This statement explains how the Cambridge University Hillwalking Club (“we” and “our”) handles and uses the personal data we collect about our past, current and future members (“you” and “your”). Developing a better understanding of our members allows us to keep in touch with you, in order to keep you apprised of our activities and developments, to provide services to you, and to identify ways in which you can support us.
We are committed to protecting your personal information and being transparent about what information we hold.
Personal data that we hold
We may hold information relating to you from a number of sources. A significant proportion of the information we hold is that which you provide to us (for example, you may give us information by filling in forms on our website, or by corresponding with us by telephone, email or otherwise).
Most records contain:
- unique personal identifiers and biographical information (e.g. your name, student number, date of birth)
- details of your education (e.g. your University, your college, the courses you have completed, dates of study)
- your contact details (e.g. email, address and phone number)
- your emergency contact details
- details of your interactions with us, including:
- your membership with us
- your attendance on our trips and other events
- personal data relating to your health (e.g. medical conditions or medication, allergies, disabilities and dietary preferences for event safety and management purposes)
- your communication preferences, to help us provide tailored and relevant communications
In addition, we hold information about how you access and use our website for security and administrative reasons. This is limited to:
- The IP address of the device you used to access the website
- Information about the browser you used to access the website (“User agent”)
How we use your data
Your data is used by us for a number of interdependent purposes. These include:
- Maintaining your personal details (e.g. your name, email, membership number and preferred contact details), including ensuring effective communications with you
- Keeping financial records (e.g. payment of your membership fees)
- Maintaining a formal record of your activities with us
- Undertaking research into our activities
- Managing complaints made to us
- Providing services (e.g running trips and events)
- Keeping you updated with our activities
- Internal record keeping and administrative purposes, including the management of any feedback or complaints
Communications to you may be sent by post, telephone or electronic means (principally by email), depending on the contact details we hold, the consent that you have provided, and the preferences expressed by you about the types of communications you wish to receive.
If you have concerns or queries about any of these purposes, or how we communicate with you, please contact us using the details listed below.
We will always respect a request by you to stop processing your personal data, and in addition your statutory rights are set out below.
When we share your data with others (our partners)
We share the above categories of data with the University and the Colleges to provide you with a coordinated approach and for specific purposes, such as for registration as a University Sports Club, for supporter relations, or to comply with University safety policies. Any transmission of data to or from the University and Colleges is managed through agreed processes which comply with relevant data protection legislation. The University and each College has its own data protection statement and procedures.
We share some of your personal information with the British Mountaineering Council (BMC) for the purposes of managing your BMC membership and insurance.
We share some of your personal information with the providers of any training courses you are taking part in for the purposes of course management and safety.
We may share your personal information with certain organisations overseas as part of arrangements related to your membership of the club. In such cases, we will ask for your explicit consent prior to transmitting this information.
We use University IT facilities, Google Drive and external UK/EU-based IT facilities to store and host electronic copies of personal information and the website.
How we protect your data
We ensure we have appropriate data sharing arrangements in place before sharing your personal data.
We do not sell your personal data to third parties under any circumstances.
We also facilitate communication between individual members, but in doing so we do not release personal contact details without prior permission.
Any transfers of your data overseas (outside of the European Economic Area), as set out above, are protected either by an 'adequacy decision' by the European Commission (declaring the recipient country as a 'safe' territory for personal data) or by standard contractual clauses adopted by the European Commission (which give obligations for the recipient to safeguard the data). Further information about the measures we use to protect data when being transferred internationally is available from us (via the contact details are set out below).
Your rights
You have the right to:
- ask us for access to, or rectification or erasure of your data
- restrict processing (pending correction or deletion)
- object to communications or direct marketing
- ask for the transfer of your data electronically to a third party (data portability)
You have the right to lodge a complaint with the Information Commissioner’s Office at https://ico.org.uk/concerns/
Further information
The legal basis for processing your personal data for the interdependent purposes set out above is that it is necessary for the pursuit of our legitimate interests, in order for the society to run effectively and efficiently. We always handle your personal data securely and minimise its use, and there is no overriding prejudice to you by using your personal information for these purposes. In addition, there is no statutory or contractual requirement for you to provide us with any personal data.
The controller for your personal data is the Cambridge University Hillwalking Club, and we can be contacted via our website.
Please contact us if you have any concerns or questions about the above information or you wish to ask us not to process your personal data for particular purposes. Where you have specific requests relating to how we manage your data, we will endeavour to resolve these, but please note that there may be circumstances where we cannot comply with specific requests.
We will retain your data indefinitely in support of your lifelong relationship with us or until you request us to do otherwise. We will publish any changes we make to this data protection statement and notify you by other communication channels where appropriate.
Where you exercise your right to erasure, we will continue to maintain a core set of personal data (name, membership details, unique identification number and date of birth) to ensure we do not contact you inadvertently in future.
Last Updated 2023-09-13