Our privacy statement applies to all Lotus Drivers Club activities, services, products and platforms
We take our responsibility to look after personal data very seriously and we ensure that respecting privacy is at the heart of all we do. Like all organisations that collect and use personal data, the Lotus Drivers Club is subject to the requirements set out in the General Data Protection Regulation (‘GDPR’).
Our privacy statement explains how we collect, use and look after personal data. Personal data is any information relating to an identified or identifiable living person. The definition of this may be found in the Data Protection Act 2018.
We have adopted a Privacy by Design approach across the organisation and this helps to ensure that we consider the privacy implications of all our projects, IT systems, and day-to-day functions of the Club. In addition, we have a Data Protection Officer to oversee our approach to data protection and privacy. Ours can be contacted by emailing [email protected]
The data protection principles
At the Lotus Drivers Club, we are bound by the GDPR which includes six principles that we must apply when collecting and using your personal data. These are:
The lawful basis for collecting and storing your information
At the Lotus Drivers Club, we collect, use and are responsible for certain personal data about you. The data we collect is strictly regulated by law and we take full responsibility as the controller of that personal data.
There are four bases for processing personal data that we abide by:
Our lawful basis for collecting and using personal data varies depending on why we have collected it and what we will do with it. Whenever the Lotus Drivers Club collects personal data directly from you, we aim to set out our reasons for doing so as clearly as we can using pop-up messages or links to the information you need. If we receive personal data about you from a third party, we will use reasonable efforts to identify the reasons why and to inform you of this where it is possible and practical for us to do so.
Why we need to collect personal data
The Lotus Drivers Club collects and uses personal data for a variety of purposes including:
When we collect personal data directly from you, we will provide specific and detailed information about why we need to do so.
About your personal data we collect and use
The Lotus Drivers Club collects a range of personal data including:
When we collect and use personal data directly from you, we aim to provide specific and detailed information about the categories of personal data involved.
How we share personal data
The relevant Lotus Drivers Club volunteers and suppliers will have access to your personal data for the purpose(s) it was collected for. When suppliers have access to your personal data, the Lotus Drivers Club will still be responsible for decisions about how your personal data is used.
In some cases, where there is a lawful reason for us to do so we may share personal data with third parties such as the Information Commissioner’s Office. If we are required by law to disclose personal data we will do so, in keeping with our obligations.
The Lotus Drivers Club never sells personal data to third parties for any purpose, and we do not collect or compile personal data for dissemination to third parties for marketing purposes.
Data Processor Information
The following third-party services are used by the Lotus Drivers Club and process data in accordance with the instructions from the data controller:
How we look after your personal data
We have a number of ICT and Information Governance procedures in place which set out the technical and organisational measures we take when collecting and using personal data. If you would like to find out more about these policies and procedures, please contact our Data Protection Officer.
Personal data is held securely within the Lotus Drivers Club IT environment or in our trusted third-party hosting providers’ secure systems. Where personal data is held on third-party hosting providers’ secure systems it is stored according to our instructions and in accordance with the contracts, we have in place.
Your personal data
Under GDPR all individuals are entitled to be told what personal data an organisation holds about them and to receive copies of that information, free of charge, within one month. In some cases, we may charge a reasonable fee to support the administrative costs. You can make a subject access request to the Lotus Drivers Club by contacting [email protected]
If you believe that we are holding inaccurate information about you, you are entitled to ask us to rectify that data. In addition, if you believe that the Lotus Drivers Club no longer has a lawful basis to use your personal data, you can ask us to delete it. The right to rectification and erasure is not absolute, but we will consider any requests carefully and comply with such requests where it is appropriate for us to do so.
If our lawful basis for collecting and using your personal data was consent, then you are entitled to withdraw that consent at any time. You do not need to give a reason for withdrawing your consent and we are required to comply promptly. You can inform us that you wish to withdraw consent by contacting [email protected]
Complaints
If you are in any way dissatisfied with the way we have handled your personal data, you are entitled to lodge a complaint about our data handling practices with the Information Commissioner by writing to:
The Information Commissioner’s Office (https://ico.org.uk)
Wycliffe House, Water Lane
Wilmslow, Cheshire
SK9 5AF, UK