Data Protection

1. Our Policy

This is an explanation of why and when we collect personal information about our members and associates; how we use it, how we keep it secure, how long we keep it and your rights in relation to it. We reserve the right to amend this policy without prior notice although amendments will not be made retrospectively. Changes will be displayed on this page of the CWAM website. This policy does not extend any data held by IAM RoadSmart, who are themselves responsible for their data. We will always comply with the Data Protection Act 2018 (DPA) and the UK General Data Protection Regulation (UK GDPR) when dealing with your personal data. Further details on the UK GDPR can be found at the website for the Information Commissioner (ico.org.uk).

2. What information we collect and why.

2.1. Member’s/Associate’s name, address, telephone number(s), e-mail address(es), emergency contact details, date of birth, gender, group & IAM membership numbers, dates applicable to membership, member area website preferences and information, membership payment status details, gift aid status. We use this information to manage membership and monitor the demographics of CWAM. In legal terms we need to process some of this information to perform CWAM’s contract with Members and Associates and for the legitimate interests in operating CWAM. Data may be used to create and manage communication between CWAM and the Members and Associates, and other data to manage user preferences in the website members' area. Members and Associates may withdraw their consent at any time by contacting the CWAM Data Controller using the form below, rescinding their agreement to receive emails, newsletters or any other group communications, and access to the members' area of the website.

2.2. Associate’s Run Sheets/Training data. The portfolio of evidence regarding course progression is needed to fulfil our legitimate interests in monitoring advanced course development for the benefit of CWAM and the associate. This policy extends to any observer training documentation. These do not fall under the remit of the DPA.

2.3 Photos and videos of members and their motorbikes. We use this information on the club’s website, newsletter, social media pages and in other releases available to the public. Members/associates may withdraw their consent at any time by contacting the Group Secretary. Users with access to the website members' area who do not explicitly withdraw consent are assumed to have consented to any such materials being used for club purposes. Naturally, individuals may request removal of individual items of content which comprise personal data rather than withdraw consent completely too.

2.4 CWAM holds no personal financial data relevant to its members or associates.

3. How we protect your personal data

3.1 Our data retention policy complies with IAM RoadSmart policies and UK GDPR guidelines.

3.2 We have implemented generally accepted standards of technology and operational security in order to protect personal data from loss, misuse, or unauthorised alteration or destruction. Please note however that where you are transmitting information to us over the internet this can never be guaranteed to be 100% secure. 

3.3 We will notify you promptly in the event of any breach of your personal data which might expose you to serious risk.

4. Who else has access to the information you provide us?

4.1 We will never sell your personal data.

4.2 We will not share your personal data with any third parties without your prior consent (which you are free to withhold) except where required to do so by law.

5. How long do we keep your information?

5.1 We will hold your personal data on our systems for as long as you are a member/associate of CWAM and for as long afterwards as is necessary to comply with our legitimate and legal obligations. This will ordinarily be the January following the financial year during which membership was terminated.

5.2 We will review your personal data every year to establish whether we are still entitled to process it.

5.3 We securely destroy all data once we have used it and no longer need it.

6. Your rights

6.1 You have the following rights under the UK GDPR:

(a) To access your personal data.
(b) To be provided with information about how your personal data is processed.
(c) To have your personal data corrected.
(d) To have your personal data erased in certain circumstances.
(e) To object to or restrict how your personal data is processed.

6.2 You have the right to take any complaints about how we process your personal data to the Information Commissioner (ico.org.uk)

6.3 Please address any questions, comments and requests regarding CWAM’s data processing practices to our Data Controller using the form below.