We undertake to respect everyone's privacy and use the personal information they provide only for the specific purpose we describe here.
We will not pass personal information on to a third party without express permission.
We comply with the Data Protection Act and - in particular - the data protection principles as well as the EU General Data Protection Regulation (GDPR).
We hold very little personal information - only that which is necessary for the operation of Portsmouth CTC. Specifically we do not hold personal bank, credit card or debit card data.
Data is held in a database that supports this web site. The database is stored with our Internet Service Provider (ISP): Ionos (previously 1&1).
We refer here to "members". For the purposes of this note a Portsmouth CTC member is either:
- a member of Cycling UK that has asked to be included in our web site; or
- an honorary member of Portsmouth CTC: a past, long standing member who has contributed greatly to our club and given honorary membership by the PCTC committee.
Anyone that pays a subscription to Cycling UK (including Full Members, Lifetime members, Household Members and Affiliate Members) can ask to be included. Note, however, that 'Affiliate Member' in this context refers to a form of membership of Cycling UK. Members of affiliates to Cycling UK (such as Portsmouth Cycle Forum) need to join Cycling UK before we can give them access to the web site.
Lawful basis of processing
The GDPR requires us to declare why our processing of personal data is lawful. We claim a 'legitimate interest' defined as "Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child."
Guidance from the Information Commissioner's Office is that "It is likely to be most appropriate where you use people's data in ways they would reasonably expect and which have a minimal privacy impact, or where there is a compelling justification for the processing".
We see the legitimate interests as being:
- Our interest in administering Portsmouth CTC
- Members’ interests:
- Being kept informed
- Allowing them to communicate with each other (subject to their own choices)
- Notifying emergency contacts if necessary
Basic data
This is the information held about Portsmouth CTC members. If you are a member you can see it in your your user profile.
We need the following pieces of information about members in order to operate the web site:
- Name
- An indication of whether a ride leader, probationer, or not
- An indication of whether a committee member, or not
- An indication of who is allowed to see the member's contact information
- Email preferences
- Cycling UK membership number
Members may also provide:
- An email address (which can be an address shared with a spouse or partner)
- A postal address
- Emergency contact(s)
- Home phone number
- Mobile phone number
Keeping basic data up-to-date
Members can update most of their data via their personal profile page. Click here to find out more.
Members can also ask the Secretary to change details on their behalf.
The Secretary:
- Removes data held for past members - usually following a failure to renew subscriptions
- Maintains the ride leader status based on decisions made by the Portsmouth CTC committee
Access to basic data
The following have access to elements of basic data: ... can see: The link does not disclose the email address and cannot be re-used after a short time has elapsed (preventing spammers from repeatedly mailing the member). Links are provided only for members that have provided an email address. Member contact details will also appear to the public in the text of pages but only with their agreement or at their request. Typically this will be because they are administering some activity involving the public. Note that we can adapt page content based on whether the person viewing is logged in as a member, or not. It is therefore possible members will see additional information on public pages that is not available to the general public. Members that are logged in to the site with their personal username and password can see: Ride leaders can see emergency contact details for any member since the most likely time this would be needed is on a ride. The Secretary and members he/she appoints to carry on in case he/she becomes unavailable can see all basic data.The public...
Portsmouth CTC members
Ride leaders
Site administrators
Retention of basic data
We keep data about members for the duration of their membership.
When we detect a membership has lapsed we remove the member's details. Any posts made by the member are updated to show "Past member" as author.
If requested, we will remove a member's details immediately but they will be unable to participate fully in the club's activities since they will no longer be able to use the web site.
Other data
In addition to basic data, the web site holds information about:
Dates of birth
Members may optionally provide their date of birth:
- Members can remove their date of birth at any time via their profile or through a request to the club secretary
- Dates of birth are visible only to site administrators
- Dates of birth are used only to aggregate statistics based on age for use in campaigns and reports to, for example:
- The committee
- Our members
- Our AGM
- Cycling UK
- Statistics generated by the site will not disclose individual birth dates
Rides and events
Most rides and events identify a leader or organiser, and - optionally - a supporter.
The public can:
- See the names of leaders, organisers and supporters
- Email leaders, organisers and supporters (that have provided an email address) using links that do not disclose email addresses
Members can see all available contact details for leaders, organisers and supporters.
Relevant rides and events are automatically anonymised when we remove a member's details.
Ride bookings
We use a booking system to ensure ride limits determined by a ride leader and/or Government regulation are not exceeded.
For non-PCTC members, the booking does not hold any of your details until you ride with us when we add your attendance to the system. Future bookings can then be recorded against your name.
Ride attendance
We record details of everyone who attends a ride so we can:
- Report annual statistics
- Meet insurance requirements
- Track the number of rides attended by people who are not Cycling UK members
We delete names of non-members from time to time and on request.
Distance cycled
If members participate in the Ride Logging service they submit details about their rides either directly or via the Secretary. The member and the Secretary can see their ride details. All members can see monthly distance summaries for participating members.
Distance data is removed from the site automatically when we remove a member from the site. We will also delete it on request.
Position data
If members participate in the Online Tracking service, their GPS device submits details about their position to the site. The members' tracks are visible to:
- Members
- Non-members that have been given a password generated by a member
Position data is removed from the site automatically when we remove a member from the site. We will also delete it on request.
Uploaded images
Members have the option to upload a photograph. The photo is visible to other members via the Member Lookup and Member Gallery services. Members can change or delete their photo at any time.
Photos are removed from the site automatically when we remove a member from the site. We will also delete photos on request.
Hall of fame
Email forms
We do not retain any information from these forms:
- Contact us
- Email CTC member(s)
- Club kit orders
- Cathedral Challenge registration
- Problem report
- Barn dance booking (not currently used)
- BBQ request (not currently used)
Instead, the forms generate emails to the target individual(s).
We will introduce new email forms as needed.
Securing web site data
We keep a number of backups of web site data:
- We assume that Ionos, our Internet Service Provider, keeps backup copies but we don't rely on them.
- We make a backup copy every day which is stored, encrypted, in a OneDrive folder belonging to the web site editor and made available to site administrators.
Apart from those pages available to the general public, access to the site is restricted to Portsmouth CTC members who log in with their personal username and password. Passwords are encrypted before they are stored in such a way that no-one, not even site administrators, can retrieve the password (we use a process known as one-way encryption).
All traffic between our web site and web browsers is encrypted automatically using industry-standard https protocols.
Access to web site programming and site administration details is restricted to the Secretary and members he/she appoints to carry on in case he/she becomes unavailable.
Our club secretary has limited access to data you might have provided to Cycling UK to allow checking of individual memberships. Data provided to Cycling UK is covered by Cycling UK's privacy policy.
You have rights under data protection legislation. The relevant ones being:
- The right to be informed about our collection and use of your personal data. This document helps us satisfy that right. Please let us know if:
- You have any questions about how we handle your data or what we hold
- Concerns about any aspect of our privacy policy or the way we implement it
- Right of access to information we hold about you. If you want to see that information please contact us.
- Right of rectification. It’s in everyone’s interest that we hold accurate information. Contact us to get your information corrected.
- Right to erasure. Note that this is not an absolute right. If you request deletion of all your data we will have to remove you from the members' area of this web site and from circulation of our emails including the weekly Update email. We will delete your data immediately on your request – subject to our data security and retention policies and obligations.