Governance, Policies and Reports

The Royal Automobile Club (‘the Club’) collects and processes personal data relating to its members, in order to manage its relationship. The club is committed to protecting your privacy and meeting the requirements of data protection legislation.

Who are we?
This privacy notice is issued by The Royal Automobile Club Limited (“We”, “our”, or “us”). Our registered office is at 89-91 Pall Mall, London, SW1Y 5HS.

We collect and use data about individuals, and we do so as the controller of that data. This means we determine why and how we collect and use that data, as described in this privacy notice.

How to contact us:
We regularly review our compliance with this Privacy Notice. Questions, comments and requests regarding this Privacy Notice are welcomed and should be addressed in the first instance to dataprotection@royalautomobileclub.co.uk.

What information does the Club collect?
The Club holds the following personal information:

• Personal data that you provide to us
  We store personal data you provide directly to us through your membership application and throughout the length of your membership, which includes your annual renewal, bookings, enquiries, preferences provided and attendance at events.

• Personal data we collect about you
  The Club stores personal data that the Club collects about you when you use our services and physical and online facilities. These include things such as bookings history, financial transaction information and CCTV images.

• Personal data from other members
  As part of the membership application process the Club will collect information about you from other members who are supporting your application. The Club may also hold on file information from other members of the Club and or which is in the public domain, where appropriate.

• Personal data relating to children
  The Club holds data relating to members aged under 16 years old in order to provide Junior memberships. The Club collects and processes this data with the consent of a parent or holder of parental responsibility.

Reasons for collecting that personal data
The Club collects and stores personal data to provide you with membership-related services, such as access to our facilities and attendance at our events based on:

• Performance of a contract: Managing your membership, including applications and renewals.
• Legal obligations: Safeguarding the health and safety of members and employees.
• Legitimate interests: Including but not limited to: o Collecting information for demographic and research purposes aligned with the Club’s heritage values.
  • Providing high levels of customer service by understanding your preferences
  • Sending information about Club news, events, and membership offers
  • Processing information relating to usage of Club facilities for consideration for committee membership
  • Processing information such as your preferences and purchase history in order to send you tailored offers and events
  • Organising activities and matches through the Club’s Activity Groups
  • Information required to investigate a breach or suspected breach of the Club’s rules.

The Club will process special categories of personal data, such as medical (including allergy) information to make special adjustments for the use of premises and facilities, where you have chosen to make this information known to us. This will be stored for the duration of your membership.

Who the Club shares your personal data with
The Club may share your personal data with the following types of organisations:

• Printing firms within the UK: To provide printed documents necessary for our services such as membership cards, seating plans for events and similar
• Mailing houses within the UK: To send out information like Annual General Meeting (AGM) details and Pell-Mell & Woodcote

• IT system providers: To support the Club’s operations. Partner companies within the UK: To compile guest lists for events.
• Accredited third-party confidential waste providers: For secure disposal of personal information.

The Club will only share your personal information (such as name, membership number and contact information) with Reciprocal Clubs (whether within or outside of the UK or EEA) at your explicit request to use their facilities. within the UK or overseas.

International Transfers
Some of our external third parties are based outside the UK or European Economic Area (EAA). Whenever we transfer your personal data out of the UK or EAA, we ensure a similar degree of protection is afforded to it to when it is in the UK. This includes:

• Only transferring your data to countries with an adequate level of protection as deemed by the UK or the European Commission.
• Using Standard Contractual Clauses (SCCs) for transfers, ensuring similar protection levels. We will at all times try to minimise the amount of data which is shared.

Data Retention
The Club retains personal data for the duration of your membership and for specific periods post-membership, in line with legal requirements and best practices:

• Applicant Information: six months from application
• Member file: three years post membership
• Disciplinary information: three years post membership
• Reciprocal guests from other clubs: one year post visit to the club
• Child member file: deleted one month post membership
• Guardian pass member file: one month post membership

Our retention schedule is based on the Club’s heritage purpose, operational needs, and legal requirements.

Receiving communications from the Club and updating your preferences
Members receive emails and app notifications about events, activities and offers as a benefit of membership. Members can update their contact preferences online in the My Account area of the website or by contacting the Communications Team.

Non-members who have shown interest in or attended events will only be contacted with their consent and can opt out at any time by contacting the Communications Team.

Security of personal data
The Club takes the confidentiality, integrity and availability of your personal data seriously. We have implemented technical and organisational measures, including, but are not limited to, encryption in line with current industry good practice), role-based access controls, two-factor authentication, and third-party assessments of our facilities.

Your rights
As a data subject, you have several rights:

• Correct any data we hold about you that is not correct (Rectification)
• Have any data not covered by our retention policy deleted (Erasure)
• Block or suppress the further processing of your personal data in certain circumstances (Restriction)
• Request access to personal data that we hold about you (Subject Access)
• In some circumstances, receive the personal data which you have provided to us, in a structured, commonly used and machine-readable format and have this transmitted to another data controller (Data Portability)
• Withdraw consent where this is the legal basis for us processing your information
• Object to processing where the Club is relying on its legitimate interests as the legal ground for processing

The Club has a standard operating procedure for handling data subject requests in accordance with GDPR regulatory obligations. If you would like to exercise any of these rights, please email dataprotection@royalautomobileclub.co.uk.

Complaints
If you have any concerns about our use of your personal information, or believe that the Club has not complied with your data protection rights, you can make a complaint to us by emailing dataprotection@royalautomobileclub.co.uk. You can also complain to the ICO if you are unhappy with how we have used your data. The ICO’s address:

Information Commissioner’s Office

Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline number: 0303 123 1113 or visit the ICO website.