Royal Cork Yacht Club (RCYC), fully understands and commits to its responsibilities to appropriately protect the personal data it processes on behalf of its members, employees, partners and members of the general public where applicable. The purpose of this policy is to provide an understanding of:
• What information we collect;
• How we use that information;
• How this information is shared;
• Your rights; and
• Other useful privacy and security related matters which we feel will help you understand how we process your personal data.
Useful definitions regarding data privacy have been placed at the end of this Policy to provide additional assistance and understanding.
Royal Cork Yacht Club Contact Information
The lead Data Controller is the Royal Cork Yacht Club (Incorporating Royal Munster Yacht Club) with registered offices at Royal Cork Yacht Club, Crosshaven, Co. Cork, P43 HD40, Ireland. The Royal Cork Yacht Club (Incorporating Royal Munster Yacht Club) can be contacted on +353 (0)21 4831023 or email us at firstname.lastname@example.org
In becoming a member or renewing your membership of the Royal Cork Yacht Club, you automatically become a member of Irish Sailing, the national governing body for Sailing, Windsurfing & Powerboating in Ireland. Further information on how Irish Sailing as a joint Data Controllers processes your personal data as part of membership administration is available at https://www.sailing.ie/Privacy-Statement or by contacting email@example.com
A “Data Controller” is the natural or legal person, public authority, agency or any other body, which alone or jointly with others, determines the purposes and means of the processing of personal data.
Royal Cork Yacht Club Data Protection Officer
Due to the nature of the Club’s operations and the scope of the personal data processed, the RCYC is not required to appoint a Data Protection Officer. The RCYC has however put in place a data protection governance structure to ensure the data protection rights and freedoms of data subjects whose personal data it processes are protected. If you have any questions, comments, or complaints concerning our privacy practices please contact us at firstname.lastname@example.org for assistance.
The RCYC relies on several lawful basis to process personal data. Examples include;
|Processing Activity||Lawful Basis|
|Employee Management||Fulfilment of a contract|
|Membership Management||Fulfilment of a contract|
|Marina Management||Fulfilment of a contract|
|Club Communications||Legitimate Interest|
|Personal Data relating to Children (<16)||Parental/Guardian Consent|
Types of Personal Information we Collect
Personal information means any information relating to an identified or identifiable natural person (“Data Subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, on online identifier or to one or more factors specific to the physical, physiological, mental, economic, cultural or social identity of that natural person.
The following table provides examples of the types of personal information which the RCYC collects from you and how we use the information.
|Processing Activity||Types of Data and Purpose for Collection|
|Management of Employment||If you apply for a job posting, or become an employee, we collect personal information necessary to process your application as well as in the fulfilment of employee contracts. This may include for example your name, address, phone number, email, CV’s, references as well as relevant revenue/tax related personal information for payment purposes|
|We process your name, address, phone number, DOB club membership
number and other personal data relating to the management of Club memberships. Personal data processed for this purpose may also include personal data relating to children and vulnerable adults. As a Joint Data Controller, Royal Cork Yacht Club will share certain information about you with Irish Sailing, including your name and email
address, so they can include you on their monthly newsletter and validate discounted services you may wish to avail of (e.g. handicaps, sail numbers, ICCs, Commercial Endorsements, Certs of ID etc).
|Marina Management||We may process your personal information to manage our marina activities. This may include your name, address, email, Club
membership number, phone number, boat name as well as financial data. This relate to both Club members and visitors availing of marina services.
|We may process your personal data to provide you with information relating to Club activities by post, email and via the club notice boards. This may include your name, address, email, phone number and Club membership number. If you receive email from us, we may use certain tools to capture data related to when you open our message or click on any links or banners
it may contain. (e.g. MailChimp)
|Training Courses||We may process your personal data to promote and manage Club related training activities. This may include your name, address, email, phone number, age/DOB, financial data as well as other categories of
personal data as appropriate. Personal data processed for this purpose may also include personal data relating to children and vulnerable adults.
|Event Management||We process your personal data to effectively manage Club related events. This may include your name, address, email, phone number, boat name, sail number and financial data. Personal data processed for this purpose may also include personal data relating to children and vulnerable adults. Mailing List When you sign up for one of our mailing lists, we process your name, email address, postal address and phone number.|
|Official Club Social|
|We may process your personal data to provide social media services to
Club members, visitors and members of the general public. This may
include your name, image, boat name, sail number, email and phone number.
