Last updated: 23 March 2026
1. Who We Are
Taff Bargoed Angling Association ("TBAA", "we", "us", "our") is a fishing club based in Wales. We are committed to protecting your personal data and respecting your privacy in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
If you have any questions about this policy or how we handle your data, please contact us via our Facebook group.
2. What Data We Collect
We may collect and process the following personal data:
- Identity Data: First name, last name
- Contact Data: Email address, mobile phone number, postal address (address lines, city, county, postcode)
- Membership Data: Membership number, membership type, joined date
- Health Data: Medical details (only if you choose to provide them)
- Account Data: Email address and encrypted password for login purposes
- Photo: A photograph uploaded by an administrator for membership identification
- Application Data: Information submitted through our membership application form
3. How We Use Your Data
We use your personal data for the following purposes:
- To manage your membership of the association
- To communicate with you about club activities, events and notices
- To process membership applications
- To maintain accurate membership records
- To provide access to the members area of our website
- To ensure the safety of members (medical details, where provided)
4. Lawful Basis for Processing
We process your personal data under the following lawful bases:
- Legitimate Interest: Managing club membership and communicating with members about club activities
- Contract: Processing your membership application and managing your membership
- Consent: Where you have provided optional information such as medical details
5. Data Sharing
We do not sell, trade or rent your personal data to third parties. Your data may be shared in the following limited circumstances:
- With other club members via the members area (name, membership type and photo only)
- With committee members and administrators for club management purposes
- Where required by law or to comply with legal obligations
6. Data Security
We take appropriate technical and organisational measures to protect your personal data, including:
- Passwords are encrypted using industry-standard hashing
- Access to member data is restricted to authorised administrators
- The website uses secure HTTPS connections
- Session management includes protection against session fixation attacks
7. Data Retention
We retain your personal data for as long as you are a member of the association. If your membership ends, we will retain your data for up to 12 months after which it will be securely deleted. Application data for unsuccessful or withdrawn applications will be deleted after 6 months.
8. Your Rights
Under UK GDPR, you have the following rights:
- Right of Access: You can request a copy of the personal data we hold about you
- Right to Rectification: You can request that we correct any inaccurate data
- Right to Erasure: You can request that we delete your personal data
- Right to Restrict Processing: You can request that we limit how we use your data
- Right to Data Portability: You can request your data in a machine-readable format
- Right to Object: You can object to our processing of your data
To exercise any of these rights, please contact us via our Facebook group.
9. Children's Data
We may collect data about junior members (under 18). In such cases, we require consent from a parent or guardian before processing their personal data.
10. Complaints
If you are unhappy with how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO). You can contact the ICO at ico.org.uk or by calling 0303 123 1113.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated revision date.