Chinnor Rugby Club – Personal Information Privacy Statement
New data security regulations are coming into force in May 2018 that affects personal data held about you by any organisation or business that you may become associated with. As a Club, we too need to make sure that you are aware of how these changes affect both you and the Club with respect to data we hold and what we do with the data we hold about you.
It is important that you read this privacy notice together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you, so that you are fully aware of how and why we are using your data. This privacy notice supplements other notices and is not intended to override them.
What is Personal Data
Personal Data is any data that can contribute to identifying you as a unique individual. For example your National Insurance number uniquely identifies you on it’s own, whereas your name may not – there may be others with the same name - but would do with additional pieces of data eg your address.
The new regulations say that if we keep and process personal data about you, then we must do it in a way that protects your privacy. We can only keep data about you if we have a good legal reason for doing so. We also have to make sure that your data is kept safely and cannot be accessed by people not authorised to access it. Finally we have to make sure that we only keep data for as long as there is a valid reason to do so - when that valid reason goes away eg leaving the Club, then we must delete the data we hold.
You also have increased rights under the new law over the data we hold about you. You have the right to know what data we hold and to see it if you wish; to have it corrected if it is wrong, or even have it deleted if you wish – although there may be things that we can no longer do for you as a result eg 10% discount at the bar – see the section ‘Your Rights’ below.
Data Controller Contact Details
In the context of the law the Club is the Data Controller for information it holds on Members and Employees, with the exception of additional data required by the RFU.
Chinnor Rugby Football Club
Telephone - 01844 213735
What Information do we collect and where do we keep it?
We collect information to enable us to run the membership of the Club so we record
We include club sponsors as club members.
NOTE it is the Club’s responsibility to make as sure as it reasonably can, that Pitchero is complying with the new laws and to check regularly that it continues to do so.
We hold information on staff that allows us to manage their employment with us, including identity and contact data, as well as recording sickness, annual leave, salary, and tax information etc.. This information is kept on the Sage Accounting package that we use to run the Club’s finances. Some of it is also held by Rectory Homes, as we use their payroll service to pay salaries. You can ask to see or correct the information held by asking the Club General Manager. Both Sage and Rectory Homes will be governed by the same law on personal data privacy.
Players, Coaches, Physios
We are bound by contract with the RFU to collect and store information concerning players, coaches, physio staff and also concerning any children and minors we have as Club members (see Children and Minors below). The latter is used for safeguarding purposes. This information is loaded by the Club onto the GMS System operated by the RFU. It is then managed processed as required by the RFU.
Children and Minors
We are bound by contract with the RFU to collect and store information concerning any children and minors we have as Club members. This is used for safeguarding purposes. This information is loaded by the Club onto the GMS System operated by the RFU. It is then managed processed as required by the RFU.
We also sometimes wish to post pictures and videos of matches involving our Mini and Midi Youth sections onto our own website operated by Pitchero and also social media . In such cases we will only use pictures that involve children and minors who have either given their consent if they are between the ages of 14 and 18 and/or have had consent given by their legal parent or guardian if under 14.
Other Repositories of Personal Data
We may hold subsets of information on local personal computers for the purpose of administering local activities such as O2 Touch Rugby and the 300 Club. The activity administrator/organiser will maintain that data, extracting it from Pitchero or Chip/Cobra as appropriate, or will collect it directly from participants. They are required by Club rules to declare that they are keeping information, what information they are keeping and to delete it from their computers when finished with it. You have the right not to have your personal data held and processed this way and should contact the relevant administrator/organiser directly.
The Club maintains a full list of all the data types we hold (including data held by specific administrators/organisers), where it is held, what it is used for and for how long it is retained. The information is contained in a spreadsheet on the Club’s Cloud Store and is freely available to anyone in the Club, by contacting The General Manager – there is no actual personal data held on this spreadsheet.
How do we collect Personal Information
We use different methods to collect data from and about you including through:
How we use your personal information
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
Generally we do not rely on your consent as a legal basis for processing your personal data, except where children and minors are involved.
You have the right to opt out from receiving any email communications from the Club such as newsletters or other contacts concerning Club activities. To do so, contact the Club General Manager
We will not sell, rent or lease the data we capture to third parties, but we may disclose it in the circumstances set out below in “Disclosure to third parties”.
We have set out in a table format, a description of all the ways we use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate and how long we will retain the personal data. That table is available in spreadsheet form by requesting it from the General Manager, either electronically or on paper.
Protection of Personal Information
We take precautions — including administrative, technical, and physical measures — to safeguard your personal information against loss, theft, and misuse, as well as against unauthorised access, disclosure, alteration, and destruction.
Although we will do our best to protect your personal information, we cannot guarantee the security of your data transmitted to the Website by virtue of the unsecure nature of the internet and any transmission is at your own risk. Once we have received your personal information, we will use strict procedures and security features to try to prevent unauthorised access.
Disclosure to third parties
We may share your personal information with ruling sports bodies or to our third party service providers. We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
We may also disclose your personal information if we are under a duty to disclose or share your personal data in order to comply with any legal obligation. This includes exchanging information with other organisations for the purposes of fraud protection and credit risk reduction.
You have the right to:
If you wish to exercise any of the rights set out above, please contact the Club General Manager.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Issued by the Chinnor Rugby Club Board of Management
Dated 1st May 2018
Chinnor RFC Volunteer GDPR Compliance 1st Draft 23/04/18