POLICY on GENERAL DATA PROTECTION REGULATION (GDPR)

 

INTRODUCTION -This policy concerns the personal information (data) held by the Club and its security and use.

The policy is written in response to the GDPR in force from 25 May 2018. It defines

1/ the people involved

2/ the data collected by the Club

3/ how it is stored and used internally and externally

4/ members’ rights over this data.

The Club uses this data solely for the purposes of the effective running of the Club and it does not share the data with anyone

without your consent, except Somerset Bowls Association (SBA) and Bowls England (BE) for some specific post holders and

affiliation purposes.

 

The Data Controller

For the purposes of the GDPR this will be the Club Membership Secretary. He/she will be responsible for the implementation and review of this policy. If you have any concerns relating to data protection these should be addressed to the Club Membership Secretary.

 

What Data is Collected and Why

It is necessary for personal information to be collected for the effective running of the Club as shown below.

 

Data Collected                               Reason for Collection

Name                                            This is necessary for legal, insurance and licensing purposes. In addition, the Club is entitled to be aware who is permitted to be on the premises.

 

Address                                         Required so the club information can be sent to members, not all of whom have an e-mail address. In addition, it facilitates shared transport arrangements.

 

Phone Number                                Home and mobile numbers are for competitions, contact purposes and handbooks.

 

E-mail address.                               The prime means of communication with members over competitions, teams, events, general matters and handbooks.

 

Under or over 18 years old                Club fees are age dependent, so this is required to establish the correct fees.

 

Gender                                          Some competitions are gender specific.

 

Date of Joining Club                        To enable long-serving members to be identified and recognised as appropriate.

 

The Club does not collect or hold any ‘sensitive data’ for a member such as health issues.

 

When is the data Collected and Received?

This data is captured when a member first joins the Club through a Club Membership Application form. The accuracy of the

personal information will be reviewed annually when a member renews their membership.

 

The Club will not publish any personal data on the club website except names and telephone numbers of club officers and

officials with their permission

 

Who collects and Holds the Data?

The data is collected and held by the Membership Officer. To ensure the security of the data held, the Club requires that

access to their computer is password protected.

 

Who Else in the club has the Data

Club / Men’s / Ladies’ / Indoor Secretaries, and Chairman.

 

What Data is Shared outside the Club?

Somerset Bowling Association publishes annual handbooks which contain contact information which may include.

         Club Secretary – name, address, phone number(s) and e-mail address.

         Match Secretary – name, address, phone number(s) and e-mail address.

         Club Delegate – name, address, phone number(s) and e-mail address.

The holders of these posts will be required to confirm that they agree to the sharing and publication of this data.

 

Bowls England and EIBA – publish an annual handbook which contains contact information for the Club, namely;

         Club Secretary – name, address, phone number(s) and e-mail address

The individual post holder will be required to confirm that they agree to the sharing and publication of this data.

The Club will require that organisations do not further share the data or use it for any purpose except communications and

publications as specified above. The Club will not release the data to any other organisation for marking or other purpose. The

data is not used in any form of automated decision making or profiling.

 

Members are also asked to provide some personal information on entering County Competitions. This area is not a club matter

and is therefore dealt with separately by the SBA Policy, a copy of which can be obtained from the appropriate County

Secretary.

 

Member’s Rights to their Personal Data.

All members have the right to be provided with a copy of the data held on them by the Club. Any request for this to be made in

writing (including e-mail) to the Club Secretary. The Club has one month to reply to any such request. There will be no charge

for such access to data. The data held on a member will be deleted within one month of notice that the member has left or is not re-joining the Club

 

Young people’s Data

GDPR will set an age for a young person to give their own consent to the collection and storage of their personal data.

However, given the BE requirement concerning young people, if any club member is below 18, permission for the collection

and use of their data will be sought from the parents/guardians of the young person. Any member requiring contact with a young person should approach the Secretary to seek agreement for the release of contact details.

 

Breaches of Data Security

If at any point a breach of data security is suspected or identified, then that suspicion or fact must be reported immediately

(verbally if necessary and confirmed in writing) to the Club Chairman who is responsible for investigating breaches of security,

The Club Chairman will determine the degree of risk and deciding on the action to be taken, reporting this at the first opportunity to the Management Committee.

 

Where a breach is likely to result in a serious risk to the rights and freedoms of individuals (say involving health or financial

issues), the Club Chairman has 72 hours to report the incident to the Information Commissioners Office (ICO).

 

The Club recognises that the requirements of the GDPR apply as much to paper files and records as it does digital ones and

will ensure that any paper records are similarly treated. As security issues are much more problematic for paper records, the

Club will seek to reduce the use of paper files to the minimum possible.

 

Consent on the Holding and Use of the Data.

On applying to join the Club, a member will be given a copy of this policy and asked to confirm that they have read and accept

it and that the Club may contact them through mail, e-mail and /or phone as outlined. Such communications will be restricted

to matters such as SBA and BE issues, club meetings, minutes and events, availability for and selection of teams, and other

such club related material. In addition, they will be asked to consent to the publication of their name and phone number(s)for

communication and so that and other members can arrange matches as part of Club Competitions.

 

It should be noted that if consent is withdrawn for the publication of any data in printed form it will be removed from the next

publication but will remain in previously printed editions of publications.

 

The Club will seek to always use a bcc system when any e-mails are sent to multiple members.