise, we ask you to provide certain information by which you can be identified.  You can be assured that it will only be used in accordance with this Data Privacy Policy.  

Royal Naval Volunteer Reserve Yacht Club (the Club) is committed to complying with the UK General Data Protection Regulation (GDPR) when dealing with your personal data.  How the GDPR applies to you is explained at ico.org.uk/your-data-matters.

We keep this Policy under regular review, and may change it from time to time, so please check this page for the latest version.  Please also refer to the Club Rules, Section 24: Data and Data Protection.

This Data Privacy Policy was last updated on 27th October 2024.

When do we collect your personal data?
Compliance with this Data Privacy Policy 

What do we collect?
Why do we collect personal data?
Who has access?
With which third parties and individuals do we share your personal data?
How do we keep your personal data secure?
What rights do you have over your personal data?
What obligations do you have over other members' personal data.
What happens to your personal data if your membership ceases?
How does this policy apply to guests?
Any questions?

When do we collect your personal data?

When you join the Club, you complete an application form.  The information you provide, together (since 2020) with any letter of recommendation from an existing member submitted in support of your application, is stored on the website and forms the basis of your member profile.   

In addition:

  • you will be asked to provide your bank and contact details to our third party subscription collection company, GoCardless;
  • if you pay for Slops items or register and pay for events online, the details entered are stored on the website and by a third party payment processing entity, Stripe; and
  • photographs and videos by which you may be identified may be taken at Club events which you attend, for subsequent Club use.

Compliance with this Data Privacy Policy

Club Rule 4(b) provides that, upon election to membership, each newly elected member shall be taken to have agreed to comply with the Rules.  By Rule 24 (b) each member undertakes to read and abide by the Club's Data Privacy Policy, in its latest version, as published on the Club's website.

What do we collect?

Personal data about you that is stored in your member profile will include, but is not limited to, the following:

  • Name, address and contact details
  • Photo, if supplied
  • Service history and current status
  • Boating experience and qualifications
  • Boat and permit details
  • Letter of recommendation by your proposer, if applicable


When you register for an event, a record of your attendance at the event is kept on the website, together with any invoice issued to you in respect of any requisite payment.

An invoice is also issued and retained on the website for any items you purchase directly from Slops.

Further financial information is collected and retained by the IT systems of the following third parties:

  • Stripe - card processing facility used to pay invoices generated on the website
  • GoCardless - Direct Debit processing facility used to collect membership fees
  • Banks - your banking details, should the Club make a payment (for example, in reimbursement of expenses)  by bank transfer direct to your bank

Photographs and video taken by you and other members of yourself and fellow members and submitted for use by the Club may be copied into our photo repository, Flickr, for retention in our archives and others may be used on the website or in newsletters.

Videos of Zoom meetings may be taken and kept in an external video repository, Vimeo, for reference and viewing subsequently including of AGMs conducted by Zoom.

Why do we collect personal data?

We require your personal data to run the Club for the benefit of our members in accordance with the Club's Objects as set out in our Club Rules. 

The following is a list of some of the purposes for which your personal data is used:

    • Management of your membership.
    • Provision of an online membership directory, for members to be able to contact each other and to gain information about another member's background and boating experience.
    • Provision of a Handbook, which includes members' contact details and other information on members' boats, their holding of Club permits and any current or past roles held within the Club.
    • To inform you of Club events and news by means of e-bulletins using your email address.
    • To send newsletters and the Handbook by post to your home address.
    • For the Committee to use for its legitimate purposes, for example, to research historic event attendances or membership demographics.
    • For Event Organisers to contact you on events and to provide your details to venues and marinas as necessary for the running of events.
    • To enable you, Event Organisers and other relevant Committee members to view your invoices and obtain information as to their payment.
    • For you to be able to produce to affiliated clubs evidence of your membership of the Club.

Who has access?

Club administrators

To enable its management of the Club's affairs, the Committee has authorised the following Officers and other post-holders to have access to all your personal data on the website in order for them to to fulfil their roles:

  • Commodore
  • Hon. Treasurer
  • Hon. Secretary
  • Membership Secretary 
  • Website Manager
  • Data Protection Officer
  • Warrant Secretary 

Any one or more of the persons listed above may download to their personal devices members' personal data for the legitimate purpose of performing their roles.  They are required to abide by the GDPR and this Data Privacy Policy.

