Cookies

We use essential cookies to make our site work. We'd also like to set analytics cookies that help us make improvements by measuring how you use the site. These will be set only if you accept.

For more detailed information about the cookies we use, see our cookies page.

Essential Cookies

Essential cookies enable core functionality such as security, network management, and accessibility. For example, the selections you make here about which cookies to accept are stored in a cookie.

You may disable these by changing your browser settings, but this may affect how the website functions.

Analytics Cookies

We'd like to set Google Analytics cookies to help us improve our website by collecting and reporting information on how you use it. The cookies collect information in a way that does not directly identify you.

Third Party Cookies

Third party cookies are ones planted by other websites while using this site. This may occur (for example) where a Twitter or Facebook feed is embedded with a page. Selecting to turn these off will hide such content.

Skip to main content

GDPR Policy

Club Privacy Policy under the General Data Protection Regulations (GDPR)

(Reviewed and updated, November 2023)

Introduction

1.  This policy concerns the personal information (data) held by the Club, its security and use. The policy is written in response to the GDPR, in force from 25 May 2018.  It defines the people involved, the data collected by the Club, how it is stored and used internally and externally, and members’ rights over their data.

Use of Data

2.  The Club uses this data solely for the purposes of the effective running of the Club.It also shares the data with the Gloucestershire Bowls Association (GBA) and Bowls England (BE) for their purposes in administering our sport.

Control of Data

3.  The Data Controller for the purposes of the GDPR will be the Club through the Management Committee.They will be responsible for the implementation and review of this policy.Given the nature of data held and Club size, the appointment of a Data Protection Officer is not seen as required; any concerns relating to data protection should be addressed to the Club President, who will fulfil this role.

4.  The Data Processors will be the Club Secretary and Membership Secretary, who administer the club’s secure membership database (See para 10 below for details of how the data is held and protected). Together they will be responsible for the collection of the data, its security, ensuring that permission for the data to be held, used, and shared as described below is given, and updating of club records including deletion where required.

What Data is Collected and Why

5.  We collect contact and membership details to enable us properly to manage and administer your membership with us, the GBA and BE.These details include your contact details, date of birth, gender, and details of a contact in case of emergency. This information is lawfully required and collected as a standard part of your application to join or re-join our Club.

6.  We also need to collect ethnicity and disability information for the purposes of equal opportunities monitoring and because we must promote an environment that is inclusive, fair, and accessible.For this information alone, we need your consent to collect it. The Club does not collect or hold any other ‘sensitive data’ such as health issues.

7.  The table below summarises the types of data collected and the reasons for collection.

Data Collected Reason for Collection

Name

This is necessary for legal, insurance and licensing purposes. The Club is entitled to be aware of who is permitted to be on its premises

Address

Required so that club information can be sent to members, who do not have an e-mail address. It also facilitates shared transport arrangements.

Phone Numbers

Home and mobile numbers are requested for contact purposes and in the Club handbook.

E-mail address

Prime means of communication with members over teams, events, general matters and for the handbook.

Date of Birth

Date of Birth is required to ensure that members pay the correct membership fee and are qualified to enter certain competitions.

Gender

Some competitions are gender specific.

Date of Joining Club

To enable long-serving members to be identified and recognised.

Ethnicity

Requested by BE for statistical analysis and equal opportunity monitoring

Disability

To allow club to fulfil its safeguarding duties and make necessary adjustments. Also requested by BE and GBA for statistical analysis and equal opportunity monitoring.

Emergency Contact details

In case of accident or sudden illness of a member, when at the club or an away match.

Parent Contact details

Required for any junior member under 18

When is the Data Collected and Reviewed?

8.  This data is captured when a member first joins the Club through a Club Membership Application form. The accuracy of the personal information will be reviewed annually when a member renews their membership.

Who Collects and Holds the Data?

9.  The data is collected by the Club Secretary and/or Membership Secretary.(the club’s Data Processors). The data is held on the club’s secure membership database, which is part of the club’s management system provided through the Bowlr microsite. The database is encrypted and protected by a password known only to them. If they download any data for management purposes (for example, to process affiliation data for BE or to renew individual consents), the Club requires that access to their computers is password protected and that any file holding the information is also individually password protected.

Sharing Personal Date outside the Club

10.  Data is shared with the Gloucestershire Bowling Association and with the national governing body, Bowls England, so that they too can properly manage and administer your affiliated membership with them. The data is shared via the GBA management system known as Gloucestershire Bowls Online (GBO), the content of which is controlled at all levels by limited and authorised access.

12.  Neither the Club, nor the GBA, nor Bowls England permit the sharing of personal data held by the club or on GBO to any third party whatsoever. Specifically, personal data will not be released to any other organisation for marketing or communication purposes.

13.  Where direct consent is given by a member having an identified responsibility or role within their organisation, specific and limited information may be published by the Club, GBA or BE in annual handbooks or on their websites and other social media for the purposes of effective appropriate communication within the sport. The holders of posts within one or more of these organisations will be required to formally consent to the use of specified personal information in this way, and such consent will be recorded by the relevant organisation.

Member’s Rights to their Personal Data

13.  Each individual member has the right to view their personal data held on the Club’s membership database, which they may request from the club’s Data Processors. The Data Processors must supply the required data within one month and they must immediately amend or delete data, when requested to do so by an individual member. No one other than a Club Data Processor has the facility to add or modify personal data. There will be no charge for such access to data. The data held on a member will be deleted within one month of notice that the member has left or is not re-joining the Club. They may also register as an individual user of GBO but may only see and modify their own details (other than seeing contact information for the purposes of arranging County Competitions).

Young People’s Data

14.  GDPR will set an age for a young person to give their own consent to the collection and storage of their personal data. However, given the BE requirements concerning young people, if any club member is below 18, permission for the collection and use of their data will be sought from the parents/guardians of the young person. Only the name of a young person will be given in the club handbook. Any member requiring contact with a young person should approach the Club Secretary or Membership Secretary to seek agreement for the release of contact details.

Breaches of Data Security

15.  If at any point a breach of data security is suspected or identified, then that suspicion or fact must be reported immediately (verbally if necessary and confirmed in writing) to the Club President, who is responsible for investigating breaches of security, determining the resultant degree of risk and deciding on the action to be taken, reporting this at the first opportunity to the Management Committee.

17.  Where a breach is likely to result in a serious risk to the rights and freedoms of individuals (say involving health or financial issues), the Club President has 72 hours to report the incident to the Information Commissioners Office (ICO).

18.  The Club recognises that the requirements of the GDPR apply as much to paper files and records as it does to digital ones and will ensure that any paper records are similarly securely treated.As security issues are much more problematic for paper records, the Club will seek to reduce the use of paper files to the minimum possible.Specifically, membership lists containing personal data will not be displayed on notice boards or the website for public viewing.

Consent on the Holding and Use of the Data

18.  On applying to join the Club, a member will be given a copy of this policy and asked to confirm that they have read and accept it and that the Club may use the personal data in the proper pursuance of managing their relationship with the member

19.  In addition, members will be asked to consent to the publication of their name and contact details on the Club Contact Sheet and the Club’s membership list (part of the Bowlr system) for communications about club matches, administration and events and so that they and other members can arrange matches as part of Club Competitions.

20.  The Club will seek to always use a bcc system when any e-mails are sent to multiple members.

Reviews

22.  It is expected that a member will update their personal information if it changes during the year. At the annual subscription renewal, members will be asked to confirm the accuracy of the data held on them.  At least every four years, members will be asked to reconfirm their consents as described above.