TR Register (TR OWNERS CLUB LIMITED) GDPR Policy
The TR Register respects member's privacy and we will only use their information in the way we describe in this policy. When using member's information we aim to be fair, transparent, and to follow our obligations under UK data protection laws. Your information is used for administering club membership, activities and competitions.
The TR Register's office manager, Jo Whitty is the Controller. The controller determines the purposes and means of processing personal data and is responsible for, and has to be able to demonstrate, compliance with the principles. The TR Register's office, staff, directors and the club's Marque Registrars are data processors for the club and a full list of internal and external parties with which data is shared is found below under "Sharing Information". The processors are responsible for processing personal data on behalf of a controller and are required to maintain records of personal data and processing activities and will have legal liability if they are responsible for a breach.
Our address is
1b Hawksworth, Southmead Industrial Park,
Didcot, Oxfordshire OX11 7HR
Our Data Controller is Jo Whitty, the club's office manager who can be contacted at the above address.
All directors and decision makers must be aware of the requirements and impact of the General Data Protection Regulations and be familiar with the club's policies. Directors must review the club's data protection policy annually and pass this on to all of the club's management teams.
Information the club holds.
The club collects member's information when they fill in paper forms, on line forms, membership applications or renewals, event entry's etc. The club then holds member's personal data on a cloud based database management system called Revup, the club's Mailchimp email service, the club's website, a historical card index system and individual Marque Registrars databases. All IT systems are secure and can only be accessed by authorised people who hold the necessary passwords. The card system is located in the Didcot office and is kept securely locked at all times by the office manager. The club's shop website also holds personal data of those people who have purchased items in the last year. The club holds the following personal data of its, current members, past member's, non-member volunteers, and shop purchasers;
• Date of Birth ( Members only)
• Telephone Number's
• Email addresses
• IP address
• Car details (Members only)
The club also holds the following data on its employees securely stored in files and on the office managers password enabled PC Sage Payroll Programme.
Name, Date of Birth., Address, Telephone Number's, National Insurance Number.
Using member's information.
We use member's information to administer and renew club membership subscriptions and provide members with services and benefits. We also use member's information when members enter club events. For events and competitions, we may publish some information in the club magazine, event programmes and results, which will be in the public domain.
When we receive information about another person, such as a child, parent, guardian, or emergency contact the person supplying that information, should let that person know that they have given the club the information.
If member's wish to restrict the internal use of their data, this can be accommodated by contacting the office manager who will ensure the restricted data can only be viewed and processed by the office.
To support a lifetime relationship with the TR Register the club may keep some of the personal data indefinitely. This will enable the office manager to re issue an ex member with his/her old membership number when wanting to re-join the club and enables the club to maintain records of historical importance on Triumph TR cars which include owner's data.
The data is shared internally with the following club's management teams;
• the club's Directors.
• the club's Registrars.
• Members who organise events (Concours D'Elegance, sprint and hill climbs, auto solos etc.).
• the club's employees.
The parties above who have access to the data on Revup and Mailchimp must agree to abide by this policy.
The personal data is shared externally with
• Prosolve Software Limited.( Revup database)
• The club's editorial and press consultant.
• The club's Local Groups.
• The club's Magazine Printers.
• The club's website maintenance company.
• Third party suppliers when ordering from the club shop.
The club's editorial and press consultant, Local Groups, the Magazine Printers, the club's website Maintenance Company, and third party shop suppliers must provide their own GDPR policy. These policies will be vetted and cleared by the club's management team before data is shared.
The TR Register Car Club will not share data internationally.
Unless subject to an exemption [under the GDPR], members have the following rights with respect to their personal data: -
• The right to request a copy of their personal data which the TR Register Car Club holds and a list of locations that data is held and shared with;
• The right to request that the TR Register Car Club corrects any personal data that is found to be inaccurate or out of date;
• The member may ask us to stop using their information, and to delete it, although we maintain a skeleton set of their information. If the member asks us to do this we will not be able to continue our contract with that member.
• The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
• The right to lodge a complaint with the Information Commissioners Office (www.ico.org.uk).
Subject access requests
All data and processing requests will be dealt with by the club's office manager with a target to respond to any request within 14 days.. It will require two pieces of identification to prove your identity. Please make a written application to the Data Controller, Jo Whitty, Unit 1B Hawksworth, Southmead Industrial Estate, Didcot. Oxon. OX11 7HR.
Lawful basis for processing personal data
The TR Register considers “legitimate interests" [Article 6(1)(f)] as a lawful basis to process personal data. The TR Register believes this basis is the most appropriate to enable the club to function and maintain its long standing business model, keeping membership lists, running the club shop, sending magazines, building historical car records , informing members of club benefits, services, technical items, events, competitions and activities, by post, telephone and email. We have checked that the processing is necessary and that there is no less intrusive way to achieve the same result. We have done a balancing test and are confident that individual's interests do not override those legitimate interests. We only use individuals' data in ways they would reasonably expect, unless we have a very good reason.
The only children members (under the age 18) will be family members. They will not have access to the members website nor be given any form of on line services and cannot vote.
Any data breaches will be investigated thoroughly and once the breach details have been found the ICO will be informed. If the investigation determines that the breach was intentional and identified the processor then disciplinary action may be taken which could include suspension or dismissal. If the investigation determines that the breach was unintentional then action will be taken to modify the process to avoid a similar breach.
A “Privacy Impact Assessment" and “legitimate interests balancing test" has been carried out with outcomes being integrated back into this policy.
Users Compliance and Security
All employees, directors, registrars and event organisers that are planned to collect or share the personal data, must agree to abide by this policy by signing a copy of this policy.
I have read and understand the policy above and I agree to comply with the conditions stated below.
I will only use the Personal Data received by me from the TR Register for the purposes of communicating with members in my area for club matters.
I will keep all Personal Data in my possession secure and not allow third party access to it.
I will remove from my record any Personal Data no longer required.
I will remove all Personal Data from my records upon relinquishing the post I now hold in the club.
Download a suggested Draft Template Policy for Local Groups (for those not wishing the send correspondence via the office and manage their own data with data fed from the parent club.)