Data Protection

General Data Protection Regulations 

From 25 May 2018 the UK's existing data protection laws will be replaced by the EU's General Data Protection Regulations. The new law aims to give EU citizens more control over how their personal data is used, especially online. All organisations who collect, store, share or use individuals' personal data, will need to comply with new regulations or face penalties, including hefty fines. This includes clubs. The key principles to bear in mind are:

Edinburgh Ski Touring Club Privacy Notice: May 2018

The ESTC is a ‘controller’ of the personal information that you provide to us and this privacy notice sets out how, why and for how long we will use your personal data, as well as who it is shared with.

It also explains your legal rights as a ‘data subject’ and how to exercise them. 

​What we need from you

When you register as a member of ESTC or renew your membership, we will ask you for some or all of the following personal information:

If you do not provide us with all of the personal information that we need this may affect our ability to offer you our membership services and benefits. 

Why we need your personal information – contractual purposes

We need to collect members’ personal information so that we can manage your relationship with us. We may use our members’ personal information to: 

Why we need your personal information – legitimate purposes

We also process our members’ personal information in pursuit of our legitimate interests to:

Other uses of your personal information

We may ask you if we can process your personal information for other purposes. 

At present the only other purpose is to allow you to see the contact details of other members. This information is only available to members, who have to sign in to the members’ area of the membermojo website. When you join or renew you are asked if you want to share your details: if you don’t agree to your details being shared, you do not appear on the list other members can see. 

If we ever propose to use your information for any other purposes we will provide an additional privacy notice explaining what and how.

Who we share your personal information with 

When we register your membership with Mountaineering Scotland we pass on your personal information and they become a ‘controller’ of it. Mountaineering Scotland provides full details of how it uses your personal data in its own privacy notice (here) and will not use it for any other purpose.

We may be required to share personal information with statutory or regulatory authorities (eg the Health & Safety Executive) to comply with statutory obligations. We may also share personal information with professional and legal advisors for the purpose of obtaining advice.

Third party suppliers with access to members’ personal data

The ESTC uses membermojo to process membership and to provide email forwarding services. They may process personal data on our behalf as ‘processors’ and are subject to contractual conditions to only process that personal information under our instructions and to protect it. They retain certain other data such as server logs and emails for a limited period as explained on their privacy notice here

In the event that we share personal information with external parties, we only share what is required for the specific purposes and take reasonable steps to ensure the recipient only processes the disclosed information in accordance with those purposes.

The Royal Bank of Scotland, Santander, PayPal and SumUp process payment transactions securely on our behalf.

Instructors and event organisers may receive personal details of event participants.

How we protect your personal information

Your personal information can be accessed by members of the club committee and may be used only for the purposes set out above. It may also be read by a number of people in ‘off-committee’ support roles, for example to manage the club’s Google Group membership or to provide IT support to the committee.

Your personal information is stored on the membermojo server (to which access is protected) and a back-up copy may be taken from time to time and stored in a password-protected location on Google Docs. The information required by Mountaineering Scotland is transferred to them by inputting it directly into a password-protected database or emailed via a password-protected spreadsheet.

How long we keep your personal information

We only keep your personal information for as long as necessary to provide you with membership services. If you don’t renew your membership, your details will be archived after nine months and deleted after two years.

You have a right to:

You can contact us at chair@estc.org.uk

If you are dissatisfied, you have a right to raise a complaint with the Information Commissioner’s Office at www.ico.org.uk

Mountaineering Scotland

Edinburgh Ski Touring Club is affiliated to Mountaineering Scotland. Mountaineering Scotland's Data Protection and Security Policy is here.