UK GDPR & Data Protection
Last updated: December 2025
Southport Model Boat Club is committed to complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page explains how we handle your personal data and your rights as a club member or website visitor.
1. Data Controller
Southport Model Boat Club is the data controller for personal information collected from members and website visitors. As a small private members' club, we are not required to appoint a Data Protection Officer (DPO), but our Membership Secretary is responsible for data protection compliance.
Data Protection Responsibility
Role: Membership Secretary
Responsibilities:
- Maintaining secure membership records
- Processing membership applications
- Responding to data protection requests
- Ensuring compliance with UK GDPR
- Liaising with the Committee on data matters
2. Membership Data
When you join Southport Model Boat Club, we collect and process the following data:
Essential Membership Information
- Full name and preferred title
- Home address for correspondence
- Email address for club communications
- Telephone number for urgent contact
- Emergency contact details (for safety purposes)
Additional Information
- Membership type and join date
- Subscription payment history
- Types of model boats sailed
- Attendance at events (optional)
- Photographs at club events (with consent)
Important: We only collect personal data that is necessary for the administration of your club membership and to ensure your safety while at Jubilee Pond.
3. Lawful Basis for Processing
Under UK GDPR, we must have a lawful basis for processing your personal data. We rely on:
Contractual Necessity (Article 6(1)(b))
Processing your membership application, collecting subscriptions, and providing you with the benefits of club membership.
Legitimate Interests (Article 6(1)(f))
Communicating about club events, maintaining safety records, and the general administration of the club. We have assessed that these interests do not override your fundamental rights and freedoms.
Consent (Article 6(1)(a))
Publishing your photograph on our website or social media, including your name in publicly visible content, or contacting you about matters beyond normal club business.
Legal Obligation (Article 6(1)(c))
Complying with Sefton Council requirements, health and safety regulations, and financial record-keeping requirements.
4. Your Data Rights
Under UK GDPR, you have the following rights regarding your personal data:
Right to be Informed
You have the right to know how we use your personal data (this notice).
Right of Access
You can request a copy of all personal data we hold about you. This is known as a Subject Access Request (SAR).
Right to Rectification
If any of your personal data is inaccurate or incomplete, you have the right to have it corrected.
Right to Erasure ('Right to be Forgotten')
You can request deletion of your personal data in certain circumstances. Note that we may need to retain some records for legal or safety purposes.
Right to Restrict Processing
You can request that we limit how we use your data while a complaint or issue is being resolved.
Right to Data Portability
You can request your data in a commonly used, machine-readable format to transfer to another organisation.
Right to Object
You can object to processing based on legitimate interests. We will stop unless we have compelling legitimate grounds.
Rights Related to Automated Decision Making
We do not use automated decision-making or profiling that produces legal effects.
5. Data Security
We take the security of your personal data seriously:
- Membership records are stored securely with restricted access
- Electronic data is password protected
- Only authorised committee members can access personal data
- We do not store sensitive data (payment card details) ourselves
- Physical documents are kept in locked storage
- Data is only shared with third parties when legally required
Data Breach Procedures
In the unlikely event of a data breach, we will notify affected individuals and the Information Commissioner's Office (ICO) within 72 hours if required by law.
6. Subject Access Requests
You have the right to request a copy of all personal data we hold about you. To make a Subject Access Request (SAR):
- Submit your request in writing to our Membership Secretary
- Provide proof of identity (we may request this for security)
- We will respond within one calendar month
- There is no fee for a standard request
Email your request to: contact@southportmodelboatclub.co.uk
7. Cookies Policy
Our website uses cookies to ensure it functions correctly and to remember your preferences.
What Are Cookies?
Cookies are small text files stored on your device when you visit a website. They help the website remember your preferences and improve your experience.
Cookies We Use
- Essential Cookies: Required for the website to function. These cannot be disabled.
- Preference Cookies: Remember your choices such as cookie consent status and announcement dismissal.
Third-Party Cookies
Our website embeds an OpenStreetMap on the Contact page. This may set cookies from OpenStreetMap's servers. We do not use Google Analytics or advertising cookies.
Managing Cookies
You can control cookies through your browser settings. Most browsers allow you to:
- See what cookies are stored and delete them
- Block third-party cookies
- Block all cookies from specific sites
- Block all cookies entirely
Note that blocking essential cookies may prevent the website from functioning correctly.
8. Data Protection Contact
For any data protection queries, to exercise your rights, or to make a complaint, please contact:
Information Commissioner's Office
If you are not satisfied with our response, you have the right to complain to the Information Commissioner's Office (ICO):
- Website: ico.org.uk
- Helpline: 0303 123 1113
- Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF