GDPR Policy
Club Privacy Policy under the General Data Protection Regulations (GDPR)
(Reviewed and updated, November 2023)
Introduction
1. This policy concerns the personal information (data) held by the Club, its security and use. The policy is written in response to the GDPR, in force from 25 May 2018. It defines the people involved, the data collected by the Club, how it is stored and used internally and externally, and members’ rights over their data.
Use of Data
2. The Club uses this data solely for the purposes of the effective running of the Club.It also shares the data with the Gloucestershire Bowls Association (GBA) and Bowls England (BE) for their purposes in administering our sport.
Control of Data
3. The Data Controller for the purposes of the GDPR will be the Club through the Management Committee.They will be responsible for the implementation and review of this policy.Given the nature of data held and Club size, the appointment of a Data Protection Officer is not seen as required; any concerns relating to data protection should be addressed to the Club President, who will fulfil this role.
4. The Data Processors will be the Club Secretary and Membership Secretary, who administer the club’s secure membership database (See para 10 below for details of how the data is held and protected). Together they will be responsible for the collection of the data, its security, ensuring that permission for the data to be held, used, and shared as described below is given, and updating of club records including deletion where required.
What Data is Collected and Why
5. We collect contact and membership details to enable us properly to manage and administer your membership with us, the GBA and BE.These details include your contact details, date of birth, gender, and details of a contact in case of emergency. This information is lawfully required and collected as a standard part of your application to join or re-join our Club.
6. We also need to collect ethnicity and disability information for the purposes of equal opportunities monitoring and because we must promote an environment that is inclusive, fair, and accessible.For this information alone, we need your consent to collect it. The Club does not collect or hold any other ‘sensitive data’ such as health issues.
7. The table below summarises the types of data collected and the reasons for collection.
Data Collected | Reason for Collection |
---|---|
Name |
This is necessary for legal, insurance and licensing purposes. The Club is entitled to be aware of who is permitted to be on its premises |
Address |
Required so that club information can be sent to members, who do not have an e-mail address. It also facilitates shared transport arrangements. |
Phone Numbers |
Home and mobile numbers are requested for contact purposes and in the Club handbook. |
E-mail address |
Prime means of communication with members over teams, events, general matters and for the handbook. |
Date of Birth |
Date of Birth is required to ensure that members pay the correct membership fee and are qualified to enter certain competitions. |
Gender |
Some competitions are gender specific. |
Date of Joining Club |
To enable long-serving members to be identified and recognised. |
Ethnicity |
Requested by BE for statistical analysis and equal opportunity monitoring |
Disability |
To allow club to fulfil its safeguarding duties and make necessary adjustments. Also requested by BE and GBA for statistical analysis and equal opportunity monitoring. |
Emergency Contact details |
In case of accident or sudden illness of a member, when at the club or an away match. |
Parent Contact details |
Required for any junior member under 18 |
When is the Data Collected and Reviewed?
8. This data is captured when a member first joins the Club through a Club Membership Application form. The accuracy of the personal information will be reviewed annually when a member renews their membership.
Who Collects and Holds the Data?
9. The data is collected by the Club Secretary and/or Membership Secretary.(the club’s Data Processors). The data is held on the club’s secure membership database, which is part of the club’s management system provided through the Bowlr microsite. The database is encrypted and protected by a password known only to them. If they download any data for management purposes (for example, to process affiliation data for BE or to renew individual consents), the Club requires that access to their computers is password protected and that any file holding the information is also individually password protected.
Sharing Personal Date outside the Club
10. Data is shared with the Gloucestershire Bowling Association and with the national governing body, Bowls England, so that they too can properly manage and administer your affiliated membership with them. The data is shared via the GBA management system known as Gloucestershire Bowls Online (GBO), the content of which is controlled at all levels by limited and authorised access.
12. Neither the Club, nor the GBA, nor Bowls England permit the sharing of personal data held by the club or on GBO to any third party whatsoever. Specifically, personal data will not be released to any other organisation for marketing or communication purposes.
13. Where direct consent is given by a member having an identified responsibility or role within their organisation, specific and limited information may be published by the Club, GBA or BE in annual handbooks or on their websites and other social media for the purposes of effective appropriate communication within the sport. The holders of posts within one or more of these organisations will be required to formally consent to the use of specified personal information in this way, and such consent will be recorded by the relevant organisation.
Member’s Rights to their Personal Data
13. Each individual member has the right to view their personal data held on the Club’s membership database, which they may request from the club’s Data Processors. The Data Processors must supply the required data within one month and they must immediately amend or delete data, when requested to do so by an individual member. No one other than a Club Data Processor has the facility to add or modify personal data. There will be no charge for such access to data. The data held on a member will be deleted within one month of notice that the member has left or is not re-joining the Club. They may also register as an individual user of GBO but may only see and modify their own details (other than seeing contact information for the purposes of arranging County Competitions).
Young People’s Data
14. GDPR will set an age for a young person to give their own consent to the collection and storage of their personal data. However, given the BE requirements concerning young people, if any club member is below 18, permission for the collection and use of their data will be sought from the parents/guardians of the young person. Only the name of a young person will be given in the club handbook. Any member requiring contact with a young person should approach the Club Secretary or Membership Secretary to seek agreement for the release of contact details.
Breaches of Data Security
15. If at any point a breach of data security is suspected or identified, then that suspicion or fact must be reported immediately (verbally if necessary and confirmed in writing) to the Club President, who is responsible for investigating breaches of security, determining the resultant degree of risk and deciding on the action to be taken, reporting this at the first opportunity to the Management Committee.
17. Where a breach is likely to result in a serious risk to the rights and freedoms of individuals (say involving health or financial issues), the Club President has 72 hours to report the incident to the Information Commissioners Office (ICO).
18. The Club recognises that the requirements of the GDPR apply as much to paper files and records as it does to digital ones and will ensure that any paper records are similarly securely treated.As security issues are much more problematic for paper records, the Club will seek to reduce the use of paper files to the minimum possible.Specifically, membership lists containing personal data will not be displayed on notice boards or the website for public viewing.
Consent on the Holding and Use of the Data
18. On applying to join the Club, a member will be given a copy of this policy and asked to confirm that they have read and accept it and that the Club may use the personal data in the proper pursuance of managing their relationship with the member
19. In addition, members will be asked to consent to the publication of their name and contact details on the Club Contact Sheet and the Club’s membership list (part of the Bowlr system) for communications about club matches, administration and events and so that they and other members can arrange matches as part of Club Competitions.
20. The Club will seek to always use a bcc system when any e-mails are sent to multiple members.
Reviews
22. It is expected that a member will update their personal information if it changes during the year. At the annual subscription renewal, members will be asked to confirm the accuracy of the data held on them. At least every four years, members will be asked to reconfirm their consents as described above.