GDPR

For once we have to be serious...

The type of personal information we collect

We currently collect and process the following information:

  • Personal identifiers and contacts i.e. email address. If you have opted to use 2FA (recommended) then we will also collect your phone number.
  • We also log your IP address and access times.

How we get the personal information and why we have it

Most of the personal information we process is provided to us directly by you for one of the following reasons:

  • Manage user accounts on the website.
  • Keep some group information private to regular members / riders.

We only share this information with other organisations, who provide essential services, necessary to run the site. Currently we use:

  • Gmail, part of Google, sends email verification messages, password recovery emails and notification emails on our behalf.
  • Twilio sends SMS texts on our behalf, which are required for Two Factor Authentication.
  • Gravatar who provide avatars. We pass them email addresses and they return an avatar based on that email.

Under the UK General Data Protection Regulation (UK GDPR), the lawful bases we rely on for processing this information are:

  • Your consent. You are able to remove your consent at any time.

How we store your personal information

Your personal information is stored on a server in the Google Cloud. Access to personal information stored on the server is restricted to ELSR's Sysadmin and a small group of ELSR members who act as web admins, moderating the website. Server backups are automated by Google and stored by Google in encrypted form. Any local copies of personal data e.g. for development or diagnostic purposes (eg log files) and stored on a password protected, encrypted PC.

Any diagnostic logfiles will be securely deleted once they have served their purpose. Any user accounts inactive for two years or more will be deleted from the server, after making an attempt to contact the user by email to offer them a chance to retain their account before deletion.

Your data protection rights

Under data protection law, you have rights including:

  • Your right of access - You have the right to ask us for copies of your personal information. NB You can find everything on your user page.
  • Your right to rectification - You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
  • Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances. NB You can delete your user account from your user page.
  • Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal information in certain circumstances.
  • Your right to object to processing - You have the the right to object to the processing of your personal information in certain circumstances.
  • Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.

Please contact us using our Contact Form, if you wish to make a request.

How to complain

If you have any concerns about our use of your personal information, you can make a complaint to us using our: Contact Form.

You can also complain to the ICO if you are unhappy with how we have used your data.

The ICO’s address:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk