LCRPC Privacy Notice

We are the Little Chalfont Rifle & Pistol Club and we intend to use your data in all matters relating to:

The administration of membership of our organisation or affiliated organisations (e,g NRA, NSRA etc.)

The administration of your FAC and or SGC and compliance with Firearms Law and Home Office Guidance

Competitions entered

Ranges booked

Armoury purchases

Training courses or other shooting related events

  • We collect your data via online submission and paper documents
  • We will inform you before using your data for any other reason than those stated above
  • Our lawful basis for processing is a legal requirement and any contract entered into
  • Our data retention periods follow the statutory guidelines (7 years). We may retain your information for longer during your membership.
  • You have the right to:

Be provided with the data that we hold relating to you

Rectify / update the data

Ask us to remove your data

Restrict processing

Data portability

Object to our use of your data

Not to be subject to automated decision-making including profiling

We will comply within one month of your request. Please note that we are entitled to make a small charge for any data access requests this will be £5 payable at the time of the request. Please also note that should you ask us to remove your data this may prevent us from complying with Firearms Law and or the Home Office Guidance. As such, your activities or membership of the Club may be curtailed or withdrawn.

Our Hon. Membership Secretary Chris Gibbs remains our appointed Data Protection Officer, he can be reached at lcrpclub@gmail.com or on 07762711005.

 

LCRPC GDPR Data Breach Procedure

The following is the procedure that we will follow relating to any potential breach under GDPR legislation.

Notify the Data Protection Officer of the suspected data breach

The Data Protection Officer will investigate the potential breach to establish if it is real

The impact to individuals and organisations will be assessed

Notify the Information Commissioners Office (ICO) within 72 hours with details of:

The nature of the personal data breach

The categories and approximate number of individuals concerned

The categories and approximate number of personal data records concerned

The name and contact details of the Data Protection Officer

A description of the likely consequences of the personal data breach

A description of the measures taken, or proposed to be taken, to deal with the personal data breach and, where appropriate, of the measures taken to mitigate any possible adverse effects

This is only necessary if the breach could result in:

Discrimination

Damage to reputation

Financial loss

Loss of confidentiality

Economic disadvantage

Social disadvantage

Notify any individuals concerned if there may be a risk to the rights and freedoms of those individuals

Resolve breach