We care about the wellbeing and security of our owner members, and have no interest in making other use of this data or seeking in any way to exploit it. We monitor our systems carefully to ensure that we remain in absolute compliance with the Data Protection Act of 1988.
Protection Operational Guidelines
The Eight Operational Principals of the Data Protection Act specify that personal data must be:
1. Processed fairly and lawfully.
2. Obtained for specified and lawful purposes.
3. Adequate, relevant and not excessive.
4. Accurate and up to date.
5. Not kept any longer than necessary.
6. Processed in accordance with the “data subject’s” (the individual’s) rights.
7. Securely kept.
8. Not transferred to any other country without adequate protection in situ.
The XJS Club will only collect and retain that information that it needs to carry out is its legitimate activities and will hold that information confidentially.
The XJS Club does not obtain or hold “sensitive data”. We have no need to hold any more information than that which is represented on your application form when you first join the Club. The XJS Club does not obtain, receive, keep or pass on any data regarding bank accounts or any personal financial details of any of our owner members. The XJS Club does not sell, pass on or distribute any email addresses supplied by the Owner Member and this data is for the sole use within the XJS Club. This includes allowing our Committee Members access to the data for their official purposes and they are then bound by the principles of the Act.
No Member Data is ever sold or passed on to a third party.
The XJS Club will NEVER send you an invoice for any purpose nor request any further subscription payments after your first joining fee has been paid.
We aim to make all of our email correspondence informative, entertaining, or ideally both, and welcome any feedback on it, positive and negative alike. We won’t share your email address with anyone else, and will make it quick and easy to opt out of our Magazine and/or other messages simply by notifying us. We will endeavour to ensure your request is complied with as soon as possible and within the prescribed time allowed.
Copies of information held
Any Owner Member has the right to ask to see copies of the information that the XJS Club holds on them and the Club will comply with this information within prescribed timescales without charge. All requests for this information must be made by email quoting GDPR information request in the title and your Club membership number MUST be quoted in full. Your email address must also match the one we hold on file. The XJS Club reserves the right under the relevant Data Protection Acts to refuse to show this information if the request is not correct in it's format.
How do we store your data?
All of the personal data we process is processed by our staff in the UK.
Electronic data and databases are stored on secure computer systems and we control who has access to information (using both physical and electronic means). Our staff receive data protection training and we have a set of detailed data protection procedures which personnel are required to follow when handling personal data.
2. Payment security
All electronic XJS Club forms that request financial data will use the Secure Sockets Layer (SSL) protocol to encrypt the data between your browser and our servers.
The XJS Club uses Paypal as its principal method of monetary collection. We do not see any of your banking or card details during any monetary collection and cannot be held responsible for websites or companies that are outside of our control. We use Paypal because we have found it to be the most secure method of collection whereby your banking details are not passed on to us and we do not collect any data from your transactions with us.
The XJS Club complies with the payment card industry data security standard (PCI-DSS) published by the PCI Security Standards Council, and will never store card details.
Of course, we cannot guarantee the security of your home computer or the internet, and any online communications (e.g. information provided by email or our website) are at the user’s own risk.
3. Data retention policy
We will only use and store information for as long as it required for the purposes it was collected for. We continually review what information we hold, and delete what is no longer required.
We respect your right to control your data. Your rights include:
1. The right to be informed
This privacy notice outlines how we capture, store and use your data. If you have any questions about any elements of this policy, please contact us.
2. The right of access
If you wish to obtain a record of the personal data we hold about you, through a Subject Access Request, we will respond within one month.
3. The right to rectification
If we have captured information about you that is inaccurate or incomplete, we will update it.
4. The right to erase
You can ask us to remove or randomise your personal details from our records.
5. The right to restrict processing
You can ask us to stop using your personal data.
6. The right to data portability
You can ask to obtain your personal data from us for your own purposes.
7. The right to object
You can ask to be excluded from marketing activity.
For more information on your individual rights, please see the Information Commissioner’s Office website.
Leaving our website
We are not responsible for the privacy practices or the content of any other websites linked to our website. If you have followed a link from this website to another website you may be supplying information to a third party.