CLUB LOTUS PRIVACY POLICY
Last updated: 12/05/2026
Club Lotus Ltd (“Club Lotus”, “we”, “us”, “our”) takes the privacy of its members, customers and website visitors seriously. This Privacy Policy explains what personal information we collect, why we collect it, how we use and protect it, and the rights you have over it.
It applies to www.clublotus.co.uk, all associated sub-domains and member areas, our forums and Heritage Digital Archive, the Club Shop, our magazine Club Lotus News, our events, and any other service we operate where we act as a data controller.
This policy should be read together with our Disclaimer, Terms & Conditions, Cookie Policy and Acceptable Use Policy.
1. Who we are
Club Lotus Ltd is a private limited company incorporated in England and Wales (Company No. 05212328, VAT No. GB 844 117 342). Our registered office is Signpost House, Ambassador Way, Greens Road, Dereham, Norfolk NR20 3TL.
For the purposes of UK data protection law, Club Lotus Ltd is the data controller in respect of personal information processed through our services.
We have appointed a Data Protection Officer, whom you can contact at dpo@clublotus.co.uk or by writing to the DPO at the address above.
Club Lotus Ltd is registered with the Information Commissioner’s Office (ICO) as a data controller.
2. Information we collect
The categories of personal information we may collect about you include:
Identity and contact information Name, postal address, email address, telephone number, date of birth (optional), profile photograph, username and password.
Membership information Membership number, membership tier, joining date, renewal status, Area allocation, communications preferences, and the consent log associated with those preferences.
Vehicle information Make, model and variant (e.g. Type 14 Elite, Esprit S1, Emira), year of manufacture, chassis and engine numbers, registration mark, MOT and tax status, ownership history and supporting documents you choose to upload to My Garage Documents (such as V5C, insurance certificates, service records and invoices).
Photographs and media Images you upload to My Photos, Lotus Spotted, the forums, classified advertisements or as submissions to Club Lotus News. We strip embedded GPS location data from photographs displayed publicly on the Website, although the original file we retain may still contain that metadata.
Transactional information Order history, billing and delivery addresses, items purchased from the Club Shop, event tickets booked, valuations services purchased and any associated correspondence. We do not store full card details on our systems — card payments are processed directly by our payment provider (see section 8).
Forum, comment and submission content Posts, replies, private messages, signatures, reactions and any other content you publish through the Website’s interactive features.
Technical information IP address, device and browser information, pages visited, referring URL, login timestamps, and information collected via cookies and similar technologies (see our Cookie Policy).
Correspondence Records of your communications with us by email, web form, telephone and post, including support tickets, complaints and rights requests.
We do not routinely collect “special category” data. Where event registration requires us to collect limited health information — for example emergency medical details for a track day — we will tell you why we need it, who will see it and how long we keep it at the point of collection.
3. How we collect information
We collect personal information:
- directly from you, when you join the club, renew your membership, register for an event, place an order, submit a valuation request, upload documents or photographs, post in the forums, contact us, or otherwise interact with the Website;
- automatically, when you use the Website, through cookies, server logs and similar technologies;
- from third parties, including the DVSA MOT History API and the DVLA Vehicle Enquiry Service when you request vehicle look-ups, our payment provider in respect of transactions, and from publicly available sources where relevant to a valuations enquiry or archive provenance check; and
- from other members, where appropriate — for example when an Area Organiser logs your attendance at a local meeting, or when a member submits a photograph in which you appear.
4. Our lawful bases for processing
We rely on the following lawful bases under Article 6 of the UK GDPR:
| Purpose | Lawful basis |
|---|---|
| Administering your membership and account | Contract (Art. 6(1)(b)) |
| Processing orders, event bookings and valuations | Contract (Art. 6(1)(b)) |
| Sending essential service communications (renewal reminders, order confirmations, magazine despatch notifications) | Contract / legitimate interests (Art. 6(1)(b)/(f)) |
| Maintaining the security and integrity of the Website and our systems | Legitimate interests (Art. 6(1)(f)) |
| Site analytics and service improvement | Consent (cookies) / legitimate interests |
| Marketing communications and newsletters | Consent (Art. 6(1)(a)) and PECR Regulation 22 |
| Meeting our legal, regulatory, accounting and tax obligations | Legal obligation (Art. 6(1)(c)) |
| Establishing, exercising or defending legal claims | Legitimate interests (Art. 6(1)(f)) |
| Operating the Heritage Digital Archive and notice-and-takedown procedure | Legitimate interests (Art. 6(1)(f)) |
Where we rely on consent, you may withdraw that consent at any time without affecting the lawfulness of processing carried out beforehand. Where we rely on legitimate interests, we have carried out a balancing assessment and you have the right to object as set out in section 11.
