Privacy Policy

Last updated: April 2026

Who we are

This website (sussex.wsmba.uk) is operated by the Widows Sons Masonic Bikers Association — Sussex Chapter ("we", "our", "the Chapter"). We are the Data Controller for personal data collected through this site. You can contact us at secretary@sussex.wsmba.uk.

What data we collect

We only collect personal data that you give us directly — for one of the following purposes:

• Raffle ticket purchases — name, email address, postal address (for prize delivery), phone number, and the amount paid. Payment card details are collected and processed by SumUp; we never see or store your card number.
• Event sign-ups and RSVPs — name, email, and (where relevant) motorcycle details and emergency contact.
• Contact form messages — the name, email, and message you submit.
• Website analytics — anonymised technical information (IP address, browser, pages visited) for security and to improve the site. We do not use third-party advertising trackers.

Why we collect it, and our lawful basis

We process personal data under the following lawful bases under UK GDPR:

• Contract — to fulfil raffle ticket purchases, process payments, deliver prizes, and register you for events.
• Legitimate interests — to respond to your enquiries, keep the Chapter's records, and protect the site against abuse and fraud.
• Legal obligation — to comply with UK lottery and gambling law, tax law, and any enquiry from the Gambling Commission or licensing authority.
• Consent — where you have opted in to newsletters or marketing (you can withdraw at any time).

How long we keep it

Raffle transaction records are kept for six years as required by UK gambling and accounting law. Event sign-ups are kept until the event has taken place plus six months. Contact form messages are kept for up to twelve months unless they become part of an ongoing matter. Website analytics are retained for thirteen months.

Who we share it with

We never sell your data. We share only what is necessary, only with these categories of processor:

• SumUp — to take card payments (they are the payment processor; see SumUp's privacy policy).
• Our hosting and email providers — to run the website and deliver confirmation emails.
• The Gambling Commission and local licensing authority — if required in connection with our small-society lottery registration.
• Law enforcement or regulatory bodies — where we are legally required to do so.

Your rights

Under UK GDPR you have the right to:

• Ask what personal data we hold about you (a Subject Access Request)
• Ask us to correct inaccurate data
• Ask us to delete your data (subject to any legal retention obligation)
• Restrict or object to processing
• Ask for your data in a portable format
• Withdraw consent at any time (where consent is the basis)
• Lodge a complaint with the Information Commissioner's Office (ico.org.uk)

To exercise any of these rights, email secretary@sussex.wsmba.uk. We'll respond within one calendar month.

Cookies

We use only the essential cookies needed to keep you signed in (for Chapter admin) and to protect form submissions against cross-site request forgery. We do not use tracking, advertising, or analytics cookies from third parties.

Security

The site runs over HTTPS, card payments go direct to SumUp's PCI-DSS-compliant infrastructure, our database is encrypted at rest, and admin access is protected by strong password policy and rate-limiting. No system is perfectly secure, but we take your data seriously.

Changes to this policy

If we make material changes we'll post them on this page with an updated date. For questions about this policy or how we handle your data, please contact the Secretary.