Harrogate Advanced Bikes – Data Protection Policy
1. Introduction
Harrogate Advanced Bikes (the “Group”) is committed to ensuring the privacy and security of personal data. This policy outlines how the Group handles personal data in compliance with the General Data Protection Regulation (GDPR).
2. Reliance on IAM RoadSmart Database (DARTS Portal)
The Group relies entirely on the Institute of Advanced Motorists (IAM RoadSmart) for the management and maintenance of member personal data and training records. This data is held within the IAM’s secure DARTS Portal, which the Group accesses for the purposes of:
- Member look-up to verify membership status.
- Accessing training records relevant to the Group’s activities.
The Group does not directly collect, store, manage, or maintain this personal data. Any updates, corrections, or deletions of member personal data held within the DARTS Portal are managed by IAM RoadSmart directly upon specific requests made to their support channels.
3. Website Communications (WordPress Subscription Plugin)
The Group operates a website for member communications. This website utilises a GDPR-compliant WordPress subscription plugin. Personal data processed through this plugin is limited to:
- Email addresses of members who have actively opted in to receive email communications from the Group.
Members have full control over their subscription and can:
- Opt-in to receive email posts.
- Unsubscribe or opt-out of receiving email posts at any time through clear and accessible mechanisms provided by the plugin.
The Group does not use this plugin to collect or store any other personal data.
4. Facebook Communications
The Group uses a Facebook group for member communications. Members voluntarily follow the Group and can unfollow at their discretion. The Group does not directly control the personal data processed by Facebook. Members are subject to Facebook’s own privacy policies.
5. Email Communications
When communicating with members via email:
- The Group primarily responds to emails initiated by individual members.
- In order to facilitate training and observation activities, a member’s email address may be shared with an Associate Observer. No other personal data (such as addresses, dates of birth, etc.) is shared in this process.
- The Group does not proactively send unsolicited marketing emails to members outside of the website subscription list.
6. Membership Subscriptions
The Group facilitates the payment of membership subscriptions by providing its bank account details to members. Members initiate payments directly. The Group does not:
- Collect or store any member bank account details.
- Subscribe members to direct debits or any other recurring payment methods.
7. Access to Systems
Access to the IAM DARTS Portal and the Group’s website administration is restricted to the elected members of the Group’s committee, specifically the:
- Chair
- Treasurer
- Secretary
These individuals have been informed of their responsibilities regarding the appropriate use and access of these systems.
8. Data Security
While the Group relies on the IAM for the security of the DARTS Portal and the GDPR-compliant features of the WordPress plugin for website communications, the committee members will ensure that their access to these systems is secured through appropriate measures (e.g., strong passwords).
9. Individual Rights
As the majority of personal data is held and controlled by IAM RoadSmart, members’ rights under GDPR (such as the right of access, rectification, erasure, etc.) should primarily be directed to IAM RoadSmart in accordance with their privacy policy. The Group will assist members in directing their inquiries to the appropriate contact at IAM RoadSmart where necessary. For data processed through the website subscription plugin, the Group will facilitate members’ rights to unsubscribe or opt-out of communications.
10. Data Breach Procedures
In the unlikely event of a data breach concerning data directly controlled by the Group (e.g., website email list), the Group will follow appropriate procedures, including assessing the risk and notifying the relevant parties (including the ICO if required) in a timely manner.
11. Policy Review
This policy will be reviewed and updated as necessary to ensure ongoing compliance with GDPR and to reflect any changes in the Group’s data processing activities.
Complaints.
All complaints are handled in line with the IAM complaints policy available at https://www.iamroadsmart.com/contact/complaints
All complaints can be raised directly with the group by contacting the group secretary at secretary@harrogateadvancedbikes.co.uk