Berkhamsted Raiders takes your privacy very seriously.
The General Data Protection Regulation (GDPR)
The GDPR is a new European regulation for the protection of personal data that will come into force on 25 May 2018 and will be put into UK law through the Data Protection Bill which was unveiled by the government in August 2017. Before 25 May 2018, the 1998 and 2003 Data Protection Acts apply.
What personal information does Berkhamsted Raiders CFC hold?
Personal data means any information about an individual from which that individual can be identified.
We collect, use, store and transfer some personal data of our youth playing members, their parents or guardians, and other Club members.
You provide information about yourself or your child, when you register with the Club, and by filling in forms to attend or volunteer at an event or online, or by corresponding with us by phone, e-mail or otherwise.
The information you give us may include you or your family’s name, date of birth, address, e-mail address, phone number, gender, and the contact details of a third party in the case of emergency. We may also ask for relevant health information, which is classed as special category personal data, for the purposes of health, wellbeing, welfare and safeguarding. Where we hold this data it will be with the explicit consent of the participant or, if applicable, the participant’s parent or guardian.
Where we need to collect personal data to fulfil Club responsibilities and you do not provide that data, we may not be able honour or administer your membership.
We also hold names, addresses, email addresses, phone numbers and any preferences of Club sponsors and supporters.
What does Berkhamsted Raiders CFC do with the data?
We will only use personal data for any purpose for which it has been specifically provided.
The reason we need participants’ and members’ personal data is to be able to run the club and arrange matches; to administer memberships, and provide the membership services you are signing up to when you register with the club. Our lawful basis for processing your personal data is that we have a contractual obligation to you as a participant or member to provide the services you are registering for.
We use the data we collect in the following ways:
- We use the data to maintain records within our internal systems and our online payment system to facilitate the collection of membership subscriptions, maintain records of CRC/DBC checks and and raise funds.
- We use the data for direct marketing purposes to communicate with and raise funds from members, parents, sponsors and supporters. Any communications that we send clearly include an ‘unsubscribe’ option. We will only send you direct marketing if you are an existing member, participant or other associated individual and you have not previously objected to this marketing, or, you have actively provided your consent.
We will only process details on a player’s medical history with your consent.
We will only publish your personal data in a public domain, including images and names, if you have given your consent for us to do so. In the case of children under the age of 13 then only with written consent of parent/guardian.
How we collect information
We collect data in the following ways:
- Through PaySubsOnline, our online membership system.
- Through online systems that we use to efficiently administer volunteering and events.
- Individuals can subscribe to our mailing lists online.
Who we share your personal data with
- When you become a member of the Club, your information, if you are a coach or volunteer will be or if you are another participant may be (depending upon which league(s) your team plays in) entered onto the Whole Game System database, which is administered by the FA.
- We also pass your information to the County FA and to leagues to register participants and the team for matches, tournaments or other events, and for affiliation purposes.
- We may share your personal data with selected third parties, suppliers and sub-contractors such as referees, coaches or match organisers. Third-party service providers will only process your personal data for specified purposes and in accordance with our instructions.
- We may disclose your personal information to third parties to comply with a legal obligation; or to protect the rights, property, or safety of our participants, members or affiliates, or others.
- The Club’s data processing may require your personal data to be transferred outside of the UK. Where the Club does transfer your personal data overseas it is with the sufficient appropriate safeguards in place to ensure the security of that personal data.
Berkhamsted Raiders CFC’s data is held in the following places:
- Our secure, password-protected PaySubsOnline, our online membership system which can only be accessed by authorised individuals.
- Some information is held on Dropbox with limited access by authorised individuals. Some information is held on the Raiders MS system which is accessible by Trustees, Raiders Admin and Raiders Operations.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
How long do we hold your personal data?
We keep personal data on our participants and members while they continue to be a participant or member or are otherwise actively involved with the Club. We will delete this data 12 months after a participant or member has left or otherwise ended their membership or affiliation, or sooner if specifically requested and we are able to do so. We may need to retain some personal data for longer for legal or regulatory purposes.
If you do not wish us to use your data, you can:
- Request to unsubscribe via any of the direct marketing communications that we send.
- Email the Club Administrator on firstname.lastname@example.org and request removal.
Email our Data Controller, Julia Bastiman, Trustee at EMAIL ADDRESS
What restrictions are there on the use of Berkhamsted Raiders CFC data for marketing?
- Communications can only be sent when:
- There is legitimate interest for the communication.
- individuals have opted in to receive them.
- All communications must be relevant and proportionate.
- All communications must contain a clear opportunity to opt-out from future correspondence.
- All requests to opt-out are honoured.
- Data used for marketing must be recently downloaded (i.e. within the past month) to ensure it is as up to date as possible.
Your rights regarding your personal data
As a data subject you may have the right at any time to request access to, rectification or erasure of your personal data; to restrict or object to certain kinds of processing of your personal data, including direct marketing; to the portability of your personal data and to complain to the UK’s data protection supervisory authority, the Information Commissioner’s Office about the processing of your personal data.
As a data subject you are not obliged to share your personal data with the Club. If you choose not to share your personal data with us we may not be able to register or administer your membership.
We may update this Privacy Notice from time to time, and will inform you to any changes in how we handle your personal data.
If you have any questions about this Privacy Notice then please contact Julia Bastiman Raiders Secretary.