Privacy

How CSSC handles personal data

Civil Service Sports Council and it associated companies take the privacy of your information very seriously. Our Privacy Policy below explains how we will collect and use the information you give us via our site: www.cssc.co.uk (the “Site”) and otherwise (for instance when you provide it to us by telephone having accessed our Site).

We are committed to good information handling principles and the privacy and confidentiality of any personal information we deal with including that of Site visitors and persons we deal with otherwise (see above).

We provide supplementary and more specific notices and statements, in addition to this Privacy Policy, to certain individuals whose personal information may be processed at other key interaction points with them. Those notices can be read in conjunction with this Site Privacy Policy statement.

In this Privacy Policy, the word “we” and “CSSC” refers to the Civil Service Sports Council. The terms “you” and “your” mean any visitors and users of this Site or individuals who otherwise interact with us in connection our business and services.


Changes to this Privacy Policy

We are continually improving our methods of communication and adding new functionality and features to this Site and to our existing services. Because of these ongoing changes, changes in the law and the changing nature of technology, our data practices will change from time to time. If and when our data practices change, we will notify you of the changes via this page where the current version of the Privacy Policy will be published. Where appropriate, we will notify you of changes by email. We encourage you to check this page frequently.  


What is personal information?

“Personal Information” has the same meaning as personal data. Personal data is defined in data privacy laws applicable in your country. It includes any information relating to an identified or identifiable natural person. This means any individual who can be identified directly or indirectly by reference to an identifier such as name, identification number, location data, online identifiers (for example, IP addresses – if they can be used to identify you) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.  Put simply, this includes data which either by itself or with other data held by us or available to us, can be used to identify you. 

Personal information also includes special or sensitive categories of personal data.  This is data about your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning your health, sex life or sexual orientation. 



The categories of personal information we may collect

Personal information collected from you or relevant third party sources may include the following:

  • your full name, CSSC number, postal address, e-mail address, employer/business and professional information, job titles, telephone and fax numbers;
  • bank and card details where you make payments to us;
  • any other Personal Information which you voluntarily provide to us from time to time.

We may combine or supplement this information with other information that we hold about you if you are a CSSC member, or have made inquiries of us before or from third party sources. We may also obtain information from publicly available sources such as the electoral roll, or other third parties who have a legitimate basis on which to pass on your information. 

If you communicate with us by email over the internet you should be aware that the nature of the internet may not be secure and may pass through several different countries on route to us. Please do not email us with confidential or sensitive information such as your credit card details. We comply with data privacy laws in relation to security, but cannot accept responsibility for unauthorized access to your information that is outside our control. Further information regarding our approach to the security of personal information is included in the section below on Security of personal information.


Third party’s personal information

If you give us personal information about another person, in doing so you confirm that they have given you their prior permission to provide it to us and for us to be able to process their personal data (including any sensitive personal data).  

You must also ensure this and other relevant privacy policies are brought to their attention so they can review how their personal information may be used.


The purposes for which we use personal information

We will only use your personal information for the purposes that you would reasonably anticipate or that we state when we collect it and, where necessary, for which you have given us your consent.

Some of these purposes may include the following:

  1. if you choose to register to receive information or enquire about our services;
  2. if you choose to receive our services and to send you Newsletters and details of events;
  3. to conduct surveys to evaluate our events and membership;  
  1. for the purposes of accounting and to manage and audit our operations;
  2. where you have provided your consent, or otherwise in accordance with applicable data protection and marketing laws, to contact you occasionally to inform you of new services we will be providing or we consider will be of interest to you;
  3. processing your request for information or to exercise any rights;
  4. diagnosing any problems with our server and administer our Site;
  5. processing job applications;
  6. research and analysis and developing statistics;
  7. complying with legal and regulatory requirement; and  
  8. establishing and defence of legal rights.

The legal basis for our use and other processing of your personal information under applicable data privacy laws

We have described above the purposes for which we may use and otherwise process your personal information in connection with the Site or for our business purposes. We are required by law to indicate to you the legal basis for this use and other processing.  This will include (as relevant):

  1. in order that we may perform our services and obligations under any contract with you;
  2. processing for legitimate commercial interests provided these are not overridden by your interests and fundamental rights and freedoms;
  3. processing which is necessary for compliance with our legal obligations laid down by European Union law (where relevant) and by national laws in all of our countries.

Your consent may also be a lawful reason for processing your personal information in certain cases.  This means your freely given, specific, informed and unambiguous consent which may be collected from you at the time at which it is requested including in relation to any direct marketing communications, see Keeping you informed below.

You should be aware that you are entitled under applicable data privacy law to withdraw your consent, where that has been given, at any time.  You should be aware that if you do this and if there is no alternative lawful reason for us to rely on to justify the relevant use or other processing on your personal information, this may affect our ability to provide our services.    


Keeping you informed

We will keep your name, address and contact details (including telephone numbers and email addresses) on our databases and (unless you have opted-out of this at the point at which we first collected your details from you) we may from time to time use that information to make you aware of our own same or similar products and sports, events and leisure services which may be of interest to you. We may contact you in writing, by telephone or email. If at any time you decide that you do not want your contact details used for these purposes, please contact us.

If you have provided your consent, CSSC may also disclose personal data to other group companies who may contact you by email or text that you have indicated is your preferred contact method and about sports, events and leisure activities administered or arranged by CSSC.

If you are members of MySavings+:

  1. you should read our membership terms and conditions and the privacy policies provided by the benefits specialists Parliament Hill Ltd and People Value Ltd for details of how your personal information will be processed; and
  2. if you have provided your consent, our emails, including Newsletters, will contain details of retail savings offers, news, health and fitness services and insurance products from regulated providers of insurance products that you have stated may interest you.

