Privacy & Data Protection Policy

HomePrivacy & Data Protection Policy

Version 1.0 — 2026

1. Introduction

Kentucky Firearms Club (“KFC”, “we”, “us”, “our”) is committed to protecting the privacy, rights, and personal data of our members, probationary members, juniors, volunteers, guests, visitors and website users.

This combined Privacy & Data Protection Policy explains:

  • What personal data we collect
  • Why we collect it
  • How we store, manage, secure and share it
  • How long we retain it
  • Your rights under UK data protection law
  • How KFC ensures compliance with the UK GDPR and Data Protection Act 2018

This policy serves as both our Privacy Notice and our internal Data Protection Policy.

2. Who We Are (Data Controller)

Kentucky Firearms Club (KFC)
Data Controller
Email: admin@kentuckyfirearmsclub.org.uk
Website: https://kentuckyfirearmsclub.com

KFC determines how and why your data is used and is legally responsible for ensuring compliance with UK GDPR.

3. What Personal Data We Collect

We only collect data necessary for club operations, safety, and legal compliance.

3.1 Data You Provide

  • Name
  • Postal address
  • Email address
  • Phone number
  • Date of birth
  • Membership application details
  • Firearms certification details (FAC/SGC numbers where relevant)
  • Parental/guardian details for juniors
  • Emergency contacts
  • Payment information (fees, not card data)

3.2 Data Collected Automatically (Website)

  • IP address
  • Device and browser details
  • Usage statistics (pages visited, session time, etc.)

3.3 Data Collected Through Club Activities

  • Attendance records (Home Office requirement for approved clubs)
  • Firearms category usage records
  • Safety brief acknowledgment
  • Match registration & training signup details
  • Incident and near‑miss reports
  • Range safety documentation

4. Why We Process Your Data (Lawful Basis)

We process your data for:

  • Membership administration
  • Safety communication and emergency alerts
  • Compliance with legal obligations (e.g., incident logs)
  • Firearms certification and eligibility checks
  • Range‑day attendance tracking (Home Office requirement)
  • Training and competition management
  • Website functionality and security

Legal bases include:

  • Contract (membership administration)
  • Legal obligation (incident records, Home Office criteria)
  • Legitimate interest (safety and club operations)
  • Consent (optional communications)

5. Data Storage & Security

We use appropriate technical and organisational measures to keep your data secure, including:

  • Password‑protected systems
  • Restricted-access membership records
  • Secure cloud-based services
  • Encryption where necessary
  • Regular review of permissions
  • Safe disposal of expired data

Financial card details are never stored by the club.

6. Data Sharing

We do not sell or share personal data for marketing.

Data may be shared only when necessary:

  • NRS, UKPSA or other governing bodies (e.g., match eligibility)
  • Insurers (incident or liability claims)
  • Emergency services
  • Police or regulatory authorities where legally required (e.g., serious incidents)
  • Website or IT service providers

All third parties must comply with UK GDPR.

7. Data Retention

We only keep data as long as required for club, legal or regulatory purposes.

Typical retention periods:

Data TypeRetention Period
Membership recordsMembership duration + 2 years
Attendance & firearms‑use logs6 years (Home Office requirement)
Incident and safety reportsUp to 7 years
Junior consent formsDuration of membership + 2 years
Email enquiriesUp to 12 months
Financial transaction data6 years (legal obligation)

After expiry, data is securely deleted.

8. Your Data Protection Rights

Under UK GDPR, you may request:

  • Access (Subject Access Request)
  • Correction of inaccurate data
  • Erasure (in qualifying circumstances)
  • Restriction of processing
  • Objection to legitimate‑interest processing
  • Portability of data
  • Withdrawal of consent (for consent‑based processing)

KFC may require ID verification before fulfilling requests.

9. Cookies & Website Tracking

KFC may use:

  • Cookies
  • Analytics tools
  • Device/browser tracking

These help improve website performance and user experience.
You may disable cookies through your browser.

10. Children’s Data

KFC only collects data for under‑18s with:

  • Explicit parental/guardian consent
  • Safeguarding monitoring where required

Junior data is stored securely and accessed only by authorised Committee personnel.

11. External Links

Our website may contain links to external sites.
KFC is not responsible for their privacy practices.

12. Internal Data Protection Procedures (Policy Integration)

This Privacy & Data Protection Policy also governs how KFC Committee Members must handle data:

  • Access is limited strictly to those who need it
  • Digital data must be stored in secure, password‑protected systems
  • Paper documents (e.g., forms, consent records) must be locked away
  • Attendance and firearms‑use logs must be accurate and up to date
  • Data must never be disclosed outside authorised use
  • Data must not be retained longer than required
  • Breaches must be reported immediately to the Data Controller (Club Secretary)

These internal rules ensure compliance with UK GDPR and support our Home Office Approved Club obligations.

13. Contact Us

Email: admin@kentuckyfirearmsclub.org.uk
Website: https://kentuckyfirearmsclub.com/

14. Complaints

If you have concerns about how your data is handled:

  • Contact the Club Secretary first
  • You may escalate to the Information Commissioner’s Office (ICO) if not resolved
    https://ico.org.uk