MCG Navigation Update
Members Area Logon Logout
MCG Logo

GDPR & Privacy Policy

1. Data Controller

Mendip Caving Group (MCG) is the data controller responsible for your personal data.

Contact: secretary@mendipcavinggroup.org.uk

2. What Data We Collect

We collect and process the following personal data:

  • Identity data: Forename, surname, date of birth
  • Contact data: Email address, telephone number, postal address
  • Membership data: MCG membership type, BCA status, joining date, payment information
  • Emergency contact data
  • Leadership data: Committee positions, cave leader roles
  • Technical data: Login data (username only), IP address for security purposes, Nordrach cottage access data

3. Legal Basis for Processing

We process your personal data under the following legal bases:

  • Contractual necessity: To fulfill our membership agreement with you
  • Legitimate interests: Club administration, safety management, and communication
  • Legal obligation: BCA membership reporting, insurance requirements
  • Consent: Event communications, general notices, newsletters etc. (you can withdraw consent at any time)

4. How We Use Your Data

We use your data for the following purposes:

  • Processing membership applications and renewals
  • Managing payments and financial records
  • Emergency contact purposes during caving activities
  • Sending club newsletters and important updates
  • BCA membership administration
  • Managing access to club properties and caves

5. Data Sharing

We may share your data with:

  • British Caving Association (BCA): For insurance and membership purposes
  • Payment processors: For processing membership fees
  • Emergency services: In case of emergencies during club activities

We do not sell your data to third parties.

6. Data Retention

We retain your personal data for:

  • Active members: Duration of membership plus 7 years for financial records
  • Former members: 7 years after membership ends for legal/financial purposes, membership details for historical record
  • Applications: 1 year if not approved

7. Your Rights Under GDPR

You have the following rights:

  • Right of access: Request a copy of your personal data
  • Right to rectification: Correct inaccurate data
  • Right to erasure: Request deletion of your data (subject to legal requirements)
  • Right to restrict processing: Limit how we use your data
  • Right to data portability: Receive your data in a portable format
  • Right to object: Object to processing based on legitimate interests
  • Right to withdraw consent: For consent-based processing

8. Data Security

We implement appropriate security measures including:

  • Encrypted data transmission (HTTPS/TLS)
  • Secure cloud storage with Firebase
  • Role-based access controls
  • Regular security audits
  • Strong password requirements
  • Session timeouts after inactivity

9. Cookies and Tracking

We use essential cookies for authentication and session management. We do not use tracking or advertising cookies.

10. Changes to This Policy

We may update this policy periodically. The latest version will always be available on our website with the last updated date.

Last Updated: 04/11/2025

11. Contact & Complaints

To exercise your rights or raise concerns:
Email: secretary@mendipcavinggroup.org.uk

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO): www.ico.org.uk