Personal data processed for this purpose may also include personal
data relating to children and vulnerable adults.
|Club Point of Sale|
|We may process your Club membership card number at our point of sale
facility. The data processed includes your name, membership card
number, locational data and behavioural data relating to your use of Club
facilities and preferred products.
|We process financial data when you make a purchase using the Club’s
credit/debit card facility
|Online Forms and|
|We collect information you submit to us on our websites or through
online forms and registrations to process your requests.
|Club Wi-Fi Services||When you use the official Club Wi-Fi services, we collect device details
relating to your personal devices as well as locational data. We also
assign you a unique online identifier during your online session. (IP
|CCTV||RCYC property is monitored by CCTV to support its legitimate interest to
appropriately protect its assets. Personal data collected for this purpose
is captured in and around the Club house area as well as on the Club
marina. Personal data collected include video imagery and location data. The RCYC processes imagery consistent with guidelines provided by the Irish
Data Protection Commission.
|We may collect your name, billing address, shipping address, e-mail
address, and phone number when you place an order with us.
|Web logs||We may collect information from you, including your browser type,
operating system, personal device MAC address, Internet Protocol (IP)
address (a number that is automatically assigned to your computer when
you use our Wi-Fi services), and/or a date/time stamp for your visit. Web
logs may be used for detecting cybersecurity threats.
In addition to the information that we collect from you directly, we may also receive information about you from other sources, including third parties, partners or from publicly available sources.
How We Use your Personal Data
In addition to the uses described above, we may also process your personal information for the following purposes;
- To ensure the safety and security of employees, members and visitors while on Club property.
- To improve and personalize your experience with us.
- To conduct analytics and solve problems.
- To respond to your inquiries related to support, employment, or other requests.
- In some instances, to provide you with advertisements.
- For internal administrative purposes, as well as to manage our relationship with you.
- To monitor for cybersecurity related events and investigate personal data breaches should they occur.
- To support investigations relating to fraudulent, illegal or inappropriate behaviour relating to members, staff or visitor activities on Club premises.
- To exercise our legitimate interest to appropriately secure RCYC facilities. Where we use legitimate interest as the legal basis for processing, we recognize data subjects always have a choice. We will keep you informed through a relevant privacy notice and facilitate your right to “opt-out”.
How we Share your Personal Data
The RCYC will never sell your personal data. We only share your personal data with joint Data Controllers and approved third party processors for the purposes outlined in this policy. This may include, but is not limited to, Irish Sailing, website hosting providers, our website developers, email service providers, WhatsApp, Facebook and security companies in the management of our cybersecurity, access control and CCTV systems.
The RCYC also shares personal data with law enforcement to comply with legal obligations to do so when officially requested to support criminal investigations.
How we Protect your Personal Information
No method of transmission over the Internet, or method of electronic storage, is fully secure. The RCYC implements appropriate technical and organizational security controls to protect your personal information from unauthorized access, use, or disclosure. This includes for example the use of encryption and limiting who can access personal data processed by the Club. While the RCYC is committed to protecting your personal data, due to the public nature of the Internet the security of your personal data cannot be guaranteed. In the event we are required by law to inform you of a breach relating to your personal data we may notify you electronically, in writing, or by telephone in line with our GDPR obligations.
Retention of Your Personal Data
The RCYC retains your personal data for as long as it is required to meet the purpose for which it was collected. Personal data retained by the RCYC will be reviewed periodically to ensure a legal basis for processing remains. Any data required to be deleted will be done so in a secure manner.
