This statement is effective as of 1st May 2018
Data Protection Statement
Sailing Club Software Ltd takes very seriously the
protection of the data entrusted to it, however it must be remembered that the
reason you give us your data is so that we can show it to people at your
request.
This Data Protection Statement sets out Sailing Club
Software Ltd.’s (“Our”/ “We”/ “Us”) data protection obligations and policies.
“You” or “Your” means the organisation and/or person who
registers and obtains access to Our Services.
“Our Services” is a collective designation for all
services (whether provided free of charge or against payment) to which you
obtain access via Our Web Sites. “Your Service” means an individual service
providing, among other things, storage space and processing for electronic information,
and communications services, provided to You by Us.
Your Data
On Your request, the following data may be collected,
stored, and processed by Us:
-
Names and contact details for Your organisation.
-
Usernames and passwords, set and used by You to access
Your Service.
-
Other data such as personal data in relation to members
of Your organisation as is provided by You in order for Us to provide Our
Services to You.
Physical Data Protection Measures
Your data is only stored electronically. All storage is on
state of the art password protected servers hosted by suppliers operating in
the EU with their own EU GDPR data protection compliance statements.
Your data is backed up at locations separate from the
storage servers using state of the art password protected back-up services from
suppliers operating in the EU with their own EU GDPR data protection compliance
statements.
State of the art password policies are used to protect Our
administrative access to Your data. Should a password be suspected to be compromised
in any way, it is reset using a secure method.
Passwords to access Your Service or data are not
available to IT staff at hosting and backup suppliers.
Where any of Your data is erased or otherwise disposed
of for any reason (including where copies have been made and are no longer
needed), a secure deletion method is used.
Where an employee, agent, sub-contractor, or other party
working on Our behalf requires access to any of Your data this can only be
authorised by one of Our directors.
Your data is handled with care at all times and is never
left unattended or on view to unauthorised employees, agents, sub-contractors
or other parties at any time.
Where data is being viewed on a computer which is to be
left unattended for any period of time, it is password locked either manually
or by ‘time-out’ functionality.
Data Protection Legislation
It is Your responsibility to determine whether there are
any implications under Your country's data protection legislation arising from
sharing data with Us and to decide on what if any action should be taken.
Where You are operating in the EU, or controlling data
about EU citizens, You have obligations under the EU GDPR from 25 May 2018. It
is assumed that following the planned departure of UK from EU equivalent data
protection regulations will continue to apply in UK.
Where the EU GDPR applies, We acknowledge that You are
the Data Controller and We are the Data Processor (where Data Controller and
Data Processor have the meanings as defined in the EU GDPR).
Where EU GDPR applies, We shall not transfer any of Your
data outside of the European Economic Area unless in response to a specific
request from You (normally by You downloading or viewing your data via Our
Services from a location outside EEA), or where Our data backup service uses
servers outside EEA in which case We shall use only data backup services
declaring compliance with the relevant requirements of EU GDPR.
Other than for the purposes of server hosting and
backups, or when required by relevant law, We shall not share your data with
any third parties.
We shall process data provided by You only as specified
by Your settings and controls described in Our Services documentation, except
where We are required to process Your data by relevant law, in which case We
shall promptly notify You unless the law prohibits us from so notifying.
Your Access to Your Data
As an integral part of Your Service:
-
You may view or download your data without any need to
contact Us.
-
You may rectify any errors in your data without any need
to contact Us.
-
You may delete your data without any need to contact Us.
-
You may stop Us processing your data by deleting your
data at any time.
In the event that You delete any or all of Your data, We
warrant that such data shall be securely erased from Our servers and
operational backups within a period of six weeks.
People Need to Know
An organisation which subscribes to Our Services should
tell its individual data subjects (e.g. club members) that it shares
information with Us for storage and processing. It may also wish to refer them
to Our Privacy Statement which sets out our commitment to protecting people's
privacy.
Where You are operating in the EU, or controlling data
about EU citizens, You are advised to understand Your obligations under the EU
GDPR from 25 May 2018.
Data Protection Options provided in Our Services
Our Services provide a wide range of detailed options
whereby the administrator and the individual are able to adjust the level of
privacy to suit their requirements. These options are fully described in the
documentation which is available within Our Services, including during free
trials.
Revisions
We reserve the right to change Our data protection
statement at any time. If We make changes We will indicate the statement's new
effective date at the top of this page. We encourage You to refer to this
statement on an ongoing basis so that You understand Our current data
protection policy.