BRMC

BMMC Privacy Notice

British Motorsports Marshals’ Club Ltd (BMMC) Privacy Notice

BMMC respects your privacy and we will only use your information in the way we describe in this notice. This notice aims to give you information on how BMMC collects and processes your personal data. When using your information we aim to be fair and transparent, and follow our obligations under UK data protection laws. Your information is used for administering BMMC membership, activities, event volunteering and information communication in line with your expectations.

BMMC is the Data Controller for the purposes of General Data Protection Regulations and the Data Protection Act 2018. Our Registered Office address is Alpha House, 4 Greek Street, Stockport, SK3 8AB. BMMC is not required to appoint a designated Data Protection Officer under the General Data Protection Regulation. However, the individuals responsible for privacy and data at BMMC are –

If you have any questions about this privacy notice, including any requests to exercise your legal rights as set out below, please contact any of the above named individuals using their displayed contact details.

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us. This can be done by writing to us, e-mailing any of the individuals referred to above or by logging into the membership section of our website and updating your own details.

The EU General Data Protection Regulation 2018.

The guiding principles of GDPR that BMMC follow are that personal data must be –

  1. Used lawfully, fairly and in a transparent way.
  2. Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
  3. Relevant to the purposes we have told you about and limited only to those purposes.
  4. Accurate and up to date.
  5. Kept as long as necessary for the purposes we have told you about.
  6. Kept securely.

Collecting your information:

We collect your information when you –

  • Complete a membership application form or renewal form.
  • Complete a Direct Debit form.
  • Complete a Personal Record Card for grading purposes.
  • When you provide details for a BMMC regalia order.
  • Update your own details on our database.
  • Contact us with any queries.
  • You use our website.
  • Take part in any BMMC organised activity.

The information you give us may include your contact details (name, address, telephone number, email address), personal information and identifiers (date of birth, membership number, MSA licence number), and other information such as next of kin details (for emergency use if required in your vital interests).

When you use our website we collect technical data and usage data which may include internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access BMMC’s website together with usage data including information about how you use BMMC’s website.

When you give us information about another person, such as a child, parent, guardian or emergency contact you should let that person know that you have given us the information. If you are under 18 years old, we will also ask for information from your parent or guardian.

Using your information:

We have set out below a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate. Please note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.

  1. Membership Data – Lawful basis “performance of a contract with you”.

As part of membership of BMMC you will be required to complete a paper BMMC Membership Application form containing essential personal data and certain declarations.

The application form is a contractual agreement between you and BMMC and is retained as a permanent record for your period of membership. Information is input into the BMMC Membership Database as an expedient form of reference for both BMMC officials and you as a member. You will be able to view and amend your own data using your personal access passwords.

Where we collect “next of kin” details, these are processed for your “vital interests” in case of an emergency.

  1. Membership Volunteering System – Lawful basis “consent” and “performance of a contract with you”.

BMMC provides a service to members allowing them to register as a volunteer for any listed motor sports event in UK using the BMMC’s web-based system or a paper based secondary option. This also extends to “Donington Emergency Services Team” operating as part of BMMC. This data is processed on both a “performance of a contract with you” and “consent” basis. When you express an interest in volunteering at a particular event as a Marshall, your data is transferred to other MSA registered clubs and/or their appointed officials who then become Data Controllers in their own right.

This is so that those MSA registered clubs and/or their appointed officials may contact you to make the necessary arrangements to marshal at events. Members will always have the option to opt out by simply not using this process.

  1. Membership Payments – Lawful basis “contractual necessity”.

All BMMC members, except Honorary and Life categories, are required to make annual subscription payments forming part of the membership contractual agreement.

If payment is made by Direct Debit, BMMC’s preferred method, you must complete a paper form in standard BACS prescribed format. The form is held as a permanent contractual record unless cancelled by you.

If payment is made by debit/credit card, payments are processed by a Barclaycard secure system available via BMMC website. The system does not retain identifiable card numbers.

If payment is made by BACS, members initiate payment using their own bank’s processing system and no details are transferred to BMMC.

  1. Membership Communications – Lawful basis “legitimate interest” and “contractual necessity”.

When managing our relationship with you, BMMC’s primary form of communication is email with a post option available only to a small number of members without an email address. It is considered that “legitimate interest” provides BMMC with essential flexibility to determine the need to inform members on various matters appropriate to their membership, BMMC and the sport. BMMC does not consider this compromises your interests, rights or freedoms.