Your Rights and Choices
Under the General Data Protection Regulation, (GDPR), Club members, Club employees and members of the general public where applicable, have a number of rights which are detailed
- Access to personal data: Members, employees, visitors and where applicable members of the general public, have the right to request a copy of the personal information which the RCYC processes on their behalf. Should you wish to make such a request, please contact email@example.com. You should include adequate information to identify yourself and such other relevant information that will reasonably assist the RCYC in fulfilling your request.
- Correction of personal data: Members, employees, visitors and where applicable members of the general public may request that the RCYC rectify and correct any personal data that they believe is incorrect.
- Right of erasure: Members, employees, visitors and where applicable members of the general public may request that the RCYC erase personal data where there is no compelling reason to continue processing such data. This right only applies in certain circumstances; it is not a guaranteed or absolute right.
- Right to data portability: This right allows members, employees and visitors to obtain personal data provided to the RCYC with their consent in a format which enables them to transfer that personal data to another organization.
- Right to restrict processing of personal data: Members, employees, visitors and where applicable members of the general public, have the right in certain circumstances to request that the RCYC suspend processing their personal data. While such a request is being explored, the RCYC is permitted to continue storing personal data until the matter is resolved.
- Right to object to processing of personal data: Members, employees, visitors and where applicable members of the general public, have the right to object to the RCYC’s use of personal data. The RCYC may continue to process personal data despite such objections, if there are compelling legitimate grounds to do so or the RCYC needs to process personal data in connection with any legal requirements/obligations.
- Right to withdraw consent: Where the RCYC relies on an individual’s consent to process his or her personal data, individuals have the right to withdraw that consent. Should you wish to exercise any of your data protection rights, please contact firstname.lastname@example.org for further information and support.
|Version||Revised By||Revision Date||Approved By||Approval Date||Comments|
|1||Admiral||20 July 2020||Initial Policy|
The following additional information may further assist you understand our data priccy and security practices;
- Special Protection of personal data relating to Children and vulnerable adults: The RCYC understands the speci al protections afforded to the personal data of both groups and is committed to the protection of any such data it processes on behalf of individuals.
- Digital Age of Consent: Our websites and other official social computer services, e.g. WhatsApp, Facebook etc, are not intended for use by individuals under 16 years of age. To avail of such services, the explicit consent of parents or guardians is required.
- Third Party Applications/Websites: We have no control over the privacy practices of websites or applications that we do not own.
- Complaints to our Supervisory Authority: Should you wish to report a concern in relation to how the RCYC processes your personal data, you have a right to take your complaint to the Irish Data Protection Commission. See https://forms.dataprotection.ie/contact
The following definitions of terms used in this notice are provided to ensure clarity to the reader:
- What is “Personal Data”- Personal data is any information relating to an identified or identifiable natural person (‘data subject’). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person Regulation. Examples of personal data include:
- Date of Birth
- Phone number
- Email address
- IP Address*
- Employee number
- Social number
*under certain circumstances
- A “Personal data breach” is a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data transmitted, stored or otherwise processed. This includes breaches that are the result of both accidental and deliberate actions.
- The “Data Controller” is the natural or legal person, public authority, agency or any other body, which alone or jointly with others, determines the purposes and means of the processing of personal data.
- The “Processor” is a natural or legal person, public authority, agency or any other body which processes personal data on behalf of a Data Controller.
- “Processing” is defined as any operation or set of operations which is performed on personal data or on sets of personal data, whether by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
- “Supervisory Authority” – is the independent public authority with responsibility for monitoring the application of the GDPR, in order to protect the fundamental rights and freedoms of the natural persons in relation to processing and to facilitate the free flow of personal data within the European Union. The supervisory authority for The Royal Cork Yacht Club is the Irish Data Protection Commission.
- “Encryption” is a technical security control which converts data into unintelligible code to prevent unauthorized access. Data can only be decrypted using a known decryption key.