PRIVACY POLICY
Last updated: 2 April 2026
Shefford and District Angling Association Ltd
Privacy Notice
Version: 2.0
Last updated: 02/04/2026
1. Who we are
Shefford and District Angling Association Ltd (“SDAA”, “we”, “us”, “the club”) is a not‑for‑profit company limited by guarantee, registered in England and Wales (No. 05430106).
We run a members’ angling club, manage fisheries and work parties, and operate:
Our public website: www.shefforddaa.org.uk
Our official Facebook group
Other communication channels (email, SMS, WhatsApp groups for bailiffs, etc.).
Registered Office
2 Manor Farm Court, Old Wolverton Road, Old Wolverton, Milton Keynes MK12 5NN
Main postal address
The Registrar, SDAA Ltd, PO Box 59, Shefford SG17 5UZ
Contact email
publicity@shefforddaa.org.uk
For the purposes of the UK General Data Protection Regulation (“UK GDPR”) and the Data Protection Act 2018, SDAA is the data controller for the personal data described in this notice.
2. Scope of this notice
This privacy notice explains how we collect, use and protect personal data in connection with:
Membership applications and renewals
Management of the club and its waters
Matches, events and work parties
Disciplinary and safeguarding matters
Financial and business administration
Our website and online forms
Our Facebook group and other social media
Communications with members and non‑members (e.g. enquiries).
3. What personal data we collect
We only collect personal data that we need to run the club safely and effectively. The main categories are:
Membership and contact details
Name
Postal address
Email address
Telephone number(s)
Age range (e.g., 12–17, 18–65, 66+). We only request full date of birth for Associate Junior members.
Membership/permit number and type (including junior status)
Club administration and financial data
Payment details/records (e.g. subscriptions, match fees, permits)
Card details are handled by payment providers where used; we do not routinely store full card details.
Records of committee meetings and decisions (minutes may contain member names)
Insurance, maintenance and general business records
Health, safety, safeguarding and disciplinary
Information about incidents, accidents and near‑misses
Disciplinary information, including:
Advice given
Verbal warnings
Endorsements
Suspensions
Bans and life bans
Safeguarding‑related information for relevant club officers and water bailiffs
Information about specialist training and qualifications (e.g. chainsaw use, chemical use near water, health and safety training).
Some of this information may include special category data, such as health information in accident reports.
Images and media
Photographs submitted to the club for use on the website, in catch reports, or other club materials
Catch reports (including picture, name of angler, species and weight of fish, and general location)
Online and communication data
Website contact form submissions
Email communications with members and non‑members
Facebook group membership and activity (posts, comments, interactions)
Limited membership details shared within the bailiffs’ WhatsApp group (name, membership number and permit level when interacting with members)
Technical data (website and analytics)
Basic web server logs and hit statistics from our hosting provider
Analytics data from Hostinger and Google Analytics, which may include IP address, device and browser information, approximate location and pages visited.
4. Where your data comes from
We collect personal data from:
Paper membership forms
Website contact forms
Emails and letters sent to the club
Directly from individuals online or by email (e.g. photos and catch reports submitted to the club)
Facebook group join requests and interactions
In‑person interactions with bailiffs and officers (e.g. checking permits, incident reporting)
We may also add information generated by the club itself (for example, disciplinary outcomes, notes of incidents or records of qualifications held).
5. How we use your personal data and lawful bases
We rely on a combination of contract, legal obligation, legitimate interests and, in some cases, consent.
5.1 Membership and administration
We use your data to:
Process membership applications and renewals
Maintain the club’s membership records for operational purposes, and maintain the statutory Register of Members of the Company (which includes only the legal company members/guarantors) as required under the Companies Act
Issue membership cards and permits
Communicate with members about membership, access to waters and club information
Arrange and manage matches, events and work parties
Keep appropriate accounting and financial records
Lawful bases:
Performance of a contract (your membership with us)
Legal obligation (e.g. maintaining the register of members, financial records)
Legitimate interests (efficient and safe running of the club)
5.2 Health & safety, safeguarding and disciplinary
We use relevant information to:
Record and manage incidents and accidents on‑site
Manage safeguarding concerns
Investigate and decide on disciplinary matters
Enforce bans and life bans where necessary
Demonstrate compliance with health and safety and insurance requirements
Lawful bases:
Legal obligation (health and safety, insurance, statutory requirements)
Legitimate interests (protecting members, the public, our waters and reputation)
In relation to special category data (e.g. health data), we may rely on:
Establishment, exercise or defence of legal claims
Health and safety obligations, where applicable.
5.3 Communications
We use contact details to:
Send information about meetings (e.g. AGM), changes to rules, access issues and other club matters
Respond to enquiries sent via the website, email or post
Communicate with committee members, officers and bailiffs about club business
We do not carry out commercial marketing or sell your data. SDAA operates an open membership model (with an overall cap on numbers), and communications are limited to club‑related matters only.
Lawful bases:
Performance of a contract (membership communications)
Legitimate interests (keeping members informed and running the club effectively)
5.4 Photographs and catch reports
Members may voluntarily submit photos and catch reports to the club. Under the membership contract and rule book, photos submitted to the club may be used by the club (for example, on the website, in galleries or in publications), and the club may retain them indefinitely.
In practice, if a member asks us to remove a specific image of them from our online channels, we will normally do so where reasonably possible.
Lawful bases:
Legitimate interests (promoting and recording the activities of the club)
Contract (terms of membership regarding images)
This does not apply to images that members or non‑members post directly within Facebook comments. These posts are governed by Facebook’s own platform terms and privacy policy, and are not managed under the club’s internal photo‑submission rules.
5.5 Website and analytics
We use basic server logs and analytics to:
Monitor the performance and security of our website
Understand general usage patterns (e.g. which pages are most visited)
Improve content and navigation
Lawful basis:
Legitimate interests (maintaining and improving our online services)
5.6 Facebook group and social media
We operate a Facebook group that:
Is open to non‑members to join
Requires admin approval to join and to make posts (all group members can respond to posts, subject to moderation)
Has its own group rules (e.g. no profanity, bullying, etc.)
We use information within the group to:
Approve or decline join requests
Moderate content and enforce group rules
Share club news and information
Lawful basis:
Legitimate interests (maintaining a safe and effective online community for the club)
6. Who has access to your data
We apply the principle of least privilege – people only have access to the information they need for their role.
Access is generally restricted to committee members and specific officers:
Chair – membership details; minutes and decisions; disciplinary register
Club Secretary – membership details; minutes and decisions; disciplinary register
Registrar/Membership Secretary – membership records and contact details
Treasurer – accounts and financial records; membership details where needed
Fisheries Officer – details of members on work parties; accident book; records of specialist qualifications
Head Bailiff – membership and relevant disciplinary records
Bailiffs – minimal membership details (name, permit level, membership number, junior status) as shown on the membership card when interacting with members
Committee members may also access relevant records when discussing disciplinary cases or other governance matters, subject to committee confidentiality.
We do not sell your personal data to anyone.
7. Where and how we store your data
Your data is stored in a combination of:
Electronic spreadsheets and databases
Club email inboxes (e.g. publicity@shefforddaa.org.uk)
Paper membership forms and files
The website content management system (CMS)
Facebook group admin tools
WhatsApp group for bailiffs (limited data, as described above)
We take appropriate technical and organisational measures to protect your personal data. However, no method of transmission over the internet or electronic storage is completely secure, and we cannot guarantee absolute security.
8. Third‑party services and international transfers
We use third‑party providers to help us run the club and our online services, for example:
Web hosting (including Hostinger)
Email services
Payment providers (where used)
Google Analytics
Facebook
WhatsApp
These providers may process data on our behalf under their own terms and privacy notices, and some may store data outside the UK/EEA. Where this occurs, we rely on appropriate safeguards such as standard contractual clauses or equivalent mechanisms put in place by those providers.
9. How long we keep your data
We keep personal data only for as long as necessary for the purposes described above and in line with our retention schedule (see Section 13 below).
By way of summary:
Membership records – 6 years after membership ends
Incident/accident reports – 6 years
Financial records – 6 years
Photos submitted to the club – kept indefinitely (subject to removal requests where feasible)
Disciplinary records – retained on a sliding scale up to 50 years for the most serious sanctions, including life bans
Committee minutes – kept permanently as part of the club’s historical record; if the club closes, these may be offered to The National Archives or another approved place of deposit
General email correspondence – normally retained for 5 years
Website contact form submissions – deleted after we have responded to the enquiry (no long‑term storage).
10. Your rights
Under data protection law, you have rights which may include:
Right of access – to request a copy of your personal data we hold
Right to rectification – to have inaccurate or incomplete data corrected
Right to erasure – to request deletion of your data in certain circumstances
Right to restrict processing – to limit how we use your data in certain cases
Right to object – to certain types of processing, including where we rely on legitimate interests
Right to data portability – in limited circumstances, to receive your data in a reusable format
These rights are subject to conditions and exemptions under UK law (for example, where we must keep certain records for legal or regulatory reasons).
To exercise any of these rights, please contact us using the details in Section 15.
11. Website, cookies and analytics
Our website is publicly accessible and does not require a login.
We:
Receive hit statistics and server logs from our hosting provider
Use Hostinger analytics and Google Analytics to understand how the site is used
May use cookies or similar technologies in connection with these services.
Further details about the cookies we use, and how you can manage them, can be obtained by contacting us.
12. Facebook group and social media
Our Facebook group is:
Open to non‑members to join
Subject to admin approval for joining and posting
Moderated and subject to specific group rules (e.g. no profanity, no bullying, etc.).
While we set and enforce group rules, your use of Facebook is also governed by Facebook’s own terms and privacy policy. Facebook may collect and process your data independently of SDAA.
Members and non‑members can respond to posts and may upload images in comments. These are treated under the platform’s terms and are not managed under the same rules as official photos submitted to the club for publication.
13. Summary retention schedule
A detailed retention schedule is set out below in a separate section. In general, we keep data only for as long as necessary for:
Running the club and managing membership
Meeting our legal obligations
Protecting the club’s interests (e.g. in relation to serious disciplinary matters)
Preserving essential historical records of the club (e.g. minutes).
14. Changes to this privacy notice
This privacy notice may be updated from time to time. Changes will take effect when the updated notice is published on our website, and the “last updated” date will be amended accordingly.
Where appropriate, we may also notify members of significant changes by email or other reasonable means.
15. Contact and complaints
If you have any questions about this privacy notice or how we handle your personal data, please contact:
The Registrar
SDAA Ltd
PO Box 59
Shefford
SG17 5UZ
Email: publicity@shefforddaa.org.uk
You also have the right to raise concerns with the Information Commissioner’s Office (ICO), the UK data protection regulator, at www.ico.org.uk, but we would appreciate the chance to address your concerns first.
Retention Schedule – SDAA
Below is a structured schedule based on your stated retention periods and practices.