General Statement of Duties
Carryduff Colts necessarily processes personal data regarding our Members, Officers and Volunteers and as such is required to comply with the European Union General Data Protection Regulations (GDPR) and UK Data Protection Act 2018.
We will take all reasonable steps to do so in accordance with this Policy by endeavouring to comply with the relevant Data Protection Principles contained in GDPR and the Data Protection Act.
This policy was updated August 2018
Data Protection and Privacy Enquires should be sent to email@example.com
The GDPR sets out seven key principles:
- Lawfulness, fairness and transparency
- Purpose limitation
- Data minimisation
- Storage limitation
- Integrity and confidentiality (security)
The club is committed to:
- ensuring that it complies with the seven data protection principles, as listed above
- meeting its legal obligations, although as a ‘not-for-profit’ organisation, it is not required to register with the Information Commissioner’s Office (ICO);
- ensuring that data is collected and used fairly and lawfully
- processing personal data only in order to meet its operational needs or to fulfill its legal requirements
- taking steps to ensure that personal data is up to date and accurate
- establishing appropriate retention periods for personal data
- ensuring that data subjects’ rights can be appropriately exercised
- providing adequate security measures to protect personal data
- ensuring that a nominated officer is responsible for data protection compliance and provides a point of contact for all data protection issues
- ensuring that all club officers are made aware of good practice in data protection
- providing adequate training for all staff responsible for personal data
- ensuring that everyone handling personal data knows where to find further guidance
- ensuring that queries about data protection, internal and external to the organisation, are dealt with effectively and promptly
- regularly reviewing data protection procedures and guidelines within the club
Carryduff Colts shall as far as is reasonably practicable ensure that all data is:
- Processed fairly and lawfully
- Only used for the purposes for which it is obtained
- Adequate, relevant and not excessive
- Accurate and up-to-date
- Not kept for longer than necessary
- Processed in accordance with individuals rights
- Kept secure
- Not transferred outside the European Economic Area without adequate protection
Personal data is any information about a living identifiable individual. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person
This includes information necessary for Carryduff Colts Membership Applications and Records, Volunteer Registrations and Operational and Administration purposes. This includes: – name, date of birth, address, contact details, medical and special needs, and other appropriate personal information.
Carryduff Colts will endeavour to ensure that all personal data held is accurate.
Individuals must notify the Club Secretary of any changes to information held about them and have the right to request that inaccurate information be erased.
Processing of Personal Data
Personal data will normally remain confidential and only be disclosed to third parties on a need to know basis subject to authorisation by the Executive Committee and the consent of the individual concerned.
Exceptions to this are necessary information for club operations (such as team management, League Registrations, etc), Emergency Services intervention, or as otherwise required by law.
All club officers responsible for processing personal data will be made familiar with this policy.
Certain data is exempted from the provisions of the Data Protection Act. This includes:
- The prevention or detection of crime
- Where the processing is necessary to exercise a right or obligation conferred or imposed by law upon Carryduff Colts
- Employment and other References given by Carryduff Colts
Rights of Access to Information
The GDPR provides the following rights for individuals:
Individuals have a right of access to personal information held by Carryduff Colts.
Any individual wishing to access his/her personal data should make a request in writing to the Club Secretary who will endeavour to respond to and action any such written requests within 30 days. You may be required to provide verification of your identity.
To comply with data protection confidentiality certain data may be withheld if it identifies a third party.
Data Protection Controller
Carryduff Colts is the legal Data Controller with day to day responsibility delegated to the Secretary, Welfare Officers, IT Manager and Treasurer for general administrative, liaison and financial operations.
These Officers will endeavour to ensure that all personal data is processed in compliance with this Data Protection Policy.
If anyone believes that Carryduff Colts has not complied with this Policy or acted in accordance with the Data Protection Act, they should inform the Club Secretary who will ensure that any such reported breach of security is investigated.
Information Security Policy
All personal data will be stored primarily on a secure cloud operating service hosted in the UK. Access will be provided via two factor authentication. Full access to personal data will only be accessible to these authorised personnel. Carryduff Colts head coaches can access parent/player details for members of their year group only.
All breaches of security will be investigated should they occur.
Data Retention Policy
Member, Volunteer and Officer Personal data will be removed 1 year after the end of the season it as collected in.