Privacy Notice – Members (“Members” includes: Individual members/Sporting Sections/Guests/Staff)
Introduction
The Club complies with the General Data Protection Regulation (GDPR) from 25th May 2018 which regulates how organisations hold and store information that we hold.
Aims of the policy
To inform members of the lawful purpose under which the Club asks for and holds the data that you provide. To provide information about the processing of your data together with your rights in relation to that data. Who does the policy apply to? All Club Members
Lawful Basis for holding the data
The information will be held and used under the auspices of contractual necessity (e.g. for the completion of the contract for membership) or legitimate interest or regulatory obligation (e.g. provision of information required by governing body or Disclosure and Barring Service (DBS) disclosure for volunteers working with children) or in delivering the benefits of club membership of which the club is required to keep you informed. (e.g. sporting competitions, members social events)
Type of information that we keep
Right to object
Members have the right to object to the processing of their data based on legitimate interests. ( Please be aware this may affect your membership)
Right to rectification
Members have the right to have inaccurate personal data corrected without undue delay
Right to complain
Members have a right of complaint to our supervisory body which is the Information Commissioners Office
Who has access to members’ data?
All staff for purpose of checking membership. All Committee members and Trustees have access to contact details through the Club. This facility is integral to club membership, management and administration.
General description of data security.
All paper documents stored under secure locked conditions. Password protection on computer access. Password protection on software access.
Data storage back up to disc or data stick and secured under locked conditions. Network protection through deployment of security software.
When are staff trained on GDPR?
Induction training for GDPR delivered to all staff during May/June 2018. New staff receive briefing as part of induction training when they join.
Who is the data owner?
West Herts Sports Club. If you have any questions, requests or complaints regarding this Policy, please contact Clive Geddes, Data Protection Officer, phone. 07950 842179, email: clivegeddes@googlemail.com.
How long do we hold data?
Data is transferred to dormant file on resignation or non renewal of membership. (Data retained as many members have a break in their membership and then re-join.)
Data is retained in a dormant file for 6 years after the date of non renewal of membership (data may need to be accessed by HMRC or other regulatory body with a valid interest.)
CCTV recordings are held for a period of three months.