Data Protection & Privacy Policy

General Statement of Duties

Carryduff Colts necessarily processes personal data regarding our Members, Officers and Volunteers and, as a result, is required to comply with the European Union General Data Protection Regulations (GDPR) and UK Data Protection Act 2018.

We will take all reasonable steps to comply with the relevant Data Protection Principles contained in GDPR and the Data Protection Act.

This policy was updated August 2018

Data Protection and Privacy Enquires should be sent to

GDPR Principles

The GDPR sets out seven key principles:

  • Lawfulness, fairness and transparency
  • Purpose limitation
  • Data minimisation
  • Accuracy
  • Storage limitation
  • Integrity and confidentiality (security)
  • Accountability

The club is committed to:

  • ensuring that it complies with the seven data protection principles, as listed above
  • meeting its legal obligations, although as a ‘not-for-profit’ organisation, it is not required to register with the Information Commissioner’s Office (ICO);
  • ensuring that data is collected and used fairly and lawfully
  • processing personal data only in order to meet its operational needs or to fulfill its legal requirements
  • taking steps to ensure that personal data is up to date and accurate
  • establishing appropriate retention periods for personal data
  • ensuring that data subjects’ rights can be appropriately exercised
  • providing adequate security measures to protect personal data
  • ensuring that a nominated officer is responsible for data protection compliance and providing a point of contact for all data protection issues
  • ensuring that all club officers are made aware of good practice in data protection
  • providing adequate training for all members/volunteers responsible for personal data
  • ensuring that everyone handling personal data knows where to find further guidance
  • ensuring that queries about data protection, internal and external to the organisation, are dealt with effectively and promptly
  • regularly reviewing data protection procedures and guidelines within the club

Carryduff Colts shall, as far as is reasonably practicable, ensure that all data is:

  • Processed fairly and lawfully
  • Only used for the purposes for which it is obtained
  • Adequate, relevant and not excessive
  • Accurate and up-to-date
  • Not kept for longer than necessary
  • Processed in accordance with individuals rights
  • Kept secure
  • Not transferred outside the European Economic Area without adequate protection

Personal Data

Personal data is any information about a living identifiable individual. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person

This includes information necessary for Carryduff Colts Membership Applications and Records, Volunteer Registrations and Operational and Administration purposes. This includes: – name, date of birth, address, contact details, medical and special needs, and other appropriate personal information.


Carryduff Colts will endeavour to ensure that all personal data held is accurate.

Individuals must notify the Club Secretary of any changes to information held about them and have the right to request that inaccurate information be erased.

Processing of Personal Data

Personal data will normally remain confidential and only be disclosed to third parties on a need to know basis subject to authorisation by the Executive Committee and the consent of the individual concerned.

Exceptions to this are necessary information for club operations (such as team management, League Registrations, etc), Emergency Services intervention, or as otherwise required by law.

All club officers responsible for processing personal data will be made familiar with this policy.


Certain data is exempted from the provisions of the Data Protection Act. This includes:

  • The prevention or detection of crime
  • Where the processing is necessary to exercise a right or obligation conferred or imposed by law upon Carryduff Colts
  • Employment and other References given by Carryduff Colts

Rights of Access to Information

The GDPR provides the following rights for individuals:

    • The right to be informed
    • The right of access
    • The right to rectification
    • The right to erasure
    • The right to restrict processing
    • The right to data portability
    • The right to object
    • Rights in relation to automated decision making and profiling.

Individuals have a right of access to personal information held by Carryduff Colts.

Any individual wishing to access his/her personal data should make a request in writing to the Club Secretary who will endeavour to respond to and action any such written requests within 30 days. You may be required to provide verification of your identity.

To comply with data protection confidentiality, certain data may be withheld if it identifies a third party.

Data Protection Controller

Carryduff Colts is the legal Data Controller with day-to-day responsibility delegated to the Secretary, Welfare Officers, IT Manager and Treasurer for general administrative, liaison and financial operations.

These Officers will endeavour to ensure that all personal data is processed in compliance with this Data Protection Policy.


If anyone believes that Carryduff Colts has not complied with this Policy or acted in accordance with the Data Protection Act, they should inform the Club Secretary who will ensure that any such reported breach of security is investigated.

Information Security Policy

All personal data will be stored primarily on a secure cloud operating service hosted in the UK. Access will be provided via two factor authentication. Full access to personal data will only be accessible to these authorised personnel. Carryduff Colts head coaches can access parent/player details for members of their year group only.

All breaches of security will be investigated.

Online payment forms are secured over SSL and we use Stripe to adhere to PCI Compliance regulations. Please see their relevant Privacy Policy. For processing of Payments with Stripe, the email address, card holder name, card expiry data and and last 4 digits only for each transaction are available to the following restricted users for payment tracking: the Club Treasurer and Registration Coordinator.

The club uses MailChimp for sending emails to members who have opted in to receive such emails about club information or events. Please see their relevant Privacy Policy. Members can unsubscribe from receiving such emails by using links in any emails received, or by contacting

Data Retention Policy

Member, Volunteer and Officer Personal data will be removed 1 year after the end of the season during which it is collected.