5. How we use your information
We use personal information to:
- create and manage your member account and process renewals;
- produce and despatch the print and digital editions of Club Lotus News;
- run our events programme — including track days, area meetings, the annual LOG and hybrid online events combining in-person and remote attendance;
- operate the Club Shop, fulfil orders and handle returns;
- provide the Digital Authenticity & Valuations service and produce associated certificates;
- operate My Garage Documents, My Photos, Lotus Spotted and other member features, including storage limits, expiry reminders and signed-URL document delivery;
- run the Heritage Digital Archive and respond to rights enquiries and takedown requests;
- send the communications you have asked to receive, and respect your communications preferences set through your account;
- moderate forums and member submissions, and enforce our Acceptable Use Policy;
- analyse usage of the Website to improve content, navigation and accessibility;
- prevent fraud, abuse and unauthorised access; and
- comply with our legal and regulatory obligations.
6. Marketing and communications preferences
You can manage how Club Lotus contacts you at any time through the Communications Preferences tab in your My Account area. Preferences cover the magazine, the main club newsletter, your Area newsletter, event invitations, shop offers and partner offers — each handled separately so you can opt in or out at the level you choose.
Every marketing email we send also contains an unsubscribe link. Unsubscribing from a marketing list does not affect essential service communications (for example renewal reminders, order confirmations, security notices and legal notices), which we must send to administer your membership.
We maintain a consent log recording when and how each preference was set, in line with UK GDPR Article 7(1) and PECR.
7. The Heritage Digital Archive
The Heritage Digital Archive contains photographs, magazines, race programmes, technical documents and correspondence spanning many decades of Lotus and Club Lotus history. Some of this material includes images of, or information about, identifiable individuals.
We process this material in the legitimate interests of preserving motorsport heritage and providing it to our members for personal, non-commercial research and enjoyment. We apply provenance and confidence scoring, and we operate a formal notice-and-takedown procedure: if you are the subject of an image or document, or a rights holder, and you believe material has been published in error, please write to archive@clublotus.co.uk and we will review and, where appropriate, remove or restrict access while the matter is considered.
8. Sharing your information
We do not sell your personal information. We share it only where necessary to deliver our services, comply with the law or protect our legitimate interests. The principal categories of recipient are:
Service providers acting as our processors
- Stripe — card and payment processing for memberships, shop orders, events and valuations.
- Mailgun — SMTP email delivery for transactional and marketing email.
- MailPoet — newsletter list management and delivery.
- Vimeo — hosting of video content for hybrid events and archive reveals (domain-restricted playback).
- BlockMark Registry — issuance and verification of digital membership and authenticity certificates.
- Innovi Advisors Ltd — our accountants, for bookkeeping, payroll, company secretarial and tax compliance (using platforms including Xero and BrightPay).
Third parties to whom we send queries on your behalf
- DVSA (Driver and Vehicle Standards Agency) — for MOT history look-ups initiated from your account.
- DVLA (Driver and Vehicle Licensing Agency) — for vehicle enquiry services used to confirm tax and MOT status.
- Vehicle Data Global Ltd (VDG) — for the data underlying our Digital Authenticity & Valuations service.
Other recipients
- Area Organisers and committee members — limited member information necessary for Area administration, event organisation and welfare, handled under written instructions and our internal data handling rules.
- Event venues, circuits and trackside medical providers — where strictly necessary for the safe running of an event.
- Professional advisers — solicitors, auditors, insurers and consultants where required and under appropriate confidentiality.
- HM Revenue & Customs and other regulators — where we are legally required to disclose information.
- Potential acquirers — in the event of a corporate transaction affecting Club Lotus Ltd, subject to confidentiality.
