BathLARP holds and processes personal data relating to its members and users of this website, for the purposes of running the club and providing website functionality to its members.
What personal data do we collect?
Data collected in the legitimate interests of BathLARP:
- We record the names of people who have joined the club.
- We record the names of people who have attended games or events run by the club or its predecessors (i.e. the University of Bath student societies “BLADES” and “Adventure Gaming Society”), for each game or event attended. This information includes the date and location of the game or event, and the role of each attendee (generally one or more of “player”, “monster”, or “gamesmaster”). For people who have never been a member of BathLARP, we only record their first name and last initial.
- We record details of people who attend or contribute to BathLARP meetings in the minutes of those meetings.
- We record the name, username, and e-mail address of people who register for access to the members-only parts of the website (“registered users”).
- We record details of payments made to the club for membership and event fees – this is limited to how much was paid, when it was paid, and the name of the person(s) the payment is covering (“accounts information”).
- We record details of incidents at club games and events that require the attention of a first-aider (“first-aid incidents”), and those which come close to needing such (“near misses”). These records will include the name of the person needing attention, the first-aider who attended, and any resulting actions.
- We record the IP addresses and browser details of visitors to the website in our website logs, for bug investigation purposes.
Data collected by consent:
- We record the telephone numbers of registered users who choose to supply them.
- We record medical information, food allergy information, and the name and telephone number of a person to be contacted in an emergency (“first-aid information”) of registered users who choose to supply them.
How is the data stored?
- Details of club memberships and fee payments (both for membership and for games and event) are stored in the Accounts Book held by the club Treasurer.
- Details of first-aid incidents are stored in the Treatment Book. Details of near misses are stored in the Incident Book. Both of these books are kept in the First Aid Kit.
- All other information is stored on the BathLARP Website, which runs on a fully-patched, privately-hosted server owned by the Web Administrators. Information submitted to and transmitted from this server is encrypted.
- Additionally, minutes of club meetings are stored on the club Google Drive, which is accessible only to the club committee.
Who can view the data?
- The Accounts Book is held by the club Treasurer, but may be passed to other members of the BathLARP committee when the Treasurer is unable to attend a game or event.
- The Treatment Book and Incident Book are kept in the First-Aid Kit. The First Aid Kit forms part of the standard club kit which is held either by the BathLARP committee, or by the gamesmaster of the most recent or upcoming game or event, or by a club member who has been asked by one of the above to store or transport the kit. At games or events, the books are available to attending club members.
- On the website:
- Usernames are visible only to the owning user and the Web Administrators.
- Names and e-mail addresses are visible only to registered users of the website who have been approved by the Web Administrators (club members or provisional members). Unapproved registered users are only able to view initials and not names or e-mail addresses.
- Users’ telephone numbers are visible to themselves, the Web Administrators and the BathLARP committee.
- Users’ first-aid information is visible to themselves, the Web Administrators, the BathLARP committee, and club members who are running games or events to which the user has signed up (“gamesmasters”). Additionally, gamesmasters will produce and print a first-aid report containing the first-aid information for all users who have signed up to attend the game or event. The first-aid report will be kept with the First-Aid Kit during the game or event, and will be destroyed when the game or event ends.
- Users’ character details are visible to registered users of the website.
- Minutes of club meetings are visible to registered users of the website.
- Website logs can only be viewed by the Web Administrators.
How will the data be used?
- Your e-mail address may be used to contact you for the purposes of club or website administration, or occasionally to provide information about games or events that you have specifically signed up to.
- Your telephone number, if supplied, may be used to contact you in relation to games and events that you have specifically signed up to, and where e-mail is not a more appropriate means of contacting you (e.g. last-minute cancellations).
- First-aid information may be used by club first-aiders and food providers for your safety at games and events.
- Emergency contact details may be used to inform the nominated person if you suffer an injury or illness at a BathLARP game or event.
- All other information is used for the administration of the club or of the website.
With whom is the data shared?
BathLARP will not share any of the above data with third parties, except:
- First-aid details, food allergy information and emergency contact details may be passed to the emergency services in the event of an accident or injury that requires their attendance.
- In the case of a claim being made against the club’s insurance policy, any relevant data may be shared with our insurers for the purposes of investigating the claim.
- In order to fulfil legal obligations.
Can I view the data held on me?
Yes. All registered users of the website have full access to the information held on them. Should you wish to view the data held on you in the Accounts Book, Treatment Book, Incident Book, Website logs, or on the Website if you are not a registered user, please contact the BathLARP committee.
Can I change or remove my personal data?
Yes. Registered users of the website are able to amend or delete the data on their profile (which is everything mentioned above as being held on the website, except for attendances at games or events, and the Website logs). If you believe that any other information we hold on you is incorrect, please contact the BathLARP committee.
Can I withdraw my consent?
For those pieces of personal data that we hold by consent, you can withdraw consent at any time (either by visiting your Profile page or by contacting the BathLARP committee) and we will remove the relevant data within one calendar month.
Can I delete my account?
If you have not attended any BathLARP games or events, and if you have not created characters or messages on the Website, then your account can be deleted. Otherwise, on request, we can hide your account behind a pseudonym and remove data we hold by consent. In either case, please contact the BathLARP committee.
Can my account be recovered if I wish to rejoin BathLARP after asking for my data to be deleted?
Yes. When we remove personal data from your account, we will store a token against your account that can be calculated from your e-mail address, but from which your e-mail address cannot be derived. This will allow you to resurrect a dormant account, provided that you are still using the same e-mail address. However, any personal data that has been removed cannot be recovered, and must be re-entered if you give us consent to store it.