Dated 31st July 2019
To be reviewed July 2020
The processing of personal data is governed by the General Data Protection Regulation (“GDPR”) & it is the policy of Attenborough Cricket Club (“the Club”) to take all necessary steps to ensure that personal data held by ACC about its members is processed fairly & lawfully. The ACC Secretary is responsible for data protection. The accountability for the implementation of this policy is held by all the members of the committee.
1) The Club will implement & comply with the eight data protection principles in the Data protection Act 1998 (“the Act”) & the GDPR which promotes good conduct in relation to processing personal information. These principles are as follows:
- Personal Data shall be processed fairly & lawfully.
- Personal Data shall be obtained only for specified lawful purposes & shall not be further processed in any matter incompatible with those purposes.
- Personal Data shall be adequate, relevant & not excessive in relation to the purpose or purposes for which they are processed.
- Personal Data shall be accurate &, where necessary, kept up to date.
- Personal Data processed for any other purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
- Personal Data shall be processed in accordance with the rights of data subjects under the regulations.
- Appropriate technical & organisational measures shall be taken against unauthorised or unlawful processing of personal data & against accidental loss or destruction, or damage to personal data.
- Personal Data shall not be transferred to a country or territory outside the European Economic Area (“the EEA”) unless that country or territory ensures an adequate level of protection for the rights of data subjects in relation to the processing of personal data.
2) In collecting information, the Club will only collect that information which is relevant to Club matters.
3) The Club will collect the following information for the following purposes. This includes details on consent being given only to the Club (with the exceptions detailed in section 6):
|Type of Information||Purposes||Legal basis of processing|
|Member’s name, address, telephone numbers, email addresses.||Managing the Member’s membership of the Club.||Communicating with the members & for the purposes of our legitimate interests in operating the Club.|
|Emergency contact details.||Managing membership categories which are related.||To enable emergency contact to be made when necessary.|
|Photos & videos of Members.||Putting on the Club’s website & social media pages & using in press releases.||Consent – We will seek the member’s consent (to process their personal data) on their membership application form & each membership renewal form & the Member may withdraw their consent at any time by contacting us by email or letter.|
4) The Club will use the information provided by members only for the following reasons:
- The Club Membership Secretary uses the information to maintain current membership listings as required.
- Club Coaches use some of the information, particularly that relating to age & medical conditions, to plan training programmes.
- Club Coaches need to know of the medical information relating to any player to ensure that they do not ask the individual to undertake any athletic activity which would be harmful to their health.
- The Team Captains use the information to compile team lists for matches, & keep records of matches competed in.
- Communication regarding Club social & other related events.
- Anonymised data may be shared with a funding partner as condition of grant funding e.g. Local Authority.
- Anonymised data may be analysed to monitor Club trend.
- We may pass your personal data to third parties who are service providers, agents & subcontractors to us for the purposes of completing tasks & providing services to you on our behalf (e.g. to print newsletters & send you mailings). However, we disclose only the personal data that is necessary for the third party to deliver the service & we will ensure we have a contract in place in each case that requires them to keep your information secure & not to use it for their own purposes.
5) The Club will retain such records for 2 seasons after the last membership payment or renewal & then will securely destroy all personal data with the exceptions of match performance data.
6) The Club will keep your data secure & release information about members to people outside the Club only in the following circumstances:
- Where there is legislative requirement to do so
- Where there is an obvious medical reason to do so.
- In order to meet the requirements of matches in which the Club is competing, if required.
7) Responses to Data requests will be completed within 1 calendar month of the request.
8) Where information requests are made by a third party the Club will pass on to the third party only that information which is required in order to comply with legislative or competition requirements.
9) Breaches will be notified to the Information Commissioners Office (“ICO”) within 72 hours. These include data;
- Lost or not protected
- Obtained through unlawful disclosure or unauthorised access
- Recorded inaccurately &/or in a misleading manner
- Provided to a third party without permission
- Held longer than required
- Used for unlawful purposes
10) All who have access to & handle any personal data held by or on behalf of the Club in line with individual’s data protection rights & are fully aware of & abide by their duties under the regulations. This policy & the necessary training to ensure compliance with its implementation will be reviewed on an annual basis.