LCRPC Privacy Notice
We are the Little Chalfont Rifle & Pistol Club and we intend to use your data in all matters relating to:
The administration of membership of our organisation or affiliated organisations (e,g NRA, NSRA etc.)
The administration of your FAC and or SGC and compliance with Firearms Law and Home Office Guidance
Competitions entered
Ranges booked
Armoury purchases
Training courses or other shooting related events
- We collect your data via online submission and paper documents
- We will inform you before using your data for any other reason than those stated above
- Our lawful basis for processing is a legal requirement and any contract entered into
- Our data retention periods follow the statutory guidelines (7 years). We may retain your information for longer during your membership.
- You have the right to:
Be provided with the data that we hold relating to you
Rectify / update the data
Ask us to remove your data
Restrict processing
Data portability
Object to our use of your data
Not to be subject to automated decision-making including profiling
We will comply within one month of your request. Please note that we are entitled to make a small charge for any data access requests this will be £5 payable at the time of the request. Please also note that should you ask us to remove your data this may prevent us from complying with Firearms Law and or the Home Office Guidance. As such, your activities or membership of the Club may be curtailed or withdrawn.
Our Hon. Membership Secretary Chris Gibbs remains our appointed Data Protection Officer, he can be reached at lcrpclub@gmail.com or on 07762711005.
LCRPC GDPR Data Breach Procedure
The following is the procedure that we will follow relating to any potential breach under GDPR legislation.
Notify the Data Protection Officer of the suspected data breach
The Data Protection Officer will investigate the potential breach to establish if it is real
The impact to individuals and organisations will be assessed
Notify the Information Commissioners Office (ICO) within 72 hours with details of:
The nature of the personal data breach
The categories and approximate number of individuals concerned
The categories and approximate number of personal data records concerned
The name and contact details of the Data Protection Officer
A description of the likely consequences of the personal data breach
A description of the measures taken, or proposed to be taken, to deal with the personal data breach and, where appropriate, of the measures taken to mitigate any possible adverse effects
This is only necessary if the breach could result in:
Discrimination
Damage to reputation
Financial loss
Loss of confidentiality
Economic disadvantage
Social disadvantage
Notify any individuals concerned if there may be a risk to the rights and freedoms of those individuals
Resolve breach