Ok, I understand
Cookie Notice: This site uses cookies. For more information, please see our privacy policy.
Skip to main content

Cheltenham Whaddon Bowls Club

GDPR Policy

CLUB POLICY ON GENERAL DATA PROTECTION REGULATIONS (GDPR)

 

Introduction – This policy concerns the personal information (data) held by the Club, its security and use.

The policy is written in response to the GDPR, in force from 25 May 2018. It defines the people involved, the data collected by the Club, how it is stored and used internally and externally, and members’ rights over their data.

The Club uses this data solely for the purposes of the effective running of the Club and it does not share the data with anyone except the Gloucestershire Bowls Association (GBA) and Bowls England (BE) for some specific post holders within the Club as noted below.

The Data Controller for the purposes of the GDPR will be the Club through the Management Committee. They will be responsible for the implementation and review of this policy. Given the relatively small amount of data held and the size of the Club, the appointment of a separate Data Protection Officer is not seen as required; any concerns relating to data protection should be addressed to the Club Chairman who will fulfil this role.

The Data Processor will be the Club Secretary who will hold the club membership database on their computer. The Secretary will be responsible for the collection of the data, its security, ensuring that permission for the data to be held, used, and shared as described below is given, and updating of club records including deletion where required.

 

What Data is Collected and Why

Personal information is collected for legal reasons and the effective running of the Club as tabulated below:

Data Collected Reason for Collection

Name

This is necessary for legal, insurance and licensing purposes. In addition, the Club is entitled to be aware of who is permitted to be on its premises.

Address

Required so that club information can be sent to members, not all of whom have an e-mail address. In addition, it facilitates shared transport arrangements.

Phone Number(s)

Home and mobile numbers are requested for contact purposes and handbook

E-Mail Address

Prime means of communication with members over teams, events, general matters and for the handbook.

Date of Birth

Club fees are age dependent. Date of Birth is therefore required to establish the correct fees. In addition, some competitions have a specified age range for entrance.

Gender

Some competitions are gender specific.

Date of Joining Club

To enable long-serving members to be identified and recognised.

When is the Data Collected and Reviewed

This data is captured when a member first joins the Club through a Club Membership Application form. The accuracy of the personal information will be reviewed annually when a member renews their membership.

 

Who Collects and Holds the Data

The data is collected by the Club Secretary who holds the membership database on their computer. To ensure the security of the data held, the Club requires that access to this computer is password protected and, in addition, any file holding personal information is also individually password protected.

 

What Data is Shared outside the Club

GBA – The GBA published an annual handbook which contains contact information for the:

Club Secretary – name, address, phone number(s) and e-mail address;

Match Secretary – name, address, phone number(s) and e-mail address; and,

County Two-Rinks Captain(s) – name and phone number.

The holders of these posts will be requested to confirm that they agree to the sharing and publication of this data.

Bowls England – BE also publish an annual handbook which contains contact information for the Club, namely

Club Secretary – name, phone number and e-mail address.

As above, the individual post holder will be requested to confirm their agreement to this.

The Club will require that both organisations do not further share the data or use it for any purpose except communications and publications as specified above. The Club will not release the data to any other organisations for marketing or other purposes. The data is not used in any form of automated decision making or profiling.

Note that members are also asked to provide some personal information on entry to County Competitions. This area is not a club matter and is therefore dealt with separately by the GBA Policy, a copy of which can be obtained from the appropriate Divisional Secretary.

No data is shared by the Secretary within the Club except through the Club Handbook as indicated below.

 

Member’s Rights to their Personal Data

All members have the right to be provided with a copy of the data held on them by the Club. Any request for this should be made in writing (including e-mail) to the Club Secretary. The Club has one month to reply to any such request. There will be no charge for such access to data. The data held on a member will be deleted within one month of notice that the member has left or is not re-joining the Club.

 

Under 16’s Data

The GDPR allow that a child aged 16 can give their own consent to the collection and storage of their personal data as required above. If any club member is below 16, permission for the collection and use of their data will be sought from the parents/guardians of the child.

 

Breaches of Data Security

If at any point a breach of data security is suspected or identified, then that suspicion or fact must be reported immediately (verbally if necessary and confirmed in writing) to the Club Chairman who is responsible for investigating the position and any subsequent actions.

Where a breach is likely to result in a serious risk to the rights and freedoms of individuals (say involving health or financial issues), the Club Chairman has 72 hours from notification to report the incident to the Information Commissioners Office (ICO). The Chairman is responsible for investigating all breaches of security, determining the resultant degree of risk and deciding on the action to be taken, reporting this at the first opportunity to the Management Committee.

The Club recognises that the requirements of the GDPR apply as much to paper files and records as it does to digital based ones and will ensure that any paper records are similarly securely treated. As security issues are much more problematic for paper records, the Club will seek to reduce the use of paper files to the minimum possible.

 

Consent on the Holding and Use of the Data

On applying to join the Club, a member will be given a copy of this policy and asked to confirm that they have read and accepted it and that the Club may contact them through mail, e-mail and/or phone as outlined. Such communications will be restricted to matters such as: GBA and BE issues; club meetings, minutes and events; availability for and selection of teams; and other such club related material. In addition, they will be asked to consent to the publication of their name, e-mail address and phone number(s) in the Club Handbook for communications and so that they and other members can arrange matches as part of Club Competitions.

The Club will seek to always use a bcc system when any e-mails are sent to multiple members.

 

Reviews

It is hoped that members will update their personal information if it changes during the year. At the annual subscription, members will be asked to confirm the accuracy of the data held on them. Every four years, members will be asked to reconfirm their consents as described above.