The Three Percenters MCC takes data privacy very seriously and will always act in accordance within the law in the country of our operation, the United Kingdom. Our data privacy policy and procedures have been updated to comply with both the General Data Protection Regulation (GDPR) and the Data Protection Directive (DPD) April 24th 2018.
We only collect personal information from users who sign up. We do not collect any information from someone who is visiting our public homepage. We collect and store the following identifiable data when you join the club:
Name, postal address, email address, telephone number, sobriety date, and any email out preferences you may have chosen to grant us.
Certain personal information, (name, telephone number, join date, country, contact number, general location for member map, sobriety date, amounts of visit to the website and total of forum posts) can be viewed by other paid up members, (email address visibility is optional and postal address is for admins only). This is because we are a club for members to be able to interact with other members not just through a forum. Our club ethos is for members to meet other members for ride-outs and meets. It should be understood that joining the club means we share names, telephone numbers and optional email address with fellow club members. Postal Addresses are only viewable by club administrators.
Website security
Further to the legal directive on privacy; we also employ privacy to protect our members being identified by visitors to our website who are not club members. No names, personal information, forum posts or photos are available to those who are not paid up members of the club. Our website is restricted to signed up members only. Activation of a member after signup is only performed when the user is manually verified. After this activation is performed, limited access to the website to be able to pay dues is granted. When payment is made for membership, then user then has full access to the website content including forums. The website uses SSL encryption and has a SHA-256 with RSA Encryption certificate from Comodo.
Online payments
We do NOT store credit card numbers, nor any other payment information. All of our website transactions are processed via PayPal, not us. We do not handle any financial element. When a purchase is being made, the session is transferred to PayPal.com to be completed and back to our website after transaction is complete.
We use session cookies on our website, to allow members to have an enhanced experience when using our forum.
Most browsers automatically accept cookies; you can set your browser options so that you will not receive cookies from websites or from third party sites you can also delete existing cookies from your browser by using the options available. Many browsers can be set to suppress the full functionality of cookies which are sent from a web server to a web browser when that browser visits the server's site.
Opt-in email communications tick boxes
Upon member signup, our website contains "opt-in" boxes on the page where you provide personal information. If you do not want us to email you information as described and where relevant, you should untick the "opt-in" boxes. You can also modify your email preferences after sign-up and at any time during membership, doing so within your Member Profile page on the website.
Data Subject Access Request
All of the data we hold on a paid-up member can be viewed by that member in their website profile. However if you wish to request a copy of the data we have stored in relation to your membership (name, postal address, email address, telephone number, date of joining the club, sobriety date, and any email preferences), please use the Contact Us form. We will execute such requests within one month of receipt of your email and will verify your identity before returning any information.
Right to be forgotten
If you wish to have all such data (name, postal address, email address, telephone number, date of joining the club, sobriety date any email preferences), removed from our records, please use our Contact Us form.
Please note, your request must come from the same email address used in relation to your order to ensure your privacy.
We will execute such requests within one month of receipt of your email.
Data Breach & Notification
In the unlikely event of any data breach, we will notify the appropriate supervisory authority without undue delay, and where feasible no later than seventy-two (72) hours of the discovery of the breach.
In the unlikely event of such a data breach being likely to result in a high risk to the rights and freedoms of individuals, we will notify those individuals without undue delay, and where feasible no later than seventy-two (72) hours of the discovery of the breach.
If you have any queries or complaints regards our data protection practises, please contact our Data Protection Officer using our Contact Us form. We will respond to such requests within five (5) working days.