Disclosure of your Personal Information to third parties

CSSC may share personal information under these limited circumstances:

  1. within our group companies and business partners in order to deliver our services, this may include agents, IT support, web developers, savings providers and others;
  2. to third parties who act for us for further processing in accordance with the purposes for which the personal data was originally collected or for purposes to which you have subsequently consented. Where we are making arrangements on your behalf we may need to pass your information to third parties to conclude those arrangements. For example, to a museum administering an event to make a reservation.
  3. to our advisers;
  4. to comply with legal requirement and regulatory requirements, for the administration of justice, to protect vital interests, to protect the security or integrity of our databases or this Site, to take precautions against legal liability;
  5. with regulatory authorities, courts and governmental agencies to comply with legal orders, legal or regulatory requirements and government requests;
  6. if we sell or buy any business or assets, we may disclose your personal information to the prospective seller or buyer of such business or assets, or otherwise in the event of our merger, re-organisation, dissolution or similar event.

Where appropriate, before disclosing personal information to a third party, we contractually require the third party to take adequate precautions to protect that data and to comply with applicable privacy laws.


CSSC use of cookies

For details on our use of cookies on this Site, please see our Cookies Policy.


Retention of your personal information

We keep your personal information for no longer than is necessary to fulfil the purposes for which it was collected as described above. 

The criteria we use to determine data retention periods for personal information includes the following:

  1. Retention in case of queries.  We will retain it for a reasonable period (up to 5 years) in case of queries from you;
  2. Retention in case of claims.  We will retain it for the period in which you might legally bring claims against us (in the UK this means we will retain it for 6 years);
  3. Retention in accordance with legal and regulatory requirements.  We will consider whether we need to retain it after the period described in (ii) because of a legal or regulatory requirement. 

If you would like further information about our data retention practices please contact us (see Contact us below).


Security of Personal Information

We endeavour to use appropriate technical and physical security measures to protect personal information which is transmitted, stored or otherwise processed from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of or access in connection with our Site.  These measures include computer safeguards and secured files and facilities. We have received ISO 27001 accreditation for compliance with best practice in information security management. Our service providers are also selected carefully and required to use appropriate protective measures.

In particular, we endeavour to implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including as appropriate: (a) pseudonymisation (such as where data is separated from direct identifiers so that linkage to an identity is not possible without additional information that is held separately) and encryption, (b) ensuring the ongoing confidentiality, integrity, availability and resilience of systems and services used to process your personal information, (c) ensuring the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident; and (d) ensuring a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational security measures.


Individual rights

You have various rights under data privacy laws.  These may include (as relevant) the right to:

  1. access information held about you. You must make your request in writing and provide us with enough information to permit us to identify your personal information. A small statutory fee may be payable and in certain circumstances under the privacy laws, we may not be required to provide all the details of personal data held;
  2. amend and rectify personal information that is inaccurate and notify any third party recipients of the necessary changes;
  3. request restriction of processing concerning you or to object to processing of your personal information;
  4. the right to request the erasure of your personal information where it is no longer necessary for us to retain it;
  5. the right to data portability including to obtain personal information in a commonly used machine readable format in certain circumstances such as where our processing of it is based on a consent;
  6. the right to object to automated decision making including profiling (if any) that has a legal or significant effect on you as an individual; and
  7. the right to withdraw your consent to any processing for which you have previously given that consent.

Please be aware that some of these rights will only become relevant when changes to data privacy laws come into force in May 2018. 

Please see the contact details in the Contact us section below if you wish to exercise any rights. We endeavour to acknowledge requests within 48 hours and full information will be sent promptly and within the relevant statutory timescale. 


Links to other websites

Our Site may contain links to other sites outside CSSC’s Site which may not be operated by us. These hyperlinks are provided for your reference and convenience only and do not imply any endorsement of the activities of these third-party sites or any association with their operators. We do not control these websites and are not responsible for their data privacy and security on those sites. This Privacy Policy applies only to this Site. We urge you to review any privacy policy posted on any site you visit before using the site or providing any personal information.


International Transfers

Due to the global nature of the internet and many businesses, it may be that your personal information will from time to time be transferred to, or accessed by, parties located in other countries, including outside the European Economic Area (“EEA”). These other countries will either have different data protection laws than your country of residence or they may not have data protection laws. They may not be deemed by the European Commission as providing adequate protection for Personal Information.

Where such processing may occur outside of the EEA, steps will be taken to to put in place safeguards (including around security) to protect your Personal Information when it is in these other countries and ensure there is adequate and appropriate protection for any personal data outside the EEA. This includes use of European Model Clause contracts. You can find out what these are here:  http://ec.europa.eu/justice/data-protection/international-transfers/transfer/index_en.htm. If you have any questions please contact us (see Contact Us below). 


Your right to lodge complaints with the data privacy supervisory authority in your country

In addition to any other administrative or judicial remedy you might have, you have the right to lodge a complaint with the relevant data protection supervisory authority if you consider that we have infringed applicable data privacy laws when processing your personal information.  The data privacy regulator’s details in the UK are as follows: Information Commissioner’s Office and their site is: https://ico.org.uk/ which includes current contact details.


Contact us

We welcome comments about this Privacy Policy.

If you wish to provide comments or exercise any of your rights you can:

  • write to the Customer Services Manager at CSSC, Compton Court, 20-24 Temple End, High Wycombe, HP13 5DR; or
  • email to headoffice@cssc.co.uk

About

Membership

CSSC Magazine

 

 

 

 

 

 

The latest edition of Leisure Scene is now available for you to view online, it's packed full of exciting things going on at CSSC.

You can also view the previous edition(s) here.