BMMC uses an email distribution processor known as “Mailchimp”, a US domiciled company and as such data is transferred outside EU borders. GDPR sets a legal ground for such transfer of data providing that an adequate level of protection exists for the personal data in the country, territory, or organization where it is being transferred. Mailchimp participates in and has certified its compliance to the Privacy Shield framework that is deemed to meet “general adequacy” obligations.  The only data transferred is member’s name and email address. Mailchimp’s privacy policy can be found here: https://mailchimp.com/legal/privacy/

It is BMMC policy that member details are not provided to any external organisation unless specifically in line with the expectations of members, whether individually or collectively and in any case never for the purposes of marketing third party services and products.

  1. Grading Processing – Lawful basis “contractual necessity”.

The MSA has a grading system that reflects the status and experience of members wishing to progress, albeit not obligatory. Members wishing to upgrade must keep paper records documenting their experience and submit these through Regional and National Grading Officers for checking, BMMC endorsement and forwarding to MSA to determine. As such BMMC is performing a contractual obligation to members and MSA is also a Data Controller that holds the submitted paper records.

Grading information is recorded on the BMMC Membership database however, it is also required that email communications with members and/or MSA are retained as permanent records even beyond cessation of membership. BMMC does not retain any paper records for this activity.

  1. Regalia Payment Processing – Lawful basis “contractual necessity” and “legal obligation”.

There are two processes to record –

  1. Members occasionally arrange regalia purchases through Regalia Officers, National & Regional and certain payment options inevitably entail bank account details being provided to process payments. None of the options involve any permanent recording or storing of such data.
  2. Members may be eligible to claim a BMMC subsidy on the purchase of sponsored overalls and clothing from approved suppliers. To claim a refund members must supply a copy of the purchase invoice and their bank account details for receipt of reimbursement. These claims are processed by the National Regalia Officer, who merely records the claim, and BMMC’s Bookkeeper who effects payment. Although the claim documents are retained for statutory accounting purposes (a “legal obligation”) for a period of 7 years, however, all bank account details are redacted once the claim has been successfully processed.

 

  1. Expense Reimbursement Processing – Lawful basis “contract” and “legal obligation”.

Members may be entitled to reclaim certain expenses incurred whilst conducting BMMC business. A BMMC Expense Claim form is completed and submitted to our Bookkeeper with invoices/receipts as appropriate. The claim form includes bank account details for reimbursement and once processed these details are redacted as the forms are retained for statutory accounting periods (a “legal obligation”) for a period of 7 years.

  1. BMMC Organised Sprint Events – Lawful basis “contract”.

From time to time, the BMMC Competitions Secretary organises sprint events that are licenced by MSA. Entrants and drivers are required to complete an entry form providing personal data and make payment by cheque. The entry form is deemed to establish a contract between the entrant/driver and BMMC.

All drivers and officials attending any event are required to sign a standard worded MSA Indemnity Declaration form.

All such paper documentation is retained by the BMMC Competitions Secretary for a period of time as prescribed by the MSA or legal retention timescales up to a maximum period of 7 years.

  1. BMMC Recruitment – Lawful basis “consent” and “legitimate interests”.

BMMC undertakes new membership recruitment, notably at motor sport events that attract like-minded persons. We offer members of the public the opportunity to first apply for a “Marshal Taster Day” at motor sport venues around UK.

BMMC collects personal data using tablet devices with bespoke software that requires all applicants to provide specific consent to BMMC holding and sharing data within BMMC to facilitate the booking of a “Marshal Taster Day” and follow-up communications promoting membership of BMMC, although applicants have a choice on whether they want to receive such follow-up communications and are informed that if they do, they will have the option to opt-out of receiving such communications at any point. The data collected on tablets is downloaded automatically to the BMMC National Recruitment Officers to process in accordance with the intended purpose. All stored data is deleted 12 months after the end of the calendar year in which it was collected.

At certain events BMMC undertakes recruitment in conjunction with MSA using tablet devices provided by MSA again with bespoke software that requires all applicants to positively consent to BMMC collecting data for use as described above but also, subject always to the applicants express consent, to share with MSA and a small number of MSA recognised clubs that may be better able to offer the “Marshal Taster Day” experience. BMMC National Recruitment Officer holds all data in Excel document form and where appropriate emails specific names/details to other clubs that are able to satisfy BMMC on their GDPR compliance. All data stored by is deleted 12 months after the end of the calendar year in which it was collected.

  1. BMMC Insurance – Lawful basis “contractual necessity”
  • Any claims initiated by BMMC members or members of the public under BMMC policies will entail the completion of insurance claim forms containing personal data and these will be passed to BMMC appointed Insurance Brokers and Insurance Companies/Underwriters for processing. This is a contractual requirement of the Brokers and Insurance Companies/Underwriters who themselves will process claims as Data Controllers.
  • BMMC offers registered members Emergency Medical Repatriation insurance when officiating at properly organised motor sport events outside mainland United Kingdom. To effect cover members pay a nominal premium and BMMC is required to provide personal details (name, home address & email) to Insurance Brokers who will issue an insurance certificate of cover. Provision of such personal information is a contractual necessity.
  1. General Communications – Lawful basis “legitimate interest” and “contractual necessity”

From time to time individual BMMC Officials receive communications from members and non-members, mainly by email and occasionally by post. These communications could cover any issue, most commonly membership or BMMC activities, and would not normally provide any personal data other than name and basic contact details for a reply.

