Privacy Policy
ITCA (World) Data Privacy Policy

The International Topper Class Association (World) ("ITCA World", "we" or "us") is committed to promoting and protecting the International Topper class around the world and arranging international and regional regattas and training events. In order to do this, we collect and use personal data.

This policy describes what personal information we collect or obtain about you and how we use it.

  1. About this Policy
    1. This policy explains when and why we collect personal information about our competitors and people connected with ITCA World, how we use it and how we keep it secure, and your rights in relation to it.
    2. We may use and store your personal data, as described in our Data Privacy Policy and as described when we collect data from you.
    3. We reserve the right to amend our Data Privacy Policy from time to time without prior notice. You are advised to check the ITCA World website, www.itcaworld.org, but amendments will not be made retrospectively.
    4. We will always comply with the General Data Protection Regulation (GDPR) when dealing with your personal data. Further details on the GDPR can be found at the website of the Information Commissioner, ico.org.uk.
  2. Who are “We”.
    1. We are ITCA World and will be the ‘controller’ of all personal data we hold about you. Contact the Association Secretary General.
  3. What information we collect and why.
    1. We will collect personal data for the efficient management of our Association in meeting ITCA World’s aims and objectives.
    2. We will hold personal data which relates to our event competitors, officers, staff and volunteers, that are involved with ITCA World, and where appropriate, data on those individuals who provide services and or supplies to ITCA World.
    3. We will hold data to enable us to execute the functions and events that ITCA World undertakes, which may include visitors and guests.
    4. We will maintain a data collection register to document the type of information, the purpose of the information, and the “legal basis” for processing the information. (Appendix A)
  4. How we protect your personal data.
    1. We will only transfer your personal data outside the EU where we are satisfied that personal data will be granted an adequate level of protection in the receiving country; or specific contractual clauses or binding rules are in place; or the data subject has given explicit consent; or we are otherwise permitted to do so under the GDPR.
    2. We have implemented generally accepted standards of technology and operational security in order to protect data from loss, misuse, or unauthorised alteration or destruction.
    3. Please note that where you are transmitting information to us over the internet this can never be guaranteed to be fully secure.
    4. For any payments which we take from you online we will use a recognised online secure payment system.
    5. We will notify you promptly in the event of any breach of your personal data which might expose you to serious risk.
  5. Who else has access to the information you provide us?
    1. We will never sell your personal data. We will not share your personal data with any third parties without your prior consent (which you are free to withhold) except where we are required so to do by law or as set out in the “Data Collection Register” on Appendix A or in paragraphs 5.2 below.
    2. We may pass your personal data to third parties who are service providers, agents or subcontractors to us in order that they may complete tasks and provide services to you on our behalf. We do this for our legitimate interest in operating ITCA World and the performance of our contract with you. We will disclose only the personal data that is necessary for the third party to deliver the service to you and we have a contract in place that requires them and or their subcontractors to keep your information secure and not to use it for their, or their subcontractors’ own purposes.
  6. How long do we keep information.
    1. We will hold your personal data on our systems for as long as you subscribe to our newsletter or enter an ITCA World event and for as long afterwards as it is in ITCA World’s legitimate interest to do so as long as it is necessary to comply with the ITCA World’s legal obligations.
    2. We will review your personal data every year to establish that we are still entitled to process it. In the event that this is not the case, we will cease processing your data but may retain the right to continue to hold this data in an archived form in order to be able to comply with legal obligations.
    3. We undertake to destroy, in a secure manner, all financial information once we have used it and no longer need it.
    4. The Association will retain your name, age, sail number and hull number for the purposes of the Association’s racing results archive.
  7. Your rights.
    1. You have rights under the GDPR:
      (a) To access your personal data held by us.
      (b) To be provided with information about how your personal data is processed
      (c) To have your personal data corrected
      (d) To have, in certain circumstances, your data erased
      (e) To object to or restrict how your personal data is processed.
      (f) To have your personal data transferred to yourself or, in certain circumstances, to another business.
    2. You have the right to take any complaints about how we process your personal data to the Information Commissioner. Details are shown in appendix B.
    3. For more details, please address any questions, comments and requests regarding our data processing policy or practices to the ITCA World committee, or by contacting the Secretary General.

 

Appendix A

ITCA World Data Collection Categories

Type of information

Purposes

Legal Basis of Processing

1

Entrants name, address, phone, email, Date of Birth

Managing championship entries and race results plus managing categories of events which are age related

Contract with the event entrant

Legitimate interest

2

Gender

Provision of adequate facilities for competitors.

Provision of gender based categories of events.

For the purposes of our legitimate interests and the legitimate interests of the event hosts in providing awards for gender based categories at events.

3

Names of entrant’s parents, guardians, or next of kin

Managing championship entries and race results

Contract with the event entrant

Legitimate interest

4

Emergency contact details

Contacting next of kin in emergency

Vital interest

5

Event entrants name, address, phone, email, sail & championship number, telephone number

Managing race entries and race results

Sharing results with other host venue, local and international media

Legitimate interest

Legitimate interest

6

Photos and videos of competitors and their boats

Managing racing and training events

Publication on ITCA World websites, social media and press releases

Contract with the event entrant.

Consent. When using images for publication we will seek the competitor’s consent. The competitor may withdraw their consent at any time by contacting us by e-mail

7

Subscribers name and email

Managing ITCA World’s online directory and newsletter list

Consent. Newsletter subscription

8

Bank account details (member)

Event entrants’ subscriptions, services and expenses

Contract with the event entrant

9

Bank account details (other)

Payments for services, functions, and expenses

Contract

10

Employee’s name, address, email, telephone number, CV, NI, bank details, tax code, holidays

Contract of employment, payroll

Statutory Staff contract/ pay and conditions

11

Supplier’s name, address, bank details

Provision of goods and services

Legitimate interest

12

Volunteers name, address, phone number, emergency phone number

Provision of services

Legitimate interest, Vital interest

13

Historic event entrant’s data

Potential statutory obligations

Legitimate interest, statutory

 

 

Appendix B

ITCA Legal Basis

 

 

Title

Description 

A

Consent

The individual has given clear consent for you to process their personal data for a specific purpose.

B

Contract

The processing is necessary for a contract you have with the individual, or because they have asked you to take specific steps before entering into a contract.

C

Legal Obligation

The processing is necessary for you to comply with the law (not including contractual obligations).

D

Vital Interests

The processing is necessary to protect someone’s life.

E

Public Task

The processing is necessary for you to perform a task in the public interest or for your official functions, and the task or function has a clear basis in law.

F

 

Legitimate Interests

 

The processing is necessary for your legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests.  (This cannot apply if you are a public authority processing data to perform your official tasks).

For full details of the Legal Basis for Processing, please visit the ICO website: at https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/lawful-basis-for-processing/legitimate-interests/

To contact the Information Commissioner:

Log onto https://ico.org.uk/concerns/

or by telephone to 0303 123 1113,

or in writing to: Information Commissioner’s Office. Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.