<pre>
Privacy Policy
Stockton & Thornaby Canoe Club 

Overview
Stockton & Thornaby Canoe Club (The Club) need to collect personal information from its members including 
contact information, medical information, and emergency contact information. We will also track attendance 
at events, qualifications, certifications, and progression through the sport. All information is stored 
electronically through the club website hosted with Amazon (London) or the club’s G drive hosted by 
Google (London) and only made available to only the people who need it. The Club has an audit and access 
logging and reporting system and actively monitors usage to confirm no member who has access to that 
information does so inappropriately.  We do reserve the right to update this policy as and when we need 
to depending on club requirements. All amendments will be available within the members area of our website 
located at https://www.stocktonthornabycanoeclub.co.uk/ or on request by contacting 
contact@stocktonthornabycanoeclub.co.uk.

Who are we?
Stockton & Thornaby Canoe Club is a registered charity, number 1164327. Our address is Stockton and 
Thornaby Canoe Club, c/o – Tees Barrage International White Water Centre, Tees Barrage Way, Stockton on 
Tees, TS18 2QW. Our club email address is contact@stocktonthornabycanoeclub.co.uk.

What information do we collect & why?
We collect personal data to manage your membership of the club. This consists of:
• Name
• Email Address
• Phone Number
• Gender 
• Date of Birth
• British Canoeing No.
• Address
• Qualifications
• Certifications
• Emergency Contact
• Emergency Phone No.
• Medical Information 

As part of our application we will also collect:
• GPS Location
• Trip & Event Attendance
• Chat Logs

The app is for management of trips and events, and needs to access GPS location, trip, event, and chat 
information to function as expected. All information transport is secured via SSL and hosted on a server
which is security checked yearly and per version to the latest OWASP security standard. 

For The Club’s duty of care, emergency contact information and medical information is provided to leaders 
and coaches on club activity for which you attend. These will be accessed appropriately and people 
accessing this information will be subject to our Non-Disclosure Agreement (NDA) to comply with the UK GDPR 
in respect to your personal and sensitive information. Trustees, committee members, coaches, and other club 
officials may also be made aware of any confidential or sensitive information in respect to the management 
of the The Club and will also be subject to our NDA.

Please obtain permission from the Emergency Contact to store their contact details in case of emergency. 

Certifications and qualifications are collected from British Canoeing’s (BC) database, these contain dates 
and expiry dates of safeguarding training, first aid training and relevant BC safety courses, paddling, 
coaching, and leadership qualifications. This is used as part of The Club’s Club Activity Leader framework.

Anatomised summary information will be submitted to British Canoeing on a yearly basis which includes gender, 
age range, and BC membership. 

Security Controls
The charity uses Google’s G drive as a storage medium for The Club’s management and membership information. 
The website contains the membership database which is hosted on Amazon AWS. The STCC Trips mobile and web 
application is hosted on Digital Ocean. All are based within the UK. 

Each system has their own Role Based Access Control (RBAC). There are 4 levels of access which are trustees 
only, wider committee including PDCs and other officers, coaches, and general membership. Each system also 
has audit and logging capability to actively monitor access to information, any inappropriate access can be
flagged and reasons around access will be investigated. Any member abusing this system will be subject to 
disciplinary action or the case may be passed to the police if deemed a crime as per the Computer Misuse 
Act of 1990. 

Payments online and offline use a 3rd party payment gateway and payment information is housed securely 
by Stripe.

All Club IT assets are penetration tested and security audited on a yearly basis. 

The website uses cookies and usage of the website will require members to accept cookies which are used 
to manage the account session for the members area.
Club social media including Facebook pages, groups, Instagram account, and any other such platform may 
also contain personal information, none of these give us access to the security controls outside of the 
Facebook Group. The Facebook Group will be managed by members appointed by the Trustees/Committee for 
the purpose of management. Images which are deemed personal information which are uploaded to Facebook 
group can be removed by The Club’s management team, but has no control over any other area of Facebook 
or other social media platform where it is posted. If the club has uploaded any of photos or images to 
it’s Instagram or Facebook Page, and your wish is that they are removed, The Club will be happy to 
remove them.

How long do we keep your information?
The Club will hold that information for as long as you are a member of The Club plus 1 year. This is 
required for reporting purposes from our commitments to British Canoeing. 
Payment information will be kept for 6 years from the end of the financial year of the charity in which 
the payment was made.

Your Rights
As per the UK GDPR you have the right to access personal information that we hold but a fee of £10 will 
be made to cover administration costs. You also have the right to have any personal information corrected, 
erased in certain circumstances, or object to how the personal information is being processed. To request 
your personal information, or to ask The Club any questions on how your data is managed, please contact 
contact@stocktonthornabycanoeclub.co.uk.