Event Organisers
From the time when details of a specific event first appear on the website until the conclusion of the event, the relevant Event Organiser(s) is/are provided with access to the Events section of the website.  They are able to view the registration details entered by each member for the event and to examine the member's invoice and payment status. Upon conclusion of the event, their access is removed and they are required to delete any members' personal data which they have downloaded for the purpose of running the event.

Slops
The Slops Bosun's additional website access is limited to viewing invoices and the relevant payment status in respect of orders placed by members for Slops items.

Other Members
Other members are permitted to download onto their personal devices lists of registrants and details of their participation at an event in which they too are participating, in order to enhance socialisation during the event.   Once the event is over, such personal data is required to be deleted.  

Stripe
Some of the data collected by our card processing provider, Stripe, is visible to the Hon. Treasurer and the one other person authorised by the Committee to monitor Stripe payments for goods and services.  This is limited to the name of the payer, the card type (e.g. VISA), the card issuer (e.g. Barclays Bank), the expiry date and the last 4 digits of its number.

GoCardless
The Hon. Treasurer and the one other person authorised by the Committee to monitor members' GoCardless payments have access to their names and email addresses but not to the details of their bank accounts.

The Club's Banks
The Hon. Treasurer and the one other person authorised by the Committee to monitor transactions on the Club's bank accounts have access to the online banking records of members' transactions and can identify the name of any member who has paid money into one of the Club's bank accounts or to whom a payment from a Club bank account has been made.

With which third parties and individuals do we share your personal data?

The Club will never sell your personal data.

We share your personal data with third parties in order for them to provide goods or services of benefit to you.  We disclose the minimum data that is necessary to enable the third party to fulfil the requirements.  We have no control over the Privacy Policies of our partner service providers.

Wild Apricot Inc
Wild Apricot has provided the software for the Club to create and maintain our website and to run our membership and event management systems.  Wild Apricot staff have access to all of your personal and financial data but they act in a passive manner and should only access your personal data when authorised to do so by a Club administrator in response to a specific request for support.  

GoCardless
GoCardless is used by the Club to collect membership fees by Direct Debit.  We share with them your email address.  The bank details that you entered if you registered to pay by Direct Debit are held by GoCardless and no-one at the Club has access to them.

The Banks
If it is necessary to send money to your bank by electronic transfer, the Hon. Treasurer will need your bank account details.  These are stored in the bank's electronic records to identify you as a Payee, to which information the Hon. Treasurer and the one other person authorised by the Committee to monitor transactions on the Club's bank accounts has access.

Printers
We send a list of names and postal addresses to the printers for the newsletter and handbook.  We request that the mailing list used to dispatch printed matter to our members is deleted once the task is completed.

Venues and Marinas
Restaurants, including affiliated clubs' facilities, often require a list of those attending the function, in order to provide customised service and to prepare name cards and seating plans.  Marinas ask for lists of boats booked for a rally together with the name of the skippers and sometimes other personal information like mobile numbers.

Affiliated Yacht Clubs
We may share names and contact details of Club event organisers with representatives of affiliated clubs for them to include when publicising our events to their members.

Flickr

This cloud-based company provides storage facilities for our photos and organises our photo archives.  The photos can be accessed by the public.  Descriptions of the photographs never contain a name of an individual but may contain a short identifier for the event, for example, "2019 Annual Dinner".

Vimeo
Vimeo is a cloud-based video sharing platform which we use for historic Zoom recordings of some meetings and vTots.  Where the Zoom attendees have displayed their names when participating in a session, this will be visible on the recording.  The platform is accessible to the public.

RYA
The Club shares anonymised data with the RYA as part of their requirements for us to maintain our status as an affiliated club. 

Fasthosts
Fasthosts provide us with domain management and email forwarding services.  Personal email addresses are listed on their site in order to provide forwarding of generic club email addresses ending @rnvryc.org.

How do we keep your personal data secure?

Website
The Club uses adequate and generally accepted standards of technology to protect your personal data on the website by limiting access to the website to members by their use of individual passwords.  The passwords used by members having access to the data for administrative purposes are required to be very strong.

Financial systems
All our financial systems, including those run by Stripe, GoCardless and the Club's banks, use strong, multi-factor authorisation to gain access.  

Members
Members who store other members' personal data on their own electronic devices are requested to have secure passwords to prevent unauthorised access.  They are also required to delete any data that is no longer needed to fulfil the requirement for which they originally obtained it.   