Change of purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

Sharing your information:

We may share your information with MSA, as required by its General Regulations for governing motor sport and for grading, other MSA registered clubs, our insurance Companies/Underwriters or Brokers, or any organisation if we have to comply with a legal obligation.

When you use the volunteering system we will pass your information to Chief Marshals or representatives of the organising clubs for those events you have selected for the provision of tickets and essential event information. The information we provide may include emergency contact and next of kin details that will be used only in the event of an emergency. You should let the contact and next of kin know that you have given this information to us.

BMMC uses an email distribution processor known as “Mailchimp”, a US domiciled company and as such data is transferred outside EU borders. GDPR sets a legal ground for such transfer of data providing that an adequate level of protection exists for the personal data in the country, territory, or organization where it is being transferred. Mailchimp participates in and has certified its compliance to the Privacy Shield framework that is deemed to meet “general adequacy” obligations.  The only data transferred is member’s name, email address and BMMC region. Mailchimp’s privacy policy can be found here https://mailchimp.com/legal/privacy/

Specifically, we will not share your information with any person or organisation for the purposes of marketing their services or products.

Our website:

When you use the BMMC website we may collect information about you, in particular your IP (internet protocol) address, by using cookies. We use this information to improve your web experience. Cookies help us to recognise you when you return to the website, and they may also help you login securely to our web-based services. A copy of our Cookies Policy is available at www.marshals.co.uk. If you do not wish to have cookies placed on your computer you can disable cookies within your Internet browser. Turning them off, however, might mean that you will not be able to enjoy the BMMC website to its fullest.

BMMC website might contain links to other websites such as online volunteering and payment sites and our partners and sponsors. If you follow links to other websites please review the privacy policy for each site because we are not responsible for information you share on those sites.

Security for your information:

Your information is held securely by us. We have taken all reasonable steps, and have in place appropriate security measures, to protect your information.

The BMMC website (www.marshals.co.uk) has security measures in place to protect against loss, misuse and alteration of your personal information under the BMMC’s control. However, no data transmission over the Internet can be guaranteed to be 100% secure and, whilst the BMMC strives to protect your personal information, it cannot guarantee the security of any information you transmit, and you do so at your own risk. Once the BMMC receives the transmission, it will use its best efforts to ensure the security of the system.

Security access to the BMMC website (www.marshals.co.uk), the hosting server, membership database, volunteering database and other related systems are managed by the appointed BMMC IT Officer. All access, usernames and passwords are reviewed on a regular basis. Access is only provided to these systems to BMMC officers or third-party officers who have an appropriate interest in the data and where it offers an operational benefit to members of the BMMC.

The BMMC does not knowingly transmit data outside the EEA for any purpose and does not intend to do so. However, where the BMMC uses strategic partners to fulfil services on its behalf, it will be necessary to transfer relevant information to the partners for solely this purpose and, if those partners operate in countries outside the EEA, this may mean that data are transmitted outside the EEA. Any such transfer will be conditional on the partner explicitly agreeing to abide by the requirements of the Data Protection Act 2018 and the General Data Protection Regulations 2018.

BMMC membership data is shared with MailChimp for the sole purpose of email communication to BMMC members. Only personal data is shared and this is minimal; consisting of name, email address, BMMC region and marketing preferences. The data is synchronised regularly from the BMMC membership database to ensure consistency and correctness.

Your rights:

You have the right to:

Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data BMMC holds about you and to check that we are lawfully processing it.

Request correction of the personal data that BMMC holds about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though BMMC may need to verify the accuracy of the new data you provide to us.

Request erasure of your personal data. This enables you to ask BMMC to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask BMMC to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that BMMC may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.

Object to processing of your personal data where BMMC are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where BMMC are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that BMMC has compelling legitimate grounds to process your information which override your rights and freedoms.

Request restriction of processing of your personal data. This enables you to ask BMMC to suspend the processing of your personal data in the following scenarios: (a) if you want BMMC to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to BMMC’s use of your data but we need to verify whether we have overriding legitimate grounds to use it,

Request the transfer of your personal data to you or to a third party. BMMC will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.

Withdraw consent at any time where BMMC are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, BMMC may not be able to provide certain products or services to you. BMMC will advise you if this is the case at the time you withdraw your consent.

If you wish to exercise any of the rights set out above, please contact us.

This Privacy Notice was updated to be effective 25 May 2018 and we will communicate any changes to you.