Austrian Alpine Club (UK) Privacy Notice

AAC(UK) Privacy Notice - v04 2020-12-14.docx - 14 December 2020

This Privacy Notice supersedes the version issued in August 2018


1. About this Privacy Notice
This Privacy Notice explains what personal information we collect, why we collect it, how we use it, how we keep it secure, and your rights in relation to it.  For the purposes of the UK law, we will be the “data controller” for all personal data that we hold about you. For further details please refer to the website of the United Kingdom’s Information Commissioner (www.ico.org.uk).


2. Who we are
We are the Austrian Alpine Club (UK) Limited (“the Club”), a private company limited by guarantee under registration number 09772805. Our contact details are given at the end of this document.


3. How we collect data
We collect personal data that you provide to us. This includes information provided when you join the Club, order merchandise, book to attend Club events, apply for grants or otherwise provide data to the Club by email, telephone or similar means.  If you attend a training course that is subsidised or promoted by the Club, we may collect personal data from the course provider (eg confirmation that you passed the course assessment).

If you are a person that provides services to the Club we will collect and process appropriate personal data, eg name, address and bank account details, to allow the Club to fulfil its contract with you.

We do not normally collect sensitive personal data. However there are occasions when we collect such information, eg regarding health issues, if you are attending selected Club events or training activities. If this does occur, we will take extra care to ensure your privacy is protected.

Except as described above, we do not collect personal data from third parties.

4. How the law protects you
Data Protection law says that we are allowed to use personal information only if we have a proper reason to do so. The law says we must have one of the following reasons:
• To fulfil a contract we have with you.
• When it is our legal duty.
• When it is in our legitimate interest.
• When you consent to it.

A legitimate interest is when we have a business reason to use your information including but not limited to internal administrative purposes, preventing fraud, or ensuring network and information security.


5. How we protect your personal data
We have implemented generally accepted standards of technology and operational security in order to protect personal data from loss, misuse, or unauthorised alteration or destruction.  We use industry-standard security mechanisms to protect your personal data when it is
transmitted over the internet.

Your personal data will be stored either in the UK or in a country that is a member of the European Economic Area (EEA).

If you join or renew your membership via the Club’s website, or order merchandise via the Club’s website, then your payment will be handled by a specialist service provider (not by the Club).  That service provider complies with the Payment Card Industry Data Security Standard (PCI DSS).

We will notify you promptly in the event of any breach of your personal data which might expose you to serious risk.


6. Sharing your personal data
We provide your personal information to third parties who are service providers to the Club for the purposes of providing services to you on behalf of the Club. This is essential to the administration of the Club.

Those Club members directly involved in Club management (eg the Directors) may be provided with your personal information if there is a clear need to do so. This arrangement is subject to written guidelines.

Your personal information may be passed to other Club members in connection with Club activities, if you have given permission to do so. You can withdraw this permission by contacting us (see the end of this document).

If you book on a United Kingdom-based training course, we may provide appropriate elements of your personal data to the training provider.
If you lead or organise a Club event, or wish to advertise services or goods for sale to Club members, your contact details may be published in the Club’s printed newsletter or e-newsletter, by email to members, or in the “members’ area” of the Club’s website. Access to the website “members’ area” requires login using details published only to Club members.

We will provide limited details of all current members to the insurance agents in Austria, so that in the event of a potential claim (eg following an accident) via the Alpenverein Worldwide Service they can confirm your current Club membership status.

In the event that you are involved in an accident or are ill we may provide any emergency contact details that you have provided to appropriate third parties (eg the police), including to countries outside the United Kingdom.

Your personal data will be accessible to authorised ÖAV personnel for specific purposes, including tracking of Alpenverein-Akademie qualifications, and to organisations that support the ÖAV’s IT systems.

Other than as described above, we do not disclose your personal data to third parties, or to other members.


7. Retaining your personal data
The Club has to hold the personal information that you provide on the paper or web-based membership application form in order to complete the membership application process, and subsequently to provide you with other Club services that are a benefit of membership.

In the absence of any legal requirements, your personal data will be retained for as long as necessary for the purposes for which it was provided. We continually review what information we hold and delete what is no longer required.

If you provide the Club with details concerning your health (for example, in connection with a Club event that you will be attending), we will delete these details promptly after the relevant event.

8. Your rights
As well as our obligations, and commitment, to respect the privacy of your information, you also have certain rights relating to the personal information we hold about you. These rights are outlined below. None of these are absolute and are subject to various exceptions and limitations. You can exercise these rights at any time by contacting us using the contact details at the end of this document.

You have rights to:
Request access to the information we hold about you (Data Access Request)
You may request access to a copy of the personal information we hold about you.
We can refuse to provide information where to do so may reveal another person's personal data or would otherwise negatively impact another person's rights.

Object to processing (Right to object)
You may object to us using automated processes, or fully automating decision making, using your personal data, except where used to detect, prevent and investigate fraud and other financial crimes.

Request a copy of your data (Data Portability)
Where you gave us the information directly, and it was processed electronically, you can request the data we hold on you in a commonly used machine-readable format.

Request that your data is deleted (Right to be forgotten)
You can ask us to delete the personal information we hold about you when it is no longer required for a legitimate business need, legal or regulatory obligations, or for the purposes it was collected for.

Amend or correct your information (Right to rectification)
If you believe that the personal information we hold about you is inaccurate, incorrect or incomplete, please contact us as soon as possible so we can update it.

Restrict the processing of your information (Right to restrict)
You may ask us to restrict our processing of your data whilst we resolve any complaints you have about the way your data is used, require it for a legal claim, or if you think our processing is unlawful but you do not want us to delete your data.

Rights in relation to consent (Right to withdraw)
At any time, you may withdraw the consent you granted for your personal information to be passed to other Club members in connection with Club activities. When you withdraw your consent, it will not affect the lawfulness of any past activities we have undertaken based on the previous consent.

How we respond to your rights
You can exercise these rights at any time by contacting us using the contact details at the end of this document.

We may need to validate your identity before we can respond to your request. If we are unable to confirm your identity, or have strong reasons to believe that your request is unreasonably excessive or unfounded, we may deny it.

Once we have validated your identity, we aim to respond to your requests within 30 days and no later than three months from receipt of complex requests. We will let you know if we need additional time to complete.

We will let you know whether we accept, or refuse, your request.


9. Complaints
You have the right to take any complaints about how we process your personal data to the United Kingdom’s Information Commissioner:
https://ico.org.uk/concerns/
+44 (0)303 123 1113
Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, United Kingdom


10. Automated decision-making based on your personal data
We do not make automated decisions based on your personal information, except as follows:

  • To check that you are placed into the appropriate membership category.
  • To target information that we send by email, based on your geographical location, age, membership history, and family relationship (if any).

11. Changes to this privacy notice
November 2017: Initial version.

May 2018: Updated to reflect the GDPR coming into effect.

August 2018: Updated relating to provision of data to the Austrian insurance agents.

December 2020: We may provide members’ personal data to the ÖAV.
We may update this privacy notice from time to time, in which case we will post the new version on the Club’s website (www.alpenverein.at/britannia).

If we make any significant changes in the way that we treat your personal data, we will notify you by email (if you have agreed to receive information in this manner), and via the Club’s Newsletter.


12. How to contact us
You can contact the Club via the Club’s office as follows: