General Data Protection Regulations: Retention Policy

• Only the minimum of personal data necessary to maintain the operation of the website and of the club is stored. Data which is no longer required is removed on a regular basis.
• This data is protected in transit, in storage, and in whom may access it.
• Data is held in good faith and is believed by the club to be correct.
• Data is shared with no-one except under legal representation. The FCCUK has a small number of relationships with suppliers (e.g. parts, services, insurance) who offer discounts to club members. These third parties have access to user data only to the extent of being able to confirm whether a particular user is a club member; they cannot see any other data.
• Any user or member who wishes to see any of their data may request it by emailing info@fiatcoupeclub.org. We will respond as soon as possible and certainly within 31 days, and we make no charge for this service unless your request is considered vexatious or repetitive.
• If your data is incorrect we will correct it on notification - email info@fiatcoupeclub.org - but please note that the majority of the data we hold can be modified by users in the 'edit profile' section of the forum. Exceptions are a user's real name, address, and telephone number for forum users with seller's rights and for club members.
• We expect our users to provide us with correct information.
• Many users have currently granted us permission to email them. To them we will issue a single email, requesting their permission to store their personal data.
  If we receive permission, then once a year we will check the database for those users who have not visited (it is not necessary to post) the forum in the last three years; those users will have their data removed.
  Note that this does not apply for club members even if they do not visit the forum; their account remains active as long as they remain members even if they do not use the forum.
• Notwithstanding this, after the 25th May 2018, all forum users will be required to click through a permissions page. If they do not browse away from that page but instead proceed to access the forum, they will have been deemed to have given us the necessary permissions as above.
• Three months after the GDPR becomes law, we will review the forum database for those from whom we have not received permissions; their data will be removed.
• Once a user's data has been removed, only the posts they have made will remain, identified by the user name under which they originally posted. This preserves the integrity of historic threads and posts on the forum. Any such user may at any time re-register as a forum user, and without doing so, will be able to view the forum only as a guest.
• New users of the forum will be required to confirm that they give permission for their data to be used. Thereafter they are treated the same way as any other user.
• These policies are subject to such changes as may be required to comply with the GDPR or by the limitations of the third-party forum software.