Details about our
DATA PROTECTION POLICIES & HOW WE HANDLE YOUR DATA
We need to make sure your data is secure, and protecting it is one of our most important responsibilities. We’re committed to being transparent about our security practices and helping you understand our approach.
We are also committed to GDPR and want to make sure that you understand why we have your data and what we do with it.
To help with this, we created this FAQ section to better explain how we handle your data.
What is GDPR?
The General Data Protection Regulation, or GDPR, is a European Union regulation that establishes a framework for handling and protecting the personal data of EU residents. It replaces the Data Protection Directive as of 25 May 2018.
In summary, there are six key principles of GDPR:
Lawfulness, fairness and transparency.
Collected for specified, explicit and legitimate purposes.
Adequate, relevant and limited to what is necessary.
Accurate and, where necessary, kept up to date.
Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.
Processed in a manner that ensures appropriate security of the personal data.
We at activities way have a legal obligation to adhere to these principles and we work with our customers to ensure that you remain in control of your own data.
Similar to the Data Protection Act, GDPR defines the roles of each party and this is important for our customers to understand:
Data Subject: This is you. If you join us as a member and complete our membership forms it means you are a customer and we hold your data.
Data Controller: This is ACTIVITIES AWAY, we are ultimately responsible for your data.
Data Processor: This is JOTFORM Inc. and/or WIX.COM they both process your data on behalf of ACTIVITIES AWAY in accordance with GDPR best practice if you complete any of our on line forms (JOTFORMS Inc) or purchase anything through our website (WIX.COM) and/or process a payment through our website (PAYPAL).
Lastly, we should also explain by what is meant by “personal data” and “sensitive personal data”.
Personal data: This is any data that can be attributed to you. For example, your phone number or email address would be classed as “personal data”.
Sensitive personal data: This is one of the following types of personal data that can be attributed to you:
racial or ethnic origin
religious or philosophical beliefs
trade union membership
genetic data, biometric data
sex life or sexual orientation
Is activities away a data processor or a data controller?
We are both - we process the data you provide us for the purposes of ensuring you can use our facilities safely.
However, we use a third party provider called JOTFORM who process things like our MEMBERSHIP FORMS/APPLICATIONS and JOB APPLICATIONS.
We also use a company called WIX.COM who handle all our website data, customer forms and information you may provide via our website.
All online PAYMENTS are processed by PAYPAL and they are responsible for processing your PAYMENT DETAILS which we do not receive or handle if you make a payment online we simply receive the actual payment from PAYPAL.
Where does activities away store my data?
Any data submitted online is stored either by wix.com or JOTFORM who are the providers of our web sites and on one forms.
Do you share my data with anyone else?
No - the only people we would ever share your data with is the emergency services on request if it was appropriate to do so to enable correct medical care to be given to you following an incident or for your 'in case of emergency' contact to be contacted.
We will provide any data requested by the appropriate security or government departments if asked to do so, but we will only do this is they have a legal basis for requesting any information and have applied through the correct channels.
Who has access to my personal data?
Users with the correct permissions within ACTIVITIES AWAY will have access to your personal data.
We restrict this access to managers of the business, so they may access your data if required in an emergency.
Some of our staff may have view access to your data on a day to day basis so they can check your membership status and/or edit things like you membership number or may any changes to your file that you request.
Who has access to my sensitive personal data?
No one - we do not collect this type of data on our systems.
We do ask that you record any relevant medical details on your membership card when it is issued to you, this remains your property and leaves site with you at the end of every visit. Obviously it is viewable by staff when they are processing your card for the purposes of signing you into our lake.
This is a necessary part of our safety system and we are sorry but if you do not want to hand your card over so we can identify you if you have an issue while with us, we are unable to accept your application for membership at this time.
How can I see my personal data?
You can request a copy of your data held on either our WIX account or our JOTFORM account at any time, we will take a screen shot and send it to you on request.
If there is a mistake or I need to make changes, how do I go about doing it?
You simply contact us to request a change, this can be done in person at the centre when you visit or if you are happy to do so you can email your request to us, we will action this and your email will be removed from our system as soon as we have carried out the change.
What happens to my data if I decide to stop using your services?
Your data will remain on our system for the period of membership that runs from one season to another.
Our current seasons run from 1st April until 30th September
At the end of every season we delete all membership forms and ask you to 'resign' at the beginning of the following season.
This enables us to amend our 'TERMS & CONDITIONS' if needed and acts as a reminder of our SAFETY SYSTEMS as you get to watch our safety briefings again.
What about my right to be forgotten?
You can request for ALL of your data on ALL of our systems to be TOTALLY REMOVED at any time.
Obviously if you request this you will not be able to use our facilities and will need to resubmit a new application before you can resume activities.
If you request to be totally removed from our systems we promise to do this within a week of the request.
We ask that you return your membership card to us as this will be destroyed.
I have more questions about my data, who can I contact?
The DPO for activities away is in charge of your data and their details are shown below -
Activities away - 74a Thorpe Lane - South Hykeham - Lincoln LN6 9N
I have questions for activities ways, how do I contact you?
We love hearing from our customers and you can contact us by emailing: firstname.lastname@example.org