Jersey Aquatic Rescue Club is committed to processing personal data in accordance with the Data Protection (Jersey) Law 2018. The club will also register as a data controller or data processor with the relevant supervisory authority and renew annually. This policy will also be reviewed and renewed on an annual basis to ensure compliance with the relevant laws.

Data protection principles

Jersey Aquatic Rescue Club is committed processing its members data within accordance of the data proception principles:

1. Be processed lawfully, fairly and in a transparent manner (Lawful, fair, and transparent)

2. Be obtained only for specific, lawful purposes (Purpose limitation)

3. Be adequate, relevant, and limited to what is necessary (Data minimisation)

4. Be accurate and, where necessary, kept up to date (Accuracy)

5. Not be held for any longer than necessary (Storage limitation)

6. Be protected in appropriate ways (Integrity and Confidentiality)

Rights of the member

JARC members under the law have the relevant rights:

- The right to be informed about the use of your data

- The right to access the personal data Jersey Aquatic Rescue Club holds

- The right to ratify any incorrect or inaccurate data

- The right to erase personal data held by Jersey Aquatic Rescue Club

- The right to restriction of processing the personal data held by Jersey Aquatic Rescue Club

- The right of data portability to receiving personal data held by Jersey Aquatic Rescue Club

- The right to object to the processing of data for other means

- The right not to be subject to decisions based on automated processing

Data subject access request

Jersey Aquatic Rescue Club members may made data subject access requests to the club to obtain

details on the data that we hold. The club will comply the request with the requirements of the data

protection regulation.

Consent

Jersey Aquatic Rescue Club will obtain consent through our standard documents (New members form,

Activity consent form etc). Jersey Aquatic Rescue Club understands that it has been given consent

explicitly and freely by the member to the processing of personal data relating to them. The consent

of the data subject can be withdrawn at any time. The member has been informed of the intended

processing of their data and has agreed while in a fit state of mind and without pressure being exerted

upon them.

Data Security

All members and volunteers are responsible for the data in which Jersey Aquatic Rescue Club holds.

The data should be kept securely and not distributed to any third parties without prior authorisation.

Personal data is secured both physically and electronically and has the relevant security measures in

place to protect the data. Personal data must only be accessible to those who need to use it.

Third Parties

Third parties working for the club have access to personal data must also comply with the relevant

GDPR law. The relevant contractual agreement has been obtained with third party data processors

and controls so that we meet the same obligations.

Data Disclosure

Jersey Aquatic Rescue Club must ensure that personal data is not disclosed to any unauthorised third

parties. Data protection laws may permit disclose on certain occupations without consent so long as

the information is requested for one or more of the following:

- To safeguard national security

- Prevention or detection of crime

- Assessment or collection of tax duty

- Discharge of regulation functions

- To prevent serious harm to third parties

- To protect the vital interest of the individual

Data Retention

Jersey Aquatic Rescue Club will retain the members data for 7 years after they have left the club.

Unless the rights of the individual allow the right to erase personal data held.