Data Protection Policy



Privacy Notice and Data Protection Policy


The East Anglia Lotus Club is committed to ensuring that data is collected and used appropriately, fairly and lawfully.

What data is collected?
Personal data is collected from members of the Club. This may include, for example, name, address, telephone numbers, their car details, and email addresses and/or social media identification. Only data necessary for the Club’s activities is collected. Contact details are also collected from prospective new members who enquire about the Club, to enable information about the Club to be supplied to them.

How is personal data used?
Data is used for the management of the Club, organisation of events and activities and/or day to day contact as necessary. This includes communicating with members by post, telephone and email, and/or via social media regarding membership status, organisational issues, news and information about the Club, financial transactions with the Club, and promoting the Club activities. Personal data collected by the Club is not to be used for any other purpose.

Who has access to personal data?
Data is shared among members of the Club for the purposes described above. Personal data is not shared outside the Club except where necessary for the organisation of the Club's activities. For example, information may be used for transport arrangements for a field trip or for insurance purposes when required by an external event organiser or organisation. Data may also be disclosed when required by law, or if disclosure is necessary in an emergency situation.

How is data stored?
Storage of data may be distributed among members of the Club. Members holding personal data do so in a safe and secure way that takes reasonable steps to avoid accidental loss or misuse. The Club ensures that members are aware of their obligations to safeguard personal data. For example, passwords should be used to control access to computer records, devices should have up-to-date security software installed and paper records should be stored in a safe place.

Is the data accurate and up-to-date?
Members are given the opportunity to check the accuracy of the information held about them and to provide updates.


For how long is data retained?
Personal data is kept for current members of the Club and may be retained for up to 3 years beyond membership expiring. Data is deleted if it is out-of-date, or if an individual has withdrawn consent and there is no legitimate need to keep their data. Contact details for prospective new members are deleted if they fail to join the Club or if they confirm they do not give consent to their data being retained. Deletion means removal of records from the current data in use for the Club's activities. Records may still exist as part of archived data that is not available for use. Note that the holding of contact details by individuals for their own social and domestic purposes is outside the scope of this policy.


Who is the Data Controller?
The Club's Chairman acts as data controller and is responsible for ensuring that queries and concerns about data protection are dealt with effectively and promptly. Members have the right to see data held about them and to object to how it is being used.

What information does the Club distribute?
Website and Social Media: Personal data (for example, private contact details) are not displayed on the Club's website unless by specific consent. The website lists the names of the current Committee Members but does not show the full names of other members of the Club. The website includes photographs of members engaged in Club activities and events, but does not identify individuals. Member's cars (which may show registration numbers) are also included within the website. If any personally identifiable information is posted on social media, this should be done with appropriate privacy settings.


Have members given consent?
All members of the Club are made aware of this policy through the Club's terms and conditions of membership. Members consent to their acceptance of the Club's policy as a condition of joining it. If after becoming a Club Member they do not give consent for their personal data to be collected and used as described within the policy, such confirmation must be given in writing, either on paper, by email (to or online, and records of the non-consent retained. There are situations in which data may be used, without specific consent, to pursue legitimate interests of the Club in ways which might reasonably be expected. For example, using contact details when money is owed, or to provide information to prospective new members.



The General Data Protection Regulation 2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union and the European Economic Area.