The General Data Protection Regulation (GDPR) is a legal framework for the collection and processing of personal information from individuals who live within the European Union (EU). GDPR puts the individual in control of their own information and how it may be used including how a company that holds that information can communicate with them.
ClubManager gives you all of the tools you need to ensure you are compliant with GDPR but as a ‘Data Controller’ it is your responsibility to exercise caution as to how your member data is used and stored.
When a member joins your club they are prompted to opt-in to receive marketing communications from you as a tickbox. Some of the ClubManager base email templates also include a prompt for the member to opt themselves in to receiving marketing communications and these may be sent automatically to new members.
Similarly every email that is sent from ClubManager automatically includes a link to allow the member to adjust their marketing preferences (to either opt in or out of receiving certain messages). The member will also find these options clearly visible to them within the member app and on the member portal.
When composing an email, SMS message or push notification either as a ‘live’ message or as a ‘template’ you are given the option to choose whether the content type is ‘Transactional’ or ‘Marketing’. Marketing content will only ever be sent to those members who have opted to receive communication in that format, e.g. a Marketing SMS message will only be sent to members that have opted to receive marketing SMS messages. If the member has not opted in to receive the marketing communication they will not receive the SMS, push notification or email and a failure will show on the member’s journal (with the reason being that the member has not opted in)
Communication to your members about the service you are providing to them or responses to questions etc. are all Transactional messages and will be sent regardless of whether the member has opted in or not. This is inline with the GDPR framework.
Your discretion must be used as to the type of message you are sending (Transactional or Marketing) Marketing communication should not be sent as a Transactional type as that would be in clear breach of GDPR.
Similarly you should use your discretion as to how long you should keep the information of non-members for. If you have not heard from a non member for a significant period of time it would be worth considering whether the member’s details should be deleted. A member (or non member) can be deleted from the All Members grid (by choosing the member and clicking Delete) or by finding the member and clicking the Delete button at the bottom of the Member Details page (only users with a Manager role can do this)
If your member wants their information removed but you need to keep a record of their payment history we can anonymise the member’s information in full. If you would like us to do this please contact us.
Other ways ClubManager protects you
There are a number of other things that ClubManager does to help protect you, which includes:
-
The automatic logout of ClubManager after 20 minutes of inactivity.
-
A full audit so that all changes made by both staff and members are recorded and can be reported upon at any time.
-
Varying user roles and recommendation of strong passwords throughout.