What rights do you have over your own personal data?

Under the GDPR you have the following rights:

  • to access your personal data; 
  • to be provided with information about how your personal data is processed;
  • to have your personal data corrected;
  • at any time to withdraw your consent to our processing your personal data or otherwise to object to or restrict how your personal data is processed or to have your personal data erased (in certain circumstances).  However, your withdrawal of such consent in its entirety and without qualification will result in your membership of the Club ceasing by virtue of your resultant non-compliance with Rule 24 (a);
  • at any time to withdraw your consent, whether in part or in whole, for the relevant details to appear in the Membership Directory (effective immediately) and/or the next Club Handbook;
  • to have your personal data transferred to yourself or to a business in certain circumstances; 
  • to change within your member profile what information is visible to other members in the online Membership Directory (but some Club administrators and staff at Wild Apricot will still be able to see all personal data held within the Directory whether or not you have withdrawn consent for it to be visible to other members); and
  • to take any complaints about how the Club processes your personal data to the Information Commissioner: ico.org.uk/concerns

In all cases, please contact the DPO or the Membership Secretary for help.

What obligations do you have over other members' personal data?

You have the following obligations under the Club Rules and this Data Privacy Policy:

  • To ensure that your personal data held by the Club remains current, complete and accurate at all times.
  • To read and abide by the Club’s Data Privacy Policy in this version.
  • Unless expressly permitted by the Committee or in order to undertake an administrative role (for example as an Event Organiser), not to use personal data about a member in whole or in part for disclosure to a person other than another member or to use lists of members for personal purposes not related to the Club.
  • Not to use our membership data for personal gain or for commercial or marketing purposes.


Access to other members' personal data is obtained by logging in to the website.  You are therefore requested to maintain a very strong password and not share it with anyone.

If you are acting on behalf of the Club in a role that requires you to obtain members' data,  you should delete the data when you no longer act in this capacity.  The relevant data will be retained on the website in accordance with this Data Privacy Policy.

What happens to your personal data if your membership ceases?

If your membership ceases your personal data will be archived at the beginning of the next following new Club year. Your archived data will be retained indefinitely for the Club to maintain its historical records, for data analysis purposes and in case any legal claims should arise. Your name (but not the name of any of your guests) will remain in registrant lists for any event you attended which can be viewed from our website Library but all your other personal archived data, including the name and details of any personal guests you invited to an event will only be accessible by Club website administrators authorised by the Committee. Your details will disappear from our online Directories.

Under the GDPR, you have the right to demand that all your personal data is deleted from our database including the archives. Should you make such a demand while you are a paid-up member, you will be deemed to have resigned your membership. Such deletion will result in the removal of all records of your attendance at Club events and the records of your completed financial transactions with the Club will be erased. Our financial systems will solely retain the invoice numbers and amounts but there will no longer be any way to link back to the original paid invoices which show your name and other details.

Photographs of you either on your own or within groups of other members held on Flickr will not be deleted.  These relate to club events going back to 2010 and form part of our archives.  This policy will also apply to other historic photos.   

If you appear in a video which is stored and shared on Vimeo the video will not be deleted as it forms part of the Club's archives.

No member is permitted to keep on their own devices any personal data of other Club members (unless they are personal friends) beyond the time when the data is necessary in fulfilment of their role or task undertaken on behalf of the Club.  

How does this policy apply to guests?

All non-member registrants may be sent the contact details of all event attendees if included in the information provided by the Organiser before and during the event.  The non-member registrant’s own contact details will be included in this circulated information, if provided.  In addition, they may be invited to join a WhatsApp group set up for the duration of the event.

All non-member registrants are covered by the Club’s Combined Liability insurance policy.  Their records will be retained securely on the Club database for at least as long as is necessary to allow the Club to fulfil its obligations to the tax authorities and for our archives.

At the conclusion of the event, all non-member registrants are required to delete any contact details they may have been sent during the event from their devices as after the event the data resumes its usual confidential status.

Any questions?

For any questions on this Data Privacy Policy, please get in touch with our Data Protection Officer at dpo@rnvryc.org.
If you need help updating the data in your Profile, get in touch with our Membership Secretary at membership@rnvryc.org.

Information on the GDPR can be found at ico.gov.uk.

Powered by Wild Apricot Membership Software