Privacy Policy

Constitution | Privacy Policy | Code of Conduct

Last updated: 14th Aug 2022

Dundee Mountain Club (DMC) takes your privacy seriously. We are a “controller” of the personal information that you provide to us and this privacy notice sets out how, why and for how long we will use your personal data, as well as who it is shared with. It also explains your legal rights as a data subject and how to exercise them.

What we need from you

When you register as a member of Dundee Mountain Club or renew your membership (including if you are registering or renewing on behalf of a young person aged 16 or under), we may ask you for some or all of the following personal information:

  • Contact details – eg. name, address, email address and optional phone number.
  • Date of birth – to calculate membership category and eligibility for events and courses (required by Mountaineering Scotland).
  • Participation details – other clubs, existing Mountaineering Scotland membership number.
  • Equality information – gender (required by Mountaineering Scotland).
  • Safety and emergency details – next of kin name and telephone number.

If you do not provide us with all of the personal information that we need this may affect our ability to offer you our membership services and benefits.

Why we need your personal information – contractual purposes

We need to collect our members’ personal information so that we can manage your relationship with us. We may use our members’ personal information to:

  • Provide you with core member services, including confirmation of membership, membership card, end of year renewal notice, newsletter.
  • Organise club activities.
  • Register your membership with the representative body, Mountaineering Scotland, to provide you with insurance cover, magazine subscription and other benefits they offer to members of clubs, including access to courses, competitions, mountain huts and land access rights.

Why we need your personal information – legitimate purposes

We also process our members’ personal information in pursuit of our legitimate interests to:

  • Provide you with news and updates about the activity of the club, opportunities to get involved in club meets, training, general meetings or other events.
  • Raise awareness of the club’s activities by capturing photos, videos, or live streaming at events. We may use this for promotion, education and development purposes.
  • Respond to and investigate your questions, comments, support needs, complaints, concerns or allegations.

Other uses of your personal information

We may ask you if we can process your personal information for other purposes. Where we do so, we will provide you with an additional privacy notice explaining how we will use your information for these purposes.

Who we share your personal information with

When we register your membership with Mountaineering Scotland we pass on your personal data and Mountaineering Scotland become a controller of your personal data. Mountaineering Scotland provides full details of how it uses your personal data in its own privacy notice (www.mountaineering.scot/privacy-notice) and will not use it for any other purpose.

We may be required to share personal information with statutory or regulatory authorities to comply with statutory obligations. Such organisations include the Health & Safety Executive, Disclosure Scotland and Police Scotland for the purposes of safeguarding children, and UK Anti-Doping for the purpose of eliminating doping in sport if involved in competition climbing. We may also share personal information with professional and legal advisors for the purpose of obtaining advice.

Third party suppliers with access to members’ personal data

Dundee Mountain Club uses third party suppliers to provide services. These suppliers may process personal data on our behalf as “processors” and are subject to contractual conditions to only process that personal information under our instructions and to protect it.

  • Google provide our membership database, mailing list and meet booking information. Google’s privacy policy is available at: https://policies.google.com/privacy?gl=uk
  • GoCardless process payment transactions securely on our behalf. DMC does not have access to your bank details. GoCardless’ privacy policy is available at: https://gocardless.com/legal/privacy/
  • Microsoft Azure and EUKHost are used for our meets booking database (“MeetSignup App”). Microsoft’s privacy policy is available at https://privacy.microsoft.com/en-gb/privacystatement. EUKHost privacy policy is available at https://www.eukhost.com/legal/privacy-policy
  • Event organisers receive details of participants.
  • Discord is used for our club chat. Discord’s privacy policy can be found at https://discord.com/privacy. We require all users on DMC Discord server to use their real name (firstname lastname), no aliases or abbreviations and this should match exactly the name used on the meet signup system (to aid easy administration and user identification). We will also share your membership status (whether a member, prospective member, committee member or non member) which is necessary to control access (e.g. limit access to channels which are restricted to members).
  • Limited information from the meet signup system may be shared on Discord to assist with organisation, planning and to allow meet participants to communicate with one another. This includes notification that you have signed up for a meet (addition to a “meet channel” with others attending the meet), which option was selected (e.g. if taking part in a communal meal) and travel preferences selected (for organising shared transport).
  • Yogile provides our shared photo albums. No personal data is supplied to Yogile. Photographs in our Yogile albums may be used for publicity purposes. You have the right to request a photograph of yourself be removed from Yogile. Yogile’s privacy policy is available at: https://www.yogile.com/privacy

When we share personal information with external third parties, we only share such information strictly required for the specific purposes and take reasonable steps to ensure recipients shall only process the disclosed personal information in accordance with those purposes.

How we protect your personal information

Your personal information is accessed by our committee and appointed agents only for the purposes set out above. It is stored by our club in password-protected files hosted by Google. Your personal data is transferred to Mountaineering Scotland by inputting it directly into a password-protected database or emailed via a password-protected spreadsheet.

How long we keep your personal information

  • We only keep your personal information for as long as necessary to provide you with membership services.
  • Unless you ask us not to, we will review and delete your personal information (except your name) where you have not renewed your membership with us for more than one year.
  • Unless you ask us not to, we will keep your name for up to five years after you cease to be a member in order to identify you as a former member should you choose to rejoin.
  • Completed membership forms which are not progressed to full membership will be reviewed and deleted (except your name) after a period of six months.

Your rights

You have a right to:

  • Change your communication preferences or restrict the processing of your personal data for specific purposes.
  • Request that we correct your personal data if you believe it is inaccurate or incomplete.
  • Request that we delete your personal information.
  • Access the personal data that we hold about you through a “subject access request”.

You can contact us via the contact form on our website at www.dundeemountain.club.

If you are dissatisfied, you have a right to raise a complaint with the Information Commissioner’s Office at ico.org.uk