GDPR Policy

Introduction

This policy sets out how the Laigh o’ Moray Vintage Association complies with GDPR legislation while achieving our objectives of the association

Data Collected

We collect exhibitors’ names, addresses, email addresses, and telephone numbers upon registering to attend the annual rally, and we update the information each time a change is advised by rally entrants. Exhibitors may also opt to provide the association information in relation to the vehicles of members but this is not 'personal' information for the purposes of this policy.

Data Controller

The association secretary collects and maintains exhibitors’ personal information in her/his capacity as Data Controller.

Data Processors

These are the secretaries of the association.

Data Use

We use data to send to each exhibitor notification of our annual rally, newsletters, and entry forms by email or post.

Data Storage and Retention

The Data Controller holds current records in electronic format on a personal computer. All electronic files containing member's data are password protected. In some cases, paper copies of membership and car register forms are also retained. Records relating to the personal data of those who are no longer members are deleted from any electronic files after one year and paper copies destroyed after six years.

What we DON'T do

• We do not give or sell personal data to any organisation, company or club.
• We do not pass exhibitors’ personal details to any other individuals.
• We do not store exhibitors’ bank, credit card and related financial information.
• We do not make multiple email addresses visible on webmail sent to exhibitors.
• We do not make exhibitors’ details available on any websites or social media.

Consent

All current entrants have been informed of this policy. All future exhibitors will be asked upon registering a vehicle to attend the rally to acknowledge and sign that consent to hold the information has been given.

Subject Access

We will provide to any exhibitors’ who asks the association Secretary, the information held about him/her. However, as our committee members control what personal data is submitted to the Association this may be accessed and edited as when members so wish.

Consent To Hold Personal Data

As you may know, the General Data Protection Regulations (GDPR) (Regulation (EU) 2016/679) came into force on 25 May 2018. This means that all UK organisations will need to demonstrate that they have 'opt-in' approval from persons whose personal data they hold. These regulations emanate from the EU and will not be affected by Brexit.

To comply with these regulations, we need all exhibitors’ to consent so that the Association can use their data to send you rally entry forms.

If you have any queries regarding any matter relating to this communication, please contact via email: [email protected]