Derbyshire Caving Club - Data Protection Act (DPA) 1998 and General Data
Protection Regulations (GDPR) 2016/679
The DPA and the GDPR (comes into force 25th May 2018) protect individuals' privacy by regulating how personal information, known in the
'personal data', is collected and used. The law applies to information stored electronically or in manual systems
that can be linked to an identifiable individual.
Although the GDPR are not yet in force (written February 2018), the DCC
is working on how it will comply with the new law as well as ensuring it
continues to comply with the DPA.
'Personal data' is any information that relates to a living individual who can be identified:
from that information or,
from that and other information in our possession or likely to come into our possession.
Personal data can include:
email addresses or telephone numbers, collected when people join the
Club, visit the mines at Alderley Edge, register enquiries through the
website or make on-line bookings on Open Days
information about people that we collect during caving and mining trips,
on Alderley trips (including open days) or at social events, including
images and sound recordings
name, address, email addresses and telephone numbers of members
The DPA requires that personal information is:
collected and used fairly i.e. we make it clear to people how we intend
to use their information and whether it will be given to anyone else inside
or outside the Derbyshire Caving Club
appropriate to the uses which have been agreed
stored for the minimum time relevant to the use for which it is
disposed of securely once the use for which it has been collected has
come to an end
protected by a contract, if it is being given to a third party to ensure the information is only used for the purpose the Club has agreed. A contract is also needed if personal information is being sent to a third party located outside the EU.
People have certain rights under the act in relation to information stored about them.
Any formal requests for information or notices to stop processing under the act must be dealt with by the Committee. Pass any such requests immediately to the Honorary Secretary. Contact can be made by email to the
Removal of data or images
Any request to have email addresses or other information deleted after an Open Weekend
or photographs removed from the website at any time should be referred to the
Webmaster who can readily remove the information.
Data protection policy, statement and consent form
These documents required for the GDPR are currently being prepared and
will be posted here when approved by the Committee. (Feb 2018)