We will not disclose your personal information to any other third party for their own marketing purposes without your consent.
9. International transfers
Some of our processors operate or host data outside the United Kingdom. Where this occurs, we rely on one or more of the following safeguards under UK GDPR Articles 45–46:
- UK adequacy regulations for transfers to the EEA and other adequate jurisdictions;
- the UK extension to the EU–US Data Privacy Framework, where the recipient is a certified participant; or
- the International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses, together with a transfer risk assessment.
You can request further information about the safeguards in place for a specific transfer by contacting our DPO.
10. How long we keep your information
We retain personal information for as long as necessary to provide our services and to meet our legal, accounting and reporting obligations. Indicative periods are set out below; we may retain information for longer where required by law or where a longer period is justified to defend legal claims.
| Category | Indicative retention period |
|---|---|
| Active member account information | Duration of membership + 2 years |
| Lapsed member records (minimal) | Up to 6 years from lapse, for re-joining and historical continuity |
| Transactional records (orders, payments, invoices) | 6 full tax years (HMRC requirement) |
| My Garage Documents uploads | Until you delete them or close your account, subject to the 2 GB quota |
| Forum posts | Indefinitely as part of community history, unless you request removal |
| Marketing consents and consent log | Duration of consent + 3 years after withdrawal |
| Website server and security logs | Typically 90 days |
| Closed support and rights-request correspondence | 3 years |
When you close your account, we delete or anonymise personal information that is no longer required, except where retention is necessary for the purposes above.
11. Your rights
Under UK data protection law you have the following rights, exercisable free of charge in most circumstances:
- right of access to the personal information we hold about you;
- right to rectification of inaccurate or incomplete information;
- right to erasure (“right to be forgotten”) in certain circumstances;
- right to restrict processing in certain circumstances;
- right to data portability, where processing is based on consent or contract and carried out by automated means;
- right to object to processing carried out on the basis of legitimate interests, and to object at any time to direct marketing; and
- rights in relation to automated decision-making and profiling — Club Lotus does not currently carry out solely automated decision-making with legal or similarly significant effects.
To exercise any of these rights, please contact our DPO at dpo@clublotus.co.uk. We will respond within one calendar month of receipt, extendable by up to two further months where the request is particularly complex (we will let you know within the first month if this applies). We may need to ask for proof of identity before responding.
12. Cookies and similar technologies
We use cookies and similar technologies to operate the Website, remember your login, secure forms, measure usage and — with your consent — for analytics and marketing. Full details, including the categories of cookies used and how to manage them, are set out in our Cookie Policy. You can change your cookie preferences at any time via the cookie banner or the link in the site footer.
13. Children
Club Lotus membership is intended for adults. The Website is not directed at children, and we do not knowingly collect personal information from anyone under the age of 16 except where a parent or guardian has provided that information in connection with a family membership or a junior event ticket and has consented to the processing. If you believe we hold information about a child that should not have been collected, please contact our DPO and we will delete it.
14. Security
We take the security of personal information seriously and apply appropriate technical and organisational measures, including encryption in transit, role-based access controls, signed-URL document delivery, audit logging, regular backups, vulnerability management and ongoing review of our hosting and supplier arrangements. No system is ever entirely secure; in the unlikely event of a personal data breach affecting your rights and freedoms, we will notify you and the ICO in accordance with Articles 33–34 of the UK GDPR.
15. Changes to this Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in law, our services or our internal practices. The “Last updated” date at the top of the page shows the date of the most recent revision. Where changes are material we will draw them to your attention through the Website and, where appropriate, by email.
16. Contact and complaints
For any privacy-related matter, please contact:
Data Protection Officer Club Lotus Ltd, Signpost House, Ambassador Way, Greens Road, Dereham, Norfolk NR20 3TL Email: dpo@clublotus.co.uk — Telephone: +44 (0)1362 694459
If you are not satisfied with our response, you have the right to complain to the UK supervisory authority:
Information Commissioner’s Office Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF Telephone: 0303 123 1113 — Website: ico.org.uk
We would, however, appreciate the opportunity to deal with your concerns before you approach the ICO, and would ask you to contact our DPO in the first instance.