GDPR / About | G B Britton Bowls Club

GB. BRITTON BOWLS CLUB

Policy Document - General Data Protection Regulations (GDPR)

Introduction

This policy is designed to comply with the GDPR, effective from 25 May 2018. This policy concerns the personal information (data) held by the Club, its security and use. It defines the people involved, the data collected by the Club, how it is stored and used internally and externally, and members’ rights over their data.

Data Use and Control

The Club will use members’ data solely for the purposes of the effective running of the Club. It will not share this data with anyone except Gloucestershire Bowls Association (GBA), City and County of Bristol Bowling Association (CCBA) and Bowls England (BE) for some specific post holders as defined in this policy.

The Data Controller for the purposes of the GDPR will be the Club through the Management Committee who will also be responsible for its implementation and review. Given the nature of data held and the size of the Club, the appointment of a Data Protection Officer is not deemed to be necessary. Any concerns relating to data protection should be addressed to the Club Chairman who will fulfil this role.

The Data Processor will be the Club Secretary who will hold the club membership database on their computer. The Secretary will be responsible for the collection of the data, its security, ensuring that permission for the data to be held, used, and shared as described below is given, and updating of club records including deletion where required.

Data Held and Reason for Holding Data

It is necessary for the personal information listed below to be collected for the effective running of the Club:

Data Collected

Reason for Collection

Name

This is necessary for legal, insurance and licensing purposes. In addition, the Club is entitled to be aware of who is permitted to be on its premises and who is entitled to take part in internal and external leagues and competitions and other general matters

Address

This is required so that club information can be sent to members, not all of whom have an e-mail address. In addition, it facilitates shared travel arrangements

Phone Number

Home and mobile numbers are for contact purposes and the handbook

E-mail address

An alternative means of communication with members over competitions, teams, events and other general matters

Date of Birth

Some competitions have a specified age range for entrance.

Gender

Some competitions are gender specific

Date of Joining Club

To enable long-serving members to be identified and recognised.

Data Capture and Retention

Personal data will be captured when a member first joins the Club through a Club Membership Application form. The Club does not collect or hold any ‘sensitive data’ for a member such as health issues. The data collected will be held by the Club Secretary. To ensure the security of the data held, the Club requires that access to their computer is password protected and that any file holding the information is also individually password protected.

Data Sharing

Data may be shared externally with Gloucestershire Bowls Association (GBA), City and County of Bristol Bowling Association (CCBA) and Bowls England (BE) for some specific post holders as defined in this policy. These organisations hold data about the clubs within their boundaries, some of which is published annually in their handbooks. These publications may contain contact information relating to officers as follows:

Club Secretary – name, address, phone number(s) and e-mail address;
Women’s Divisional Delegate – name, address, phone number(s) and e-mail address
Match Secretary – name, address, phone number(s) and e-mail address;
County Two-Rinks Captain(s) – (Men’s Division) name and phone number; and,
County Inter-Club Competition Organiser – (Women’s Division) name and phone number(s).
Club Captain - name, address, phone number(s) and e-mail address

The holders of these posts will be required to confirm that they agree to the sharing and publication of this data.

The Club will require that these organisations do not further share the data or use it for any purpose except communications and publications as specified above. The Club will not release data to any other organisations.

Members can also be asked to provide some personal information on entry to County Competitions. This area is not a club matter and is therefore dealt with separately by the GBA Policy, a copy of which can be obtained from the appropriate Divisional Secretary.

Data may be shared internally within the club between club members. Such information is limited to that within the member’s possession or control and used only for the effective running of the club. Members should ensure the safe keeping and ultimate safe disposal of their handbook.

The Club will not publish any personal data on the club website.

Member’s Rights to their Personal Data

All members have the right to be provided with a copy of the data held on them by the Club. Any request for this should be made in writing (including e-mail) to the Club Secretary. The Club has one month to reply to any such request. There will be no charge for such access to data. The data held on a member will be deleted within one month of notice that the member has left or is not re-joining the Club.

Young People’s Data

GDPR will set an age for a young person to give their own consent to the collection and storage of their personal data. However, given the BE requirements concerning young people, if any club member is below 18, permission for the collection and use of their data will be sought from the parents/guardians of the young person. Only the name of a young person will be given in the club handbook. Any member requiring contact with a young person should approach the Secretary to seek agreement for the release of contact details.

Breaches of Data Security

If at any point a breach of data security is suspected or identified, then that suspicion or fact must be reported immediately (verbally if necessary and confirmed in writing) to the Club Chairman who is responsible for investigating breaches of security, determining the resultant degree of risk and deciding on the action to be taken, reporting this at the first opportunity to the Management Committee.

Where a breach is likely to result in a serious risk to the rights and freedoms of individuals (e.g. involving health or financial issues), the Club Chairman has 72 hours to report the incident to the Information Commissioners Office (ICO).

The Club recognises that the requirements of the GDPR apply as much to paper files and records as it does to digital ones and will ensure that any paper records are similarly securely treated. As security issues are much more problematic for paper records, the Club will seek to reduce the use of paper files to the minimum possible. Specifically, membership lists containing personal data will not be displayed on notice boards or the website for public viewing.

Consent on the Holding and Use of the Data

On applying to join the Club, a member will be given a copy of this policy and asked to confirm that they have read and accept it and that the Club may contact them through mail, e-mail and/or phone as outlined. Such communications will be restricted to matters such as: GBA, CCBA and BE issues; club meetings, minutes and events; availability for and selection of teams; and other such club related material. In addition, they will be asked to consent to the publication of their name, address and phone number(s) in the Club Handbook for communications and so that they and other members can arrange matches as part of Club Competitions.

Data Review

It is expected that a member will update their personal information if it changes during the year. At the annual subscription, members will be asked to confirm the accuracy of the data held on them. At least every four years, members will be asked to reconfirm their consents as described above.