Personal data is defined as – Any information relating to an identified or identifiable living person.
BASS processes personal data for the lawful purpose of the administration and legitimate interests of BASS. The means of collection, lawful basis of processing, use, disclosure, and retention periods for each purpose may differ.
When collecting and using personal data, our policy is to be transparent about why and how we process personal data. To find out more about our specific processing activities, please go to the relevant sections of this policy.
Our Processing Activities
In order to operate effectively and fulfil its legal obligations, BASS needs to collect, maintain and use certain personal information about current, past and prospective members and other individuals with whom it has dealings. All such personal information, whether held on computer, paper or other media, will be obtained, handled, processed, transported and stored lawfully and correctly, in accordance with the relevant legislation.
BASS will only use your personal data for our “Legitimate Interest” with the purposes of your involvement in Society activities.
Such data could include, but may not be limited to:
- Your Full Name and Full Address, including postcode
- Contact details provided by you, such as your email address and / or telephone number(s)
- Your age profile (under 16, over 16 but under 65, over 65)
How we use your personal data
The personal data of members will be shared within BASS by its administration team and Officers to meet current and future membership requirements. Your data will not be shared with any third party without your consent.
BASS will use personal data for the purpose of your involvement in the Society’s activities, including but not limited to:
- Your membership of BASS
- BASS magazine circulation list
- The BASS members’ forum
- The BASS members’ only website
- The BASS newsletter mailing list
- The Save Our Sea Bass (SOSB) mailing list
BASS does not sell or otherwise release personal data provided by you to any third parties.
Third party organisations that provide applications/functionality, data processing or IT services to us
We use third parties to support, run and manage our internal IT systems. For example, providers of information technology, cloud based software “as a service providers”, identity management, website hosting and management, data analysis, data back-up, security and storage services. The servers powering and facilitating that cloud infrastructure are located in secure data centres around the world, and personal data may be stored in any one of them.
Third party organisations that otherwise assist BASS with its Legitimate Interests
- Auditors and other professional advisers
- Law enforcement or other government and regulatory agencies or to other third parties as required by, and in accordance with, applicable law or regulation.
- Occasionally, we may receive requests from third parties with authority to obtain disclosure of personal data, such as to check that we are complying with applicable law and regulation, to investigate an alleged crime, to establish, exercise or defend legal rights. We will only fulfil requests for personal data where we are permitted to do so in accordance with applicable law or regulation.
Data controller and contact information
The data controller is The Bass Angling Sportfish Society with its registration address: 52 Central Way, Oxted, Surrey, RH8 0LZ
Or by mail to the Data Protection Manager at our registered address as above.
Visitors to our website
Collection of personal data
Visitors to our websites are generally in control of the personal data shared with us.
We receive personal data, such as name, title, email address, and telephone and fax numbers, from website visitors; for example, when an individual subscribes to updates & newsletters from us.
Visitors are also able to send an email to us through the website. Their messages will contain the user’s screen name and email address, as well as any additional information the user may wish to include in the message.
We ask that you do not provide sensitive information (such as race or ethnic origin; political opinions; religious or philosophical beliefs; trade union membership; physical or mental health; genetic data; biometric data; sexual life or sexual orientation; and, criminal records) to us when using our website.
Use of personal data
When a visitor provides personal data to us, we will use it for the purposes for which it was provided to us as stated at point of collection (or as obvious from the context of the collection).
Typically, personal data is collected to:
- register for certain areas of the site;
- subscribe to updates;
- enquire for further information;
- distribute requested reference materials;
- monitor and enforce compliance with our terms and conditions for use of our website;
- administer and manage our website, including confirming and authenticating identity and preventing unauthorised access to restricted areas, premium content or other services limited to registered users; and
- aggregate data for website analytics and improvements.
- Unless we are asked not to, we may also use your data to contact you with information about BASS’s events, and other information which may be of interest to you. Should visitors subsequently choose to unsubscribe from mailing lists or any registrations, we will provide instructions on the appropriate webpage, in our communication to the individual, or the individual may contact us by email to: firstname.lastname@example.org
- Our websites do not collect or compile personal data for the dissemination or sale to outside parties for consumer marketing purposes or host mailings on behalf of third parties. If there is an instance where such information may be shared with a party that is not part of BASS member, the visitor will be asked for their consent beforehand.
We retain the personal data processed by us for as long as is considered necessary for the purpose for which it was collected (including as required by applicable law or regulation).
In the absence of specific legal, regulatory or contractual requirements, our baseline retention period for records and other documentary evidence created in the provision of services is 6 years.
We take the security of all the data we hold very seriously. We have a framework of policies, procedures and training in place covering data protection, confidentiality and security and regularly review the appropriateness of the measures we have in place to keep the data we hold secure.
Individuals’ rights and how to exercise them
Individuals have certain rights over their personal data and data controllers are responsible for fulfilling these rights. Where we decide how and why personal data is processed, we are a data controller and include further information about the rights that individuals have and how to exercise them below.
- Access to personal data
You have a right of access to personal data held by us as a data controller. This right may be exercised by emailing us at: email@example.com We will aim to respond to any requests for information promptly, and in any event within the legally required time limits of 1 month.
- Amendment of personal data
To update personal data submitted to us, you may email us at: firstname.lastname@example.org or, where appropriate, contact us via the relevant website registration page or by amending the personal details held on relevant applications with which you registered.
When practically possible, once we are informed that any personal data processed by us is no longer accurate, we will make corrections (where appropriate) based on your updated information.
- Withdrawal of consent
Where we process personal data based on consent, individuals have a right to withdraw consent at any time. We do not generally process personal data based on consent (as we can usually rely on another legal basis). To withdraw consent to our processing of your personal data please email us at: email@example.com or, to stop receiving an email from a BASS marketing list, please click on the unsubscribe link in the relevant email received from us.
Other data subject rights
If you wish to exercise any of these rights, please send an email to: firstname.lastname@example.org
We hope that you won’t ever need to, but if you do want to complain about our use of personal data, please send an email with the details of your complaint to: email@example.com
We will look into and respond to any complaints we receive.
You also have the right to lodge a complaint with the Information Commissioner’s Office (“ICO”) (the UK data protection regulator) or supervisory body within your country of residents if you are within the European Union. For further information on your rights and how to complain to the ICO, please refer to the ICO website.