Privacy

 

How CSSC handles personal information 

Civil Service Sports Council takes the privacy of your information very seriously. Our Privacy Policy below explains how we will collect and use the information you give us via our site: www.cssc.co.uk (the “Site”) and otherwise when you are using our services, for instance when you complete any paper or Site forms or otherwise, or provide data to us by telephone.

We are committed to good information handling principles and the privacy and confidentiality of any personal information we deal with.

When we interact with you, we might give you supplementary privacy notices which are more specific to the personal data we’re collecting or using at that point. You should read those notices alongside this Privacy Policy.

In this Privacy Policy, the word “we” and “CSSC” refers to the Civil Service Sports Council. Unless otherwise stated, we are the data controller of any personal data collected via the Site, in any forms, via the telephone, email or otherwise. Our contact details are included in the contact us section below.

The terms “you” and “your” mean any visitors and users of this Site and individuals who otherwise interact with us in connection with our services.

Changes to this Privacy Policy

We are continually improving our methods of communication and adding new functionality and features to this Site and to our services. Because of these ongoing changes, changes in the law and the changing nature of technology, our data practices will change from time to time. If and when our data practices change, we will notify you of the changes via this page where the current version of the Privacy Policy will be published. Where appropriate, we will notify you of changes usually by email, but occasionally in another more appropriate format such as letter. We encourage you to check this page frequently also.  

What is personal information?

When we use the term “Personal information”, we mean the same as “personal data”. Personal data is defined in data privacy laws applicable in your country. It includes any information relating to an identified or identifiable natural person. This means any individual who can be identified directly or indirectly by reference to an identifier such as name, identification number, location data, online identifiers (for example, IP addresses – if they can be used to identify you) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.  Put simply, this includes data which either by itself or with other data held by us or available to us, can be used to identify you. 

The categories of personal information we collect

Personal information collected from you in connection with our services includes the following:

  • your full name, date of birth, CSSC number, postal address, e-mail address, employer/business and professional information, job titles, next of kin and dietary requirements eg if you are attending an event or national, regional or area conference, telephone and fax numbers and Any other personal data which is voluntarily provided to CSSC from time to time
  • bank and card details where you make payments to us.

Personal information also includes special or sensitive categories of personal data, including medical or disability information which we may collect in connection with any trips or events you choose to attend for health and safety purposes. 

If you communicate with us by email over the internet you should be aware that the nature of the internet may not be secure and may pass through several different countries on route to us. Please do not email us with confidential or sensitive information such as your credit card details. We comply with data privacy laws in relation to security, but cannot accept responsibility for unauthorized access to your information that is outside our control. Further information regarding our approach to the security of personal information is included in the section below on Security of personal information.

Third party’s personal information

If you give us personal information about another person, in doing so you confirm that they have given you their prior permission to provide it to us and for us to be able to process their personal data (including any sensitive personal data).  

You must also ensure this and other relevant privacy policies are brought to their attention so they can review how their personal information may be used.

The purposes for which we use personal information

We will only use your personal information for the purposes that you would reasonably anticipate or that we state when we collect it and, where necessary, for which you have given us your consent, as set out in the table below.

The legal basis for our use and other processing of your personal information under data privacy laws

We are required to indicate our processing activities with your personal information and the legal basis for those activities (see the table below).  The legal basis includes handling your personal information:

  1. in order that we may perform our services and obligations under any contract with you;
  2. for our legitimate commercial interests to deliver our services to you provided these are not overridden by your interests and fundamental rights and freedoms. You can contact us to ask us for more information on the specific interests and how we balance those to ensure privacy is respected;
  3. for processing which is necessary for compliance with our legal obligations laid down by European Union law (where relevant) and by national laws in all of our countries;
  4. with your consent.  This means your freely given, specific, informed and unambiguous consent which may be collected from you at the time at which it is requested, including in relation to any direct marketing communications, see Keeping you informed below.
     
