Data Protection

Your data, your rights.

We collect personally-identifiable data from our members and committee for the purposes of invoicing, payment processing, communicating, and providing services. We never collect data for the purposes of third-party sharing with the intent to gain profit.

What data do we collect?

Information we collect to identify our members includes, but is not explicitly limited to;

Full Legal Name
Date of Birth
Home Address
Email Address
Payment Information (Long card, CVV, Expiry)
Payment Card Type (Mastercard, Visa, Apple Pay, Google Pay)
Vehicle Make/Model/Registration

All of this information can be used to identify our members, and is collected for the purposes of providing services or communicating with our group.

How is this data stored?

PII (Personally-Identifiable Information) is stored by our data provider(s), BellProton and Stripe (Payments Provider), and is secured to government compliance standards, FIPS and GDPR. Proprietary security technologies are used in the safe-custody of data, and our providers are legally-required to make the public aware of any breaches.

How is this data used?

PII is submitted and stored for later use internally via the following flow;

Data Input - The end-user submits data through the website, or via our secure payments provider, Stripe.
Data Transmission - PII data is made available solely to the DPO (Data Protection Officer) at BellProton with the sole purpose of providing membership services to members of Bathspeleo. Data is viewed by one person programmatically with access to the payment provider.
Data Storage - Data is classified by the need for reasonable use, and is stored on the club's intranet system. The only data visible to more individuals than the sole DPO, is that which may be used to contact members regarding their membership status. (First Name, Last Name and Email Address), and no other data is made available.
Data At-Rest - Any further data is held securely for as long as is reasonably necessary to provide membership services, or for the purposes of fraud prevention, which is standard for payment processing requirements.

Data may be shared with the British Caving Association in order to provide a full membership. This is information that they reasonably require to provide liability insurance and other membership services to our members.

From '2025 - Data Protection & Your Membership Terms & Conditions

Privacy Policy

This policy relates directly to your Personally Identifiable

Information which is processed for the maintenance of your

membership, and any payments remitted to our third-party online

service provider(s) BellProton and Stripe UK LTD.

Your Data

You have the right to know what data we collect, and how we store it in order to provide

any services or ongoing contact with you for the duration of your membership with us.

Data we may collect:

• Identifiable Information – Full Name, Date of Birth, Full Address, Credit/Debit

Card number, bank or building society account number and sort code,

Telephone Number (mobile or otherwise), Social Media accounts and email

addresses.

• Metadata – Browser identity, cookies, device fingerprint (non-biometric), social

media account(s) connected to services.

We may also collect information that relates to you, for the purposes of safety, such as

emergency contact information.

Data Use

We will never share your personal data with third parties or organisations that aren’t

directly related to us or the maintenance of your membership. The following shows how

we use your personal data:

• Contact – When you reach out to us or contact us using your email address, we

will retain this information for the purpose of responding, and for as long as

reasonably necessary to continue contacting you unless we’re explicitly

instructed not to by you or your authorised representative. If you decide to

become a full member, we will retain contact information for the duration of your

membership to send you critical information or planned activities, we may also

send you our specific promotional material.

• Payment – We are required by law to retain payment information for the

purposes of audit trail and fraud prevention, and as such, your information may

be held by our payment provider Stripe, for an indefinite period, including beyond

your club membership period. You can view Stripe’s data policies Here. If you

enter into a subscription agreement with us, we will also retain your payment

information for the purposes of ongoing collection until you decide to terminate.

Reasonable Retention.

We are required legally to audit our data practices, and do so regularly. Your data is only stored within our systems for as long as is reasonably necessary to provide membership services to you. Once any membership or agreement ends, information is deleted from our systems within 28 days** - Your statutory rights are not affected by this procedure, and you can make any formal requests to contact@bathspeleo.com - Where our DPO will respond within 28 Days to any requests for access/removal.

**Exceptions Apply; Financial services require certain information to be retained for longer periods for the purposes of fraud prevention.

Rights to access and right to be forgotten.

You have the right to be made aware of which personally-identifiable data points we have stored about you, so we have a robust and dedicated system in place for handling SAR (Subject Access Requests), you can email contact@bathspeleo.com with the subject line "FAO: DPO SAR" and we will be in touch within 28 working days with further information in relation to your request, upon verifying your identity.

You also have the right to be forgotten, and we will handle requests for such in the same manner. Please note that if you request to be forgotten from our systems, any subsequent membership will be terminated immediately, and the BCA will be notified, thus ending your membership and liability insurances.

Policy Effective: 08/12/2023 // Last Updated: 31/10/2024