TR Register (TR OWNERS CLUB LIMITED) GDPR Policy
The TR Register respects member's privacy and we will only use their information in the way we describe in this policy. When using member's information we aim to be fair, transparent, and to follow our obligations under UK and EU data protection laws. Your information is used for administering club membership, activities and competitions.
A nominated member of The TR Register's management team is the Data Controller, currently Mick Forey. The Data Controller determines the purposes and means of processing personal data and is responsible for, and has to be able to demonstrate, compliance with the principles. The TR Register's office staff, directors, club officers and the club's Marque Registrars are data processors for the club and a full list of internal and external parties with which data is shared is found below under "Sharing Information". The processors are responsible for processing personal data on behalf of the controller and are required to maintain records of personal data and processing activities and will have legal liability if they are responsible for a breach.
Our address is
TR Register,
1b Hawksworth, Southmead Industrial Park,
Didcot, Oxfordshire OX11 7HR
Email: office@tr-register.co.uk
Phone: +44 (0) 1235 818866
Jo Whitty, the club's office manager, can be contacted at the above address.
Awareness.
All directors and decision makers must be aware of the requirements and impact of the General Data Protection Regulations and be familiar with the club's policies. Directors must review the club's data protection policy annually and pass this on to all of the club's management teams.
Information the club holds.
The club collects member's information when they fill in online membership applications or renewals, update their own data online or provide data in paper forms. The club holds members' personal data (Data) on a cloud-based database management system called sheepCRM, which in turn integrates with Mailchimp and individual model registrar databases. All IT systems are secure and can only be accessed by people who have been authorised to do so. The club may hold the following Data of its current members, past members, TR car owners, and volunteers:
• Name
• Date of Birth ( Members only)
• Address
• Telephone Number's
• Email addresses
• IP address
• Car details, including registration numbers
The club also holds the following data on its employees securely stored in files and on the office managers password enabled PC Sage Payroll Programme.
Name, Date of Birth., Address, Telephone Number's, National Insurance Number.
Using member's information.
We use member's information to administer and renew club membership subscriptions and provide members with services and benefits. We also use member's information when members enter club events. For events and competitions, we may publish some information in the club magazine, event programmes and results, which will be in the public domain.
When we receive information about another person, such as a child, parent, guardian, or emergency contact the person supplying that information, should let that person know that they have given the club the information.
If member's wish to restrict the internal use of their data, this can be accommodated by contacting the office manager who will ensure the restricted data can only be viewed and processed by the office.
To support a lifetime relationship with the TR Register the club may keep some of the personal data indefinitely. This will enable the office manager to re issue an ex member with his/her old membership number when wanting to re-join the club and enables the club to maintain records of historical importance on Triumph TR cars which include their owner's data.
Our website
When member's use our club website we will collect their IP (Internet Protocol) address, by using cookies. Cookies help us to recognise them when they return to the website, and they may also help the member to login securely to our web-based services, including on line entry and payment. For more detail about how we use cookies please view our Cookies Policy. The club website might contain links to other websites such as online entry and payment sites, partners, and advertisers. If you follow or publish links to other websites please review the privacy policy for each site because we are not responsible for information shared on those sites.
For our full public website privacy policy, please click here.
Sharing information
The Data is shared internally with the following club's officers, volunteers and employees, if they have a legitimate reason to know it;
• the club's Management Team.
• the club's Marque Registrars.
• the club's V765 Registration Officer.
• the club's IT project manager.
• the club's Regional Coordinators and local groups' data processors.
• members who organise events at a national, regional or local level (Concours D'Elegance, sprint and hill climbs, auto solos, shows, runs etc.).
• the club's employees.
Any of the parties above who have access to the Data in sheepCRM and Mailchimp need to abide by this policy as a condition of access. They will also be required to read, understand and abide by the club’s GDPR Policy for sheepCRM users, held on the website.
The Data is shared externally with
• Authentic Digital Limited (sheepCRM)
• Mailchimp solely for emails to members
• The club's marketing and press consultant.
• The club's magazine Printers.
• The club's website maintenance company.- J&L Limited
• Third party suppliers when ordering from the club shop. – Blade Print & Embroidery Ltd
In addition, as part of the transfer of the TR Register Forum to TR Forums, Data of all register users (member and non-member) will be shared with TR Forums. Once transferred, the club will no longer retain Data from non-member registered users of the forum.
The club's database supplier, marketing and press consultant, Magazine Printers, website Maintenance Company, Mailchimp, Blade Print & Embroidery and TR Forums must provide their own GDPR policy. The club's management team will review these policies before any Data is shared.
The TR Register will not share Data internationally (i.e. outside the EEA).
Member's rights
Unless subject to an exemption [under the GDPR], members have the following rights with respect to their personal data: -
• The right to request a copy of their personal data which the TR Register holds and a list of locations that data is held and who it is shared with;
• The right to request that the TR Register corrects any personal data that is found to be inaccurate or out of date;
• The member may ask us to stop using their information, and to delete it, although we may maintain a skeleton set of their information. If the member asks us to delete all their personal data from all locations we will not be able to continue our contract with that member.
• The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
• The right to lodge a complaint with the Information Commissioners Office (www.ico.org.uk).
Subject access requests
All data and processing requests will be dealt with by the club's office manager with a target to respond to any request within 14 days.. It will require two pieces of identification to prove your identity. Please make a written application to Jo Whitty, Unit 1B Hawksworth, Southmead Industrial Estate, Didcot. Oxon. OX11 7HR.
Lawful basis for processing personal data
The TR Register considers “legitimate interests" [Article 6(1)(f)] as a lawful basis to process personal data. The TR Register believes this basis is the most appropriate to enable the club to function and maintain its long standing business model, keeping membership lists, running the club shop, sending magazines, building historical car records , informing members of club benefits, services, technical items, events, competitions and activities, by post, telephone and email. We have checked that the processing is necessary and that there is no less intrusive way to achieve the same result. We have done a balancing test and are confident that individual's interests do not override those legitimate interests. We only use individuals' data in ways they would reasonably expect, unless we have a very good reason.
Children
The only children members (under the age 18) will be family members. They will not have access to the members website nor be given any form of on line services and cannot vote.
Data breaches
Any data breaches will be investigated thoroughly and once the breach details have been found the ICO will be informed. If the investigation determines that the breach was intentional and identified the processor then disciplinary action may be taken which could include suspension or dismissal. If the investigation determines that the breach was unintentional then action will be taken to modify the process to avoid a similar breach.
Data protection
A “Privacy Impact Assessment" and “legitimate interests balancing test" has been carried out with outcomes being integrated back into this policy.
Users Compliance and Security
All employees, directors, registrars, club officers and event organisers that collect or share the above personal data, must read, understand and abide by this policy
GDPR Downloads
Download this GDPR Policy as a PDF
Download the GDPR Guidelines for Model Registrars
Download the GDPR policy for sheepCRM users