Purpose of Data Use Personal information used Our Lawful Basis for using the information
To administer any membership you have with us and managing our relationship with you, including dealing with payments and any support, service or product enquiries made by you

All contact and membership details, transaction and payment information, records of your interactions with us, and marketing preferences.

This is necessary to enable us to properly manage and administer your membership contract with us. 

To arrange and manage any contracts for the provision of any services or products

Contact details, transaction and payment information.

Records of your interactions with us.

This is necessary to enable us to properly administer and perform any contract for the provision of any services and products you have purchased from us. 
To send you information which is included within your membership benefits package, including details about advanced ticket information, competitions and events, partner offers and discounts and any updates on our sport and leisure offerings Contact and membership details.

This is necessary to enable us to properly manage and administer your membership contract with us. 

To send you other marketing information we think you might find useful or which you have requested from us, including our newsletters, information about membership, events, products and information about our commercial partners and to occasionally inform you of new services we will be providing or we consider will be of interest to you.

Contact details and marketing preferences.

The lawful basis for handling this data is as described below:

  1. Existing Members Pre 25 May 2018 – Contract and Soft Opt-in
  2. New Members post 25 May 2018  - Contract/Consent
To answer your queries or complaints Contact details and records of your interactions with us  We have a legitimate interest to provide complaint handling services to you in case there are any issues with your membership.
Retention of records All the personal information we collect.

We have a legitimate interest in retaining records whilst they may be required in relation to complaints or claims. We need to retain records in order to properly administer and manage your membership and run CSSC and in some cases we may have legal or regulatory obligations to retain records for the purposes of accounting and to audit our operations.

We process special category personal data on the basis of the “special category reasons for processing of your personal data” referred to above.

For criminal records history we process it on the basis of legal obligations or based on your explicit consent.
The security of our IT systems

Your usage of our IT systems and online portals.

We have a legal obligation to ensure that our IT systems are secure.
To conduct research and data analysis and develop statistics to better understand event attendance and trends within the CSSC offering. Records of your attendance at any events or competitions hosted by us or your use of CSSC  offering ie. online shop and my savings This is necessary to perform our legitimate interest with you to ensure that our membership is targeted and relevant. 
For the purposes of promoting CSSC, our events and membership packages. Images in video and/or photographic form. Where you have given us your explicit consent to do so
To comply with health and safety requirements Records of attendance, CCTV footage and other information obtained through electronic means such as swipe card and key fob records, medical information about your health. We have a legal obligation to provide you and other members of our organisation with a safe environment in which to participate in sport.
To administer your attendance at any workshops, programmes or events you sign up to

All contact and membership details, transaction and payment data.

This is necessary under your contract with us to enable us to register you on to and properly manage and administer your attendance on the course and/or programme.
To arrange for any trip or transportation to and from an event Identification documents details of next of kin, family members and emergency contacts, transaction and payment information, health and medical information. This is necessary under your vital interests  to enable us to make the necessary arrangements for the trip and/or transportation 
To use information about your physical or mental health (including any injuries) or disability status, to ensure your health and safety and to assess your fitness to participate in any events or activities we host and to provide appropriate adjustments to our sports facilities. Health and medical information We process special category personal data on the basis of the “special category reasons for processing of your personal data” referred to above.
To gather evidence for possible grievance or disciplinary hearings All the personal information we collect We have a legitimate interest in doing so to provide a safe and fair environment for all members and to ensure the effective management of any disciplinary hearings, appeals and adjudications.
Complying with legal and regulatory requirement; and establishing and defence of legal rights.   Information needed for legal defence For criminal records history we process it on the basis of legal obligation or based on your explicit consent

 

You should be aware that you are entitled under data privacy law to withdraw your consent,where that has been given, at any time.  You can withdraw your consent by contacting us. See more details in the Contact us section below. You can also withdraw your consent by accessing My CSSC.

You should be aware that if you do this and if there is no alternative lawful reason for us to rely on to justify the relevant use or other processing on your personal information, this may affect our ability to provide our services.    

