Who we are
Our website address is: https://bhmc.club.
This site includes membership and event entry forms. As a club, we will need to hold some of your data as well as share some with other companies. This is done to allow us to function as a Club. A list of the companies that will be able to see your personal data are listed below:
- WordPress (This website)
- Google Analytics (Analytical data, number of page views etc.)
- PayPal (Payment)
- Royal Mail (Courier)
All of these companies in turn will also be regulated and adhere to the GDPR rules. Only relevant information is shared with these companies (e.g. all payments made through our website will be processed through PayPal). This company will have access to your card details in order to process your payment, but will not have access to other irrelevant data, such as occupation).
Suggested text: Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
How long we retain your data
For users that register for membership or to enter an event your details are automatically deleted from the website after 14 months.
What rights you have over your data
You may obtain details of the personal information we hold on you. Also included in the GDPR you as a customer have a “Right to be forgotten”. This means that you will be able to make a request to us for your personal data to be erased. Please make your request via email to firstname.lastname@example.org
Where we send your data
We do not store your financial details (credit or debit card numbers).
We take the protection of all of your personal data very seriously and have protocols in place to protect it from accidental and malicious leaking.
In the unlikely event that there is a breach of these protocols and we suspect that your personal data may have been compromised, we will inform you as soon as feasibly possible in order to allow you to take any necessary precautions.
This notification will include the following:
- The nature of the personal data breach
- Recommendations for you to mitigate potential adverse effects.
Under the new GDPR rules, we are now obligated to inform the Information Commissioners Office (ICO) of any data breaches with 72 hours of us becoming aware of it (wherever feasible). This is a new piece of legislation that was not previously required under the Data Protection Act (1998).