Click to Join the TR Register Car Club

TR Register (TR OWNERS CLUB LIMITED) GDPR Policy

The TR Register respects member's privacy and we will only use their information in the way we describe in this policy. When using member's information we aim to be fair, transparent, and to follow our obligations under UK and EU data protection laws. Your information is used for administering club membership, activities and competitions.

A nominated member of The TR Register's management team is the Data Controller, currently Mick Forey. The Data Controller determines the purposes and means of processing personal data and is responsible for, and has to be able to demonstrate, compliance with the principles. The TR Register's office staff, directors, club officers and the club's Marque Registrars are data processors for the club and a full list of internal and external parties with which data is shared is found below under "Sharing Information". The processors are responsible for processing personal data on behalf of the controller and are required to maintain records of personal data and processing activities and will have legal liability if they are responsible for a breach.

Our address is
TR Register,
1b Hawksworth, Southmead Industrial Park,
Didcot, Oxfordshire OX11 7HR
Email: office@tr-register.co.uk
Phone: +44 (0) 1235 818866

Jo Whitty, the club's office manager, can be contacted at the above address.

Awareness.

All directors and decision makers must be aware of the requirements and impact of the General Data Protection Regulations and be familiar with the club's policies. Directors must review the club's data protection policy annually and pass this on to all of the club's management teams.

Information the club holds.

The club collects member's information when they fill in paper forms, on line forms, membership applications or renewals, event entry's etc. The club then holds member's personal data on a cloud based database management system called RevUp, the club's Mailchimp email service, the club's website, a historical card index system and individual Marque Registrars databases. All IT systems are secure and can only be accessed by authorised people who hold the necessary passwords. The card system is located in the Didcot office and is kept securely locked at all times by the office manager. The club's shop website also holds personal data of those people who have purchased items in the last year. The club may hold the following personal data of its, current members, past member's, past TR car owners, non-member volunteers, and shop purchasers;

• Name

• Date of Birth ( Members only)

• Address

• Telephone Number's

• Email addresses

• IP address

• Car details

The club also holds the following data on its employees securely stored in files and on the office managers password enabled PC Sage Payroll Programme.

Name, Date of Birth., Address, Telephone Number's, National Insurance Number.

Using member's information.

We use member's information to administer and renew club membership subscriptions and provide members with services and benefits. We also use member's information when members enter club events. For events and competitions, we may publish some information in the club magazine, event programmes and results, which will be in the public domain.

When we receive information about another person, such as a child, parent, guardian, or emergency contact the person supplying that information, should let that person know that they have given the club the information.

If member's wish to restrict the internal use of their data, this can be accommodated by contacting the office manager who will ensure the restricted data can only be viewed and processed by the office.

To support a lifetime relationship with the TR Register the club may keep some of the personal data indefinitely. This will enable the office manager to re issue an ex member with his/her old membership number when wanting to re-join the club and enables the club to maintain records of historical importance on Triumph TR cars which include their owner's data.

Our website

When member's use our club website we will collect their IP (Internet Protocol) address, by using cookies. Cookies help us to recognise them when they return to the website, and they may also help the member to login securely to our web-based services, including on line entry and payment. For more detail about how we use cookies please view our Cookies Policy. The club website might contain links to other websites such as online entry and payment sites, partners, and advertisers. If you follow or publish links to other websites please review the privacy policy for each site because we are not responsible for information shared on those sites.

For our full public website privacy policy, please click here.

Sharing information

The data is shared internally with the following club's management teams, on an as and when required basis;

• the club's Directors.

• the club's Marque Registrars.

• the club's V765 Registration Officer.

• the club's local groups' data processors.

• members who organise events (Concours D'Elegance, sprint and hill climbs, auto solos etc.).

• the club's employees.

The parties above who have access to the data on RevUp and Mailchimp must agree to abide by this policy.

The personal data is shared externally with

• Prosolve Software Limited.( RevUp database).

• The club's editorial and press consultant.

• The club's Magazine Printers.

• The club's website maintenance company.

• Third party suppliers when ordering from the club shop.

The club's database supplier, the editorial and press consultant, the Magazine Printers, the club's website Maintenance Company, and third party shop suppliers must provide their own GDPR policy. These policies will be vetted and cleared by the club's management team before data is shared.

The TR Register will not share data internationally (i.e. outside the EEA).

Member's rights

Unless subject to an exemption [under the GDPR], members have the following rights with respect to their personal data: -

• The right to request a copy of their personal data which the TR Register holds and a list of locations that data is held and who it is shared with;

• The right to request that the TR Register corrects any personal data that is found to be inaccurate or out of date;

• The member may ask us to stop using their information, and to delete it, although we may maintain a skeleton set of their information. If the member asks us to delete all their personal data from all locations we will not be able to continue our contract with that member.

• The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;

• The right to lodge a complaint with the Information Commissioners Office (www.ico.org.uk).

Subject access requests

All data and processing requests will be dealt with by the club's office manager with a target to respond to any request within 14 days.. It will require two pieces of identification to prove your identity. Please make a written application to Jo Whitty, Unit 1B Hawksworth, Southmead Industrial Estate, Didcot. Oxon. OX11 7HR.

Lawful basis for processing personal data

The TR Register considers “legitimate interests" [Article 6(1)(f)] as a lawful basis to process personal data. The TR Register believes this basis is the most appropriate to enable the club to function and maintain its long standing business model, keeping membership lists, running the club shop, sending magazines, building historical car records , informing members of club benefits, services, technical items, events, competitions and activities, by post, telephone and email. We have checked that the processing is necessary and that there is no less intrusive way to achieve the same result. We have done a balancing test and are confident that individual's interests do not override those legitimate interests. We only use individuals' data in ways they would reasonably expect, unless we have a very good reason.

Children

The only children members (under the age 18) will be family members. They will not have access to the members website nor be given any form of on line services and cannot vote.

Data breaches

Any data breaches will be investigated thoroughly and once the breach details have been found the ICO will be informed. If the investigation determines that the breach was intentional and identified the processor then disciplinary action may be taken which could include suspension or dismissal. If the investigation determines that the breach was unintentional then action will be taken to modify the process to avoid a similar breach.

Data protection

A “Privacy Impact Assessment" and “legitimate interests balancing test" has been carried out with outcomes being integrated back into this policy.

Users Compliance and Security

All employees, directors, registrars, club officers and event organisers that collect or share the above personal data, must read, understand and abide by this policy


GDPR Downloads

Download this GDPR Policy as a PDF

Download the GDPR Guidelines for Model Registrars

Download a suggested Draft Template Policy for Local Groups (for those not wishing the send correspondence via the office but manage their own data with data fed from the parent club.)

Download the club website's Privacy Policy as a PDF