SailEvent Data Protection Statement

Effective date 02 March 2019

Sailing Club Software Ltd takes very seriously the protection of the data entrusted to it, however it must be remembered that the reason you give us your data is so that we can show it to people at your request.

This Data Protection Statement sets out Sailing Club Software Ltd.’s (“Our”/ “We”/ “Us”) data protection obligations and policies.

“You” or “Your” means the organisation and/or person who registers and obtains access to Our Services.

“Our Services” is a collective designation for all services (whether provided free of charge or against payment) to which you obtain access via Our Web Sites. “Your Service” means an individual service providing, among other things, storage space and processing for electronic information, and communications services, provided to You by Us.

Your Data

On Your request, the following data may be collected, stored, and processed by Us:

  • Names and contact details for Your organisation.
  • Usernames and passwords, set and used by You to access Your Service.
  • Other data such as personal data in relation to competitors in events run by Your organisation as is provided by You in order for Us to provide Our Services to You.

 

Physical Data Protection Measures

Your data is only stored electronically. All storage is on state of the art password protected servers hosted by suppliers operating in the EU with their own EU GDPR data protection compliance statements.

Your data is backed up at locations separate from the storage servers using state of the art password protected back-up services from suppliers operating in the EU with their own EU GDPR data protection compliance statements.

State of the art password policies are used to protect Our administrative access to Your data. Should a password be suspected to be compromised in any way, it is reset using a secure method. 

Passwords to access Your Service or data are not available to IT staff at hosting and backup suppliers.

Where any of Your data is erased or otherwise disposed of for any reason (including where copies have been made and are no longer needed), a secure deletion method is used.

Where an employee, agent, sub-contractor, or other party working on Our behalf requires access to any of Your data this can only be authorised by one of Our directors.

Your data is handled with care at all times and is never left unattended or on view to unauthorised employees, agents, sub-contractors or other parties at any time.

Where data is being viewed on a computer which is to be left unattended for any period of time, it is password locked either manually or by ‘time-out’ functionality.

Data Protection Legislation

It is Your responsibility to determine whether there are any implications under Your country's data protection legislation arising from sharing data with Us and to decide on what if any action should be taken.

Where the EU GDPR applies, We acknowledge that You are the Data Controller and We are the Data Processor (where Data Controller and Data Processor have the meanings as defined in the EU GDPR).

Where EU GDPR applies, We shall not transfer any of Your data outside of the European Economic Area unless in response to a specific request from You (normally by You downloading or viewing your data via Our Services from a location outside EEA), or where Our data backup service uses servers outside EEA in which case We shall use only data backup services declaring compliance with the relevant requirements of EU GDPR.

Other than for the purposes of server hosting and backups, or when required by relevant law, We shall not share your data with any third parties.

We shall process data provided by You only as specified by Your settings and controls described in Our Services documentation, except where We are required to process Your data by relevant law, in which case We shall promptly notify You unless the law prohibits us from so notifying.

Your Access to Your Data

As an integral part of Your Service:

  • You may view or download your data without any need to contact Us.
  • You may rectify any errors in your data without any need to contact Us.
  • You may delete your data without any need to contact Us.
  • You may stop Us processing your data by deleting your data at any time.

In the event that You delete any or all of Your data, We warrant that such data shall be securely erased from Our servers and operational backups within a period of six weeks.

People Need to Know

An organisation which subscribes to Our Services should tell its individual data subjects (e.g. competition entrants) that it shares information with Us for storage and processing, including optionally the recording of their GPS position.  It may also wish to refer them to Our Privacy Policy which sets out our commitment to protecting people's privacy.

Where You are operating in the EU, or controlling data about EU citizens, You are advised to understand Your obligations under the EU GDPR.

Revisions

We reserve the right to change Our data protection statement at any time. If We make changes We will indicate the statement's new effective date at the top of this page. We encourage You to refer to this statement on an ongoing basis so that You understand Our current data protection policy.