DATA PROTECTION & PRIVACY POLICY

Oswestry Otters ASC  

DATA PROTECTION & PRIVACY POLICY

May 2018

Introduction to GDPR – General Data Protection Regulation

The General Data Protection Regulation (GDPR) which comes into effect on 25th May 2018, describes how organisations such as Oswestry Otters ASC must collect, handle and store personal information.

These rules apply regardless of whether data is stored electronically or on paper.

To comply with the GDPR, personal information must be collected and used fairly, stored safely and not disclosed unlawfully.

The GDPR is underpinned by eight important principles. These say that personal data must:

• be processed fairly and lawfully;

• be obtained only for specific, lawful purposes;

• be adequate, relevant and not excessive;

• be accurate and up to date;

• not kept for longer than necessary;

• be processed in accordance with the rights of the “Data Subjects”;

• be kept and held securely;

• not be transferred to third parties or other countries without consent.

Further details on the GDPR can be found at the website for the Information Commissioner’s Office (www.ico.gov.uk).

1. About this Policy.

1.1 This policy explains when and why we collect personal information about our members, their parents/guardians, coaches and volunteers. It explains how we use the data, how we keep it secure and your rights in relation to it.

1.2 We may collect, use and store your personal data, as described in this Data Protection Policy and as described when we collect data from you.

1.3 We reserve the right to amend this Data Protection Policy from time to time without prior notice. You are advised to check our website www.oswestryotters.co.uk and/or our Club noticeboard regularly for any amendments (amendments will not be made retrospectively).

1.4 We will always comply with the General Data Protection Regulation (GDPR) when dealing with your personal data. 

2. Who we are.

2.1 We are Oswestry Otters Amateur Swimming Club. Our base is Oswestry School, Upper Brook St, Oswestry SY11 2TL.

2.2 We can be contacted at oswestry.otters.coach@gmail.com or on the Club’s contact form on www.oswestryotters.co.uk

2.3 For the purposes of the GDPR, we, Oswestry Otters ASC, will be the “Data Controller”.  You, our members, their parents/guardians, coaches and volunteers, will be the “Data Subjects”.

3. Our Responsibilities

3.1 Oswestry Otters ASC has no formal Data Protection Officer (DPO), nor is it required to have one, but all members of the Committee have a responsibility to ensure data is collected, stored and handled appropriately in accordance with the requirements of the GDPR.

 

4. What information we collect and why. 

(“encrypted device” means PC, laptop, ipad/tablet, phone, memory stick)

What information we collect Why we collect it Where we collected it from and where we store it
Names, addresses, dates of birth and gender of members To manage the Club membership and to liaise with Swim England

To enter galas.

From: Membership Forms.

On Membership Secretary’s encrypted device and on Competition Secretary’s encrypted device.

Telephone numbers and email addresses of members To manage the Club membership From: Membership Forms.

On Membership Secretary’s encrypted device.

Some telephone numbers will be in the Club’s password-protected mobile phone held by the Head Coach.

Swim England numbers of members To manage the Club membership.

To enter galas.

From: Membership Forms and Swim England.

On Membership Secretary’s encrypted device and on Competition Secretary’s encrypted device.

Emergency contact details To contact in the event of an emergency From: Membership Forms.

In a folder kept with Head Coach and electronically (encrypted) with Membership Secretary and Welfare Officer.

Record of accidents/incidents To fulfil club requirements In locked filing cabinet at pool. Four committee members have a key. 
Details of some swimmers’ passports, numbers, issue dates etc (those attending overseas swim camp) To enable airline/hotel booking for overseas training camps From: Parents of swimmers attending overseas camp.

Two committee members, electronically on encrypted device.

Bank details of those working as swimming teachers and coaches and older swimmers on Dev Squad Desk. To enable online payment of wages. From: Swimming teachers, coaches and parents of those working on the Dev Squad Desk.

In the online banking app with Treasurer.

Bank details of some swimmers’ parents, not all To make refunds, for example where a gala entry is rejected. From: Parents

In the online banking app with Treasurer.

Bank details of other swimming clubs. To make online payment for gala entries. From: Other clubs.

In the online banking app with Treasurer.

Bank details of Regional Swim England and National Swim England. To make online payments for Open Meet Licences and membership. From: Regional & National Swim England.

In the online banking app with Treasurer.

Details entered when ordering Club merchandise online, for example clothing sizes. Where Club merchandise is ordered online, the orders come through to the Chairman before going on to supplier. From: Online order form completed by parents/swimmers

Kept in a password-protected, online form database which Chairman has access to.

Details entered when ordering named swim caps online. To allow online ordering.  From: Online order form completed by parents/swimmers.

