The Helicopter Club of Great Britain


Data Protection Policy


1. Introduction

The Helicopter Club of Great Britain ('the Club') is committed to protecting the personal data of its

members in compliance with the Data Protection Act 2018 (DPA 2018) and the UK General Data

Protection Regulation (UK GDPR). This policy sets out how we collect, use, store, share, and

protect members’ personal information.


2. Personal Data We Collect

The Club may collect and process the following categories of personal data: Name, address,

telephone numbers, email addresses; Membership details; Aircraft ownership and licensing details

(where relevant); Participation in Club activities; Emergency contact details.


3. Lawful Basis for Processing

Contractual necessity; Legitimate interests; Consent; Legal obligation.


4. Use of Data

Personal data will be used for maintaining membership records, communicating with members,

circulating a membership directory, administering events, and ensuring compliance with aviation

and Club regulations.

5. Data Sharing and Disclosure


Data will be shared only within the Club, with service providers under contract, or with regulators as

required by law. Personal data will never be sold to third parties

.

6. Membership Directory (Paper Copy Book)

The Club may issue a printed membership directory with selected member details. Consent is

required before inclusion. The directory is distributed only to members, for private non-commercial

use, and members may withdraw consent at any time.


7. Data Retention

Personal data will be retained only as long as necessary, normally up to six years after membership

ends.


8. Security Measures

The Club takes technical and organisational steps to secure data, including password protection,

restricted access, and controlled distribution of directories.


9. Members’ Rights

Members have rights under the DPA 2018 and UK GDPR including access, rectification, erasure,

restriction, objection, and withdrawal of consent.


10. Data Breach Procedures

Suspected breaches must be reported immediately. Serious breaches will be reported to the ICO

within 72 hours.


11. Roles and Responsibilities

The Committee ensures compliance, the Secretary acts as contact for data protection matters, and

all members must respect confidentiality.


12. Review

The policy will be reviewed annually or sooner if required.


13. Contact

For queries or rights requests, contact the Club Secretary.