Shopping Cart

No products in the cart.

Shopping Cart

No products in the cart.

Data Protection & GDPR Statement – East Kent Kitesurfing Club (EKKC)

Last updated: 28/09/2025

East Kent Kitesurfing Club (“EKKC”, “we”, “us”, “our”) is committed to protecting the personal data of our members, supporters, and customers. We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Our Commitment

We will:

  • Process personal data lawfully, fairly, and transparently.
  • Collect data only for specified, explicit, and legitimate purposes.
  • Limit data collection to what is adequate, relevant, and necessary.
  • Keep personal data accurate and up to date.
  • Retain personal data only as long as necessary for our purposes.
  • Store and process personal data securely.

2. Why We Collect Data

We may collect and process personal information for:

  • Membership registration and renewals.
  • Product orders (e.g. calendars).
  • Communication of news, events, and fundraising activities.
  • Financial records, reporting, and compliance with legal obligations.

3. Your Rights Under UK GDPR

As an individual, you have the right to:

  • Access the personal data we hold about you.
  • Rectify inaccurate or incomplete data.
  • Erase your personal data (subject to legal retention requirements).
  • Restrict or object to how your data is processed.
  • Withdraw consent where processing is based on consent.
  • Data portability – request a copy of your data in a structured, machine-readable format.
  • Lodge a complaint with the UK Information Commissioner’s Office (ICO) if you believe your rights are not being upheld.

4. Data Security

We take appropriate organisational and technical measures to protect personal data against unauthorised access, alteration, disclosure, or destruction.

5. Data Sharing

We will never sell your data. We may share information with trusted third parties such as:

  • Payment processors (for membership and product payments).
  • Print-on-demand suppliers (for order fulfilment).
  • Website hosting and analytics providers.
  • Regulators or authorities, where legally required.

All third parties are contractually obliged to handle your data securely and in compliance with UK GDPR.

6. Data Retention

  • Membership records: up to 2 years after expiry.
  • Order/payment records: up to 6 years for legal and accounting purposes.
  • Mailing list data: until you unsubscribe.

7. Contact Us

If you have questions or requests relating to data protection, please contact:

📧 info@ekkc.org
🌐 https://ekkc.org