GRPA Privacy Statement
The General Data Protection Regulation (GDPR) is an EU law governing privacy data.
​
The regulations mean we, the GRPA, is subject to stringent rules for how we collect and store our supporters’ data.
​
Whilst the GRPA is a separate standalone entity (we are currently taking steps to gain charity status) from The Grange School but we do work closely with school for the benefit of the Grange School Rowing Club. In this regard we do use personal data for fundraising activities, promotional information and social media channels. Therefore, in a school context we are a data processor and as such have a legal obligation to comply with the current GDPR rules.
Why we hold data
Holding members’ data enables us to manage the GRPA business and financial affairs, to arrange fundraising events, to impart rowing news and notices via our WhatsApp Info Only group and to correspond with members generally to provide relevant information regarding all things Grange Rowing.
What data we hold
We hold information such as the member's name, date of birth (so we can manage age group related activities), parental phone numbers, email addresses and social media details, in particular Instagram usernames. We also hold emergency contact information (phone, email) and medical data for purposes of summer rowing camps organised by GRPA, and in conjunction with The Grange School.
Can consent be assumed?
Consent requires a positive opt-in, so we will not use tick boxes or any other form of default consent. To this end you will be required to complete a form which explicitly requires you to consent to us holding and using your data for the purposes described above. We also hold and use photographs of our members for promotional, information and fundraising purposes. Consent forms for these purposes are available via our website (www.grangerowing.com) which can be accessed via a link from The Grange School website.
​
The consent will be updated annually, however, should you wish to modify your consent in the interim please contact us.
​
Please note that by providing your data to an organisation you must reasonably assume that the data will be used. It is how the data is used and where it is held that is now more tightly controlled, under something called 'legitimate interests' - essentially, if we (the GRPA) need the data to provide a service to you (the member) and we can't do it without your data, then consent can be assumed.
​
For example, if parents can expect urgent communications regarding changes to events a phone number to allow them to be a participant in the WhatsApp Info Only group is the best way to receive such information.
What we don’t do
We do not sell your data or allow it to be used for other purposes other than our own.
Where we hold your data
Member data is held in a combination of cloud based platforms, namely, Google Workspace (contact details and photographs), Stripe (online payments-should you wish to save your payment details).
These platforms give us an encrypted and secure means of communicating with our parent body and an effective way of managing data.
What if you want your data to be deleted
We hold contact details for our former members as they become Roburian Rowing Alumni. As current members transition to be alumni we would seek separate consent to hold this data. At any time, should you wish us not to hold your data please contact us.
​
As current members, please be aware that if we do not have up-to-date information this will limit our ability to communicate effectively with you.
GDPR related questions
Upon guidance from The Grange School we have taken all steps, and will continue to do so, to protect your data. However, should you have any questions in this regard please do get in touch.