Keeping you informed

We will keep your name, address and contact details (including telephone numbers and email addresses) on our databases and (unless you have opted-out of this at the point at which we first collected your details from you) we may from time to time use that information to make you aware of our own same or similar products and sports events and leisure services which may be of interest to you. We may contact you in writing, by telephone or email. If at any time you decide that you do not want your contact details used for these purposes, please contact us or amend your preferences on My CSSC.

If you have provided your consent, CSSC’s other group companies and third parties (that you have indicated to us you would be interested to hear about) may contact you by email or text that you have indicated is your preferred contact method, about sports, events and leisure activities administered or arranged by CSSC.

MySavings+

When you sign up with us, we will also share some limited personal information with Parliament Hill Ltd and People Value Ltd who operate MySavings+ to enable them to identify you:

  • You should read their membership terms and conditions and the privacy policies provided by the benefits specialists Parliament Hill Ltd and People Value Ltd for details of how your personal information will be processed; and
  • If you have provided your consent to receive My Savings+ emails, including Newsletters, these will contain details of retail savings offers, news, health and fitness services and insurance products from regulated providers of insurance products that you have stated may interest you. 

Disclosure of your Personal Information to other third parties

  • CSSC may share personal information with third parties under these circumstances:
  • within our group companies and third party business partners, or event organisers in order to deliver our services or verify your membership;
  • with third parties so that they can deliver the services and benefits you are seeking, eg savings providers, or tastecard, this may involve sharing membership information so the third party can verify your membership;
  • agents, IT support, web developers, affiliates, savings providers, service providers conducting satisfaction surveys such as Survey Monkey, travel agents, tour operators, event venues and hotels;
  • to our advisers;
  • to comply with legal requirement and regulatory requirements, for the administration of justice, to protect vital interests, to protect the security or integrity of our databases or this Site, to take precautions against legal liability;
  • with regulatory authorities, courts and governmental agencies to comply with legal orders, legal or regulatory requirements and government requests;
  • if we sell or buy any business or assets, we may disclose your personal information to the prospective seller or buyer of such business or assets, or otherwise in the event of our merger, re-organisation, dissolution or similar event.

Where appropriate, before disclosing personal information to a third party or affiliate who process your information under our instructions as a data processor, we require the third party to take adequate precautions to protect that data and to comply with applicable privacy laws.

CSSC use of cookies

For details on our use of cookies on this Site, please see our Cookies Policy.

Retention of your personal information

We keep your personal information for no longer than is necessary to fulfil the purposes for which it was collected as described above or in another privacy notice provided to you, taking into account the requirements from the following criteria:

  • any laws or regulations that we are required to follow;
  • whether we are in a legal or other type of dispute with each other or any third party;
  • the type of information that we hold about you; and
  • whether you are still a member of our services.

Retention in case of queries.  We will retain it for a reasonable period (up to 5 years) in case of queries from you;

Retention in case of claims.  We will retain it for the period in which you might legally bring claims against us (in the UK this means we will retain it for 6 years);

If you would like further information about our data retention practices please contact us (see Contact us below).

Security of personal information

We endeavour to use appropriate technical and physical security measures to protect personal information which is transmitted, stored or otherwise processed from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of or access, whenever this is collected in connection with our services. 

On our Site, these measures include computer safeguards and secured files and facilities. We have received ISO 27001 accreditation for compliance with best practice in information security management. Our service providers are also selected carefully and required to use appropriate protective measures.

In particular, we endeavour to implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including as appropriate: (a) pseudonymisation (such as where data is separated from direct identifiers so that linkage to an identity is not possible without additional information that is held separately) and encryption, (b) ensuring the ongoing confidentiality, integrity, availability and resilience of systems and services used to process your personal information, (c) ensuring the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident; and (d) ensuring a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational security measures.

If there is a breach of security involving your personal information which we are concerned will involve risks to you, we shall without undue delay, work to mitigate those and contact you and/or the data privacy supervisory authority in accordance with applicable laws.