Kept in a password-protected, online form database which Chairman has access to.

 

Photos of swimmers, Committee members and coaching/teaching team For swimmers, to use with permission for social media, local press and national Swimming Times magazine.

For identification of Committee members on noticeboard poster and for the “Meet the Team” part of the website.

From: Taken at events such as galas, Presentation Evening.

Swimmers’ photos kept with Welfare Officer.

Committee members on Chairman’s encrypted device.

Coaching/Teaching team on Club website.

Videos during training sessions. In the event of video of underwater analysis, videos are deleted after viewing. From: Head Coach using underwater camera.

Initially viewed on ipad then deleted.

Medical / health information including disabilities, allergies and other relevant issues. To ensure smooth running of the Club and so key people are aware where need be. From: Membership Forms.

Welfare Officer, electronically (encrypted) and on paper in locked filing cabinet.

For para swimmers, details on their disability and their Swim England/FINA classifications. To enable gala entries to include this obligatory information. From: Swimmer’s rankings/biography on Swim England website and/or from parents.

Competition Secretary on encrypted device.

Information relating to swimmers’ performance and achievement. To enable progress to be made during training sessions. From: Collated by Head Coach.

Head Coach on encrypted device.

Training data of swimmers. To enable progress to be made during training sessions. From: Collated by Head Coach.

Head Coach on encrypted device.

Records of qualifications of members, volunteers, teachers and coaches. To enable the SwimMark representative on committee to complete relevant information at renewals. From: Provided by coaches, teachers, members and volunteers.

SwimMark Rep’s and Welfare Officer’s encrypted devices.

Names, Swim England numbers and email addresses of trainee Officials. To enable contact to be made with regard to ongoing training sessions, also to collect names of those willing to attend at galas each time. From: Trainee Officials.

Officials’ Co-ordinator on encrypted device.

Names, Swim England numbers, email addresses and qualification details of qualified Officials. To enable contact to be made to find willing Officials to attend galas. From: Officials.

Officials’ Co-ordinator on encrypted device.

Copies of documents such as passport, driving licence, utility bills, bank statements. For verification purposes when processing DBS. From: People undergoing DBS applications.

Welfare Officer on encrypted device. Any paper copies kept in locked drawer/ filing cabinet and shredded once DBS has been issued.

Names and email addresses of contacts at other swimming clubs. To enable networking and interaction between clubs, for example when seeking help or advice. From: Provided by other clubs or from their websites

Chairman on encrypted device.

Names and email addresses of staff at pool and land-training venues. To liaise with regard to pool/room bookings, invoicing etc. From: Provided for us from the venues.

Committee members on encrypted devices.

Swimmers’ names with their parents’ mobile phone numbers at, for example, fundraising bag-packing at supermarket. To be able to contact parent if necessary. Handwritten on sheet of paper on clipboard during the event, shredded afterwards.
Passwords for Oswestry Otters ASC website. To access and update. From: Created when setting up website.

Two committee members, kept in heads/memory.

 

Passwords for Oswestry Otters ASC facebook page. To access and update as method of communication. From: Created when setting up facebook account.

Five committee members, kept in heads/memory.

Password for Club Twitter account. To access and update. From: Created when setting up twitter account.

Two committee members, kept in heads/memory.

Passwords for Club bank accounts. To access and update. From: Created when setting up bank account. Each person with access has their own chosen password.

Three committee members, kept in heads/memory.

 

Sensitive Personal Data

Oswestry Otters ASC will not collect or store sensitive personal data. This includes data relating to religion, race, sexual orientation, and criminal records and proceedings. 

We will obtain and store relevant medical data as well as emergency contact details for the safe running of the Club and only for the period required.

4. How we protect your personal data

4.1 We will not transfer your personal data outside the EEA (European Economic Area) without your consent.

4.2 We use generally accepted standards of technology and security in order to protect personal data from loss, misuse, unauthorised alteration or destruction. We will notify you promptly in the event of any breach of your personal data which might expose you to any sort of risk.

4.3 When you transmit information to us over the internet this can never be guaranteed to be 100% secure.

4.4 For any payments which we take from you online we will use a recognised online secure payment system.

5. Who else has access to the information you provide us?

5.1 We will never sell your personal data. We will not share your personal data with any third parties without your prior consent (which you are free to withhold) except where required to do so by law.

5.2 We will share your data with the membership department of the Swim England.

5.3 Following our own hosted galas, we will share your data with the rankings department of the Swim England.

6. How long do we keep your information?

6.1 We will hold your personal data on our systems while you are a member of the Club and for as long afterwards as is necessary to comply with our legal and welfