Data & privacy policy

This page sets out our data protection and privacy policies.

The Data Controller is the Committee of Verulam Wine Tasting Club. The member secretary of the Committee has prime responsibility of maintaining the completeness, accuracy and validity of the personal data of members and prospective members of the Club.

The purpose of collecting personal data is for the legitimate interests of both you and the Club for the purposes of running the Club, most commonly communicating Club events to members and prospective members.

For members, the Club also uses your personal data to tell you about the Club's Annual General Meeting, to enable you to be identified as a member entitled to vote at the Annual General Meeting and to entitle you to volunteer to serve as a member of the Committee of the Club. Some Committee members may also be asked to transmit their personal details to the Club's bank for the purposes of running the Club.

For speakers, the Club uses your personal data to inform the members of the Club about the nature of your presentation and the wines that you intend to present to the Club.

For all attendees at Club events, the Club routinely asks for your dietary requirements. The Club forwards this data to the members who have volunteered, or caterers whom the Club has appointed, to provide the catering for the event. The Club may store this data in its membership records, treating the data as personal data. The Club does not expect volunteers or caterers to store or to remember dietary requirements of any member.

The Club may seek consent from members and prospective members from time to time where the Committee has grounds to believe that some members and prospective members wrongly think that consent is the only lawful basis of processing personal data for the Club's purposes.

The Club has neither statutory nor contractual obligations between its members/prospective members to govern the collection and use of personal data.

The Club uses the following personal data for the following purposes:

  • name, email address: to tell members about events;
  • home address: as a backup contact detail to tell members about events;
  • telephone number(s) (if you have provided them): as a backup contact detail to tell members and speakers about exceptional circumstances, typically relating to events.


For members serving on Committee and who need to operate the Club's bank account, the Club will ask each such member to provide all personal data required by the bank for legitimate interest between member, Club and bank. This will include the above data, for the additional purpose of identity checks relating to money laundering regulations, plus other personal data known only to member and bank for the purpose of uniquely identifying the member.

The Club does not sell personal data for any reason.

The Club does not transmit personal data to third parties, except when it is manifestly in the best interests of the Data Subject. In the context of the Club's operation, these best interests are solely:

  • in a medical emergency, to a paramedic, police officer or equivalent.

The Club's IT system is based on Google Apps for Business ("G Suite"). This is software run on the internet as cloud software, with servers around the world. Google determines which servers it uses in which countries to store and to process the Club's data, containing personal data of the Club's members and prospective members: the Club cannot influence Google's choice of server and/or country.

The nature of G Suite is that all data belonging to the Club is kept apart from any other data and from any other user of G Suite. The Club acknowledges that Google is listed on the EU-US Privacy Shield.

The Club relies upon G Suite to advise the Club of any data breaches.

All data within the Club's IT system is processed manually; there are no automated processing techniques relating to personal data.

The Club retains personal data for as long as the Club recognises, or perceives, legitimate interest of both Data Subject and the Club.

For members and prospective members, when the Club recognises/perceives that there is no longer a common legitimate interest - e.g. upon the member actively leaving the Club, or ceasing to respond to emails after one season (9 months) from failing to renew the annual subscription, or a request by the Data Subject to withdraw personal data from the Club's records - then the Club shall mark up the Data Subject's personal data as appropriate for deletion, then shall delete the personal data so marked at the next opportunity.

For speakers, the Club assumes that a common legitimate interest exists between speaker and Club in perpetuity, unless either speaker or Club advise eachother to the contrary. The Club often likes to invite popular speakers to present once every three or four years.

Important: the Club is run by people in their spare time. The Club is not a corporation "slurping" personal data as assumed by the General Data Protection Regulation.

The member/prospective member/speaker may exercise rights to his/her personal data as set out by the General Data Protection Regulation by completing the form below.

The member/prospective member/speaker may exercise his/her right to approach the supervisory authority for matters relating to the Club's processing of his/her personal data. The Club's supervisory authority is the Information Commissioner of the UK.