Effective date
01 December 2021
Sailing Club Software Ltd takes very seriously the protection of the data entrusted to it, however it must be remembered that the reason you give us your data is so that we can show it to people at your request.
This Data Protection Statement sets out Sailing Club Software Ltd.’s (“Our”/ “We”/“Us”) data protection obligations and policies.
“You” or “Your” means the organisation and/or person who registers and obtains access to Our Services.
“Our Services” is a collective designation for all services (whether provided free of charge or against payment) to which you obtain access via Our Web Sites. “Your Service” means an individual service providing, among other things, storage space and processing for electronic information, and communications
services, provided to You by Us.
Your Data
On Your request, the following data may be collected, stored, and processed by Us:
- Names and contact details for Your organisation.
- Usernames and passwords, set and used by You to access Your Service.
- Other data such as personal data in relation to members of Your organisation or participants in events run by Your organisation as is provided by You in order for Us to provide Our Services to You.
Physical Data Protection Measures
Your data is only stored electronically. All storage is on state of the art password protected servers hosted by suppliers operating in the UK with their own UK GDPR data protection compliance statements.
Your data is backed up at locations separate from the storage servers using state of the art password protected back-up services from suppliers operating with their own UK GDPR and EU GDPR data protection compliance statements.
State of the art password policies are used to protect Our administrative access to
Your data. Should a password be suspected to be compromised in any way, it is
reset using a secure method.
Passwords to access Your Service or data are not available to IT staff at hosting and backup
suppliers.
Where any of Your data is erased or otherwise disposed of for any reason (including
where copies have been made and are no longer needed), a secure deletion method
is used.
Where an employee, agent, sub-contractor, or other party working on Our behalf
requires access to any of Your data this can only be authorised by one of Our
directors.
Your data is handled with care at all times and is never left unattended or on view
to unauthorised employees, agents, sub-contractors or other parties at any
time.
Where data is being viewed on a computer which is to be left unattended for any
period of time, it is password locked either manually or by ‘time-out’
functionality.
Data Protection Legislation
It is Your responsibility to determine whether there are any implications under Your
country's data protection legislation arising from sharing data with Us and to
decide on what if any action should be taken.
Where You are operating in the UK or EU, or controlling data about UK or EU citizens,
You have obligations under the UK or EU GDPR.
Where the UK or EU GDPR applies, We acknowledge that You are the Data Controller and
We are the Data Processor (where Data Controller and Data Processor have the
meanings as defined in the UK or EU GDPR).
Where UK or EU GDPR applies, We shall not transfer any of Your data outside of the UK or
European Economic Area unless in response to a specific request from You
(normally by You downloading or viewing your data via Our Services from a
location outside UK or EEA), or where Our data backup service uses servers
outside UK or EEA in which case We shall use only data backup services
declaring compliance with the relevant requirements of UK and EU GDPR.
Other than for the purposes of server hosting and backups, when specifically
requested by You, or when required by relevant law, We shall not share your
data with any third parties.
We shall process data provided by You only as specified by Your settings and
controls described in Our Services documentation, except where We are required
to process Your data by relevant law, in which case We shall promptly notify
You unless the law prohibits us from so notifying.
Your Access to Your Data
As an integral part of Your Service:
- You may view or download your data without any need to contact Us.
- You may rectify any errors in your data without any need to contact Us.
- You may delete your data without any need to contact Us.
- You may stop Us processing your data by deleting your data at any time.
In the event that You delete any or all of Your data, We warrant that such data shall
be securely erased from Our servers and operational backups within a period of
six weeks.
People Need to Know
An organisation which subscribes to Our Services should tell its individual data
subjects that it shares information with Us for storage and processing.
It may also wish to refer them to Our Privacy Statement which
sets out our commitment to protecting people's privacy.
Where You are operating in the UK or EU, or controlling data about UK or EU citizens,
You are advised to understand Your obligations under the UK or EU GDPR.
Data Protection Options Provided in Our Services
Our Services provide options whereby administrators and users are able
to adjust the level of privacy to suit their requirements. These options
are fully described in the documentation which is available within Our Services.
Revisions
We reserve the right to change Our data protection statement at any time. If We
make changes We will indicate the statement's new effective date at the top of
this page. We encourage You to refer to this statement on an ongoing basis so
that You understand Our current data protection policy.