Individual rights

You have various rights under data privacy laws.  These may include (as relevant) the right to:

  • access information held about you. You must make your request in writing by using the Subject Access Request form found under contact us and provide us with enough information to permit us to identify your personal information. In certain circumstances under the privacy laws, we may not be required to provide all the details of personal data held;
  • amend and rectify personal information that is inaccurate and notify any third party recipients of the necessary changes;
  • request restriction of information processing concerning you or to object to processing of your personal information;
  • the right to request the erasure of your personal information where it is no longer necessary for us to retain it;
  • the right to data portability including to obtain personal information in a commonly used machine readable format in certain circumstances such as where our processing of it is based on a consent;
  • the right to object to automated decision making including profiling (if any) that has a legal or significant effect on you as an individual and the right to object to marketing; and
  • the right to withdraw your consent to any processing for which you have previously given that consent, without affecting the lawfulness of any processing based on your consent prior to its withdrawal.

Please see the contact details in the Contact us section below if you wish to exercise any rights. We endeavour to acknowledge requests within two working days and the appropriate response and information promptly and within the relevant statutory timescale (usually one month). 

Links to other websites and providing information to third parties

Our Site may contain links to other sites outside CSSC’s Site which may not be operated by us. These hyperlinks are provided for your reference and convenience only and do not imply any endorsement of the activities of these third party sites or any association with their operators. We do not control these websites and are not responsible for their data privacy and security on those sites. This Privacy Policy applies only to this Site (and supplements any other privacy notices we have provided in connection with any forms or when you otherwise provide us with personal information).

We urge you to review any privacy policy posted on any site you visit, or are otherwise provided with by a third party, before using the site or providing any personal information.

International Transfers

Other countries may have different data protection laws than your country of residence or they may not have data protection laws at all. They may not be deemed by the European Commission as providing adequate protection for personal information.

We only send information outside of the UK if you have specifically requested a trip outside of the UK which is organised with or via a third party. We do not otherwise have any suppliers outside the European Economic Area (“EEA”).

We will only make transfers of personal information outside the EEA:

  • to a location which has been recognised as ensuring adequate protection by the relevant privacy supervisory authorities;
  • where we have taken steps to put in place safeguards (including around security) to protect your personal information. This includes use of European Model Clause contracts which are approved by the European Commission. You can find out what these are here
  • if the transfer is necessary for one of the reasons specified in data privacy laws, such as the performance of a contract between us or in your interests; or
  • you explicitly consent to the transfer eg in a form.

If you have any questions please contact us (see Contact Us below). 

Your right to lodge complaints with the data privacy supervisory authority in your country

You can contact us directly if you have any concerns or complaints regarding how your personal information is handled. We take privacy seriously and will respond promptly. You can access our complaints form here.

In addition to any other administrative or judicial remedy you might have, you have the right to lodge a complaint with the relevant data protection supervisory authority if you consider that we have infringed applicable data privacy laws when processing your personal information. The data privacy regulator’s details in the UK are as follows: Information Commissioner’s Office and their site is: https://ico.org.uk/ which includes current contact details and how to lodge a complaint in writing or by telephone to their contact centre.

Contact us

We welcome comments or queries about this Privacy Policy and our information handling practices.

If you wish to provide comments, update any of your preferences or exercise any of your rights you can:

  • write to the Customer Services Manager at CSSC, Compton Court, 20-24 Temple End, High Wycombe, HP13 5DR;
  • email to headoffice@cssc.co.uk;
  • call 01494 888 444 between 9am – 5pm Mon – Thurs and 9am – 4:30pm on Friday;
  • make changes by logging into our preference centre within “My CSSC” at any time;
  • contact our Data Protection Officer if you have any queries regarding our data protection practices by email to dataenquiries@cssc.co.uk.
  • Download and submit a Subject Access Request form. 

Privacy Policy PDF

Information Security Policy

About

Membership

CSSC Magazine

 

 

 

 

 

 

The latest edition of Leisure Scene is now available for you to view online, it's packed full of exciting things going on at CSSC.

You can also view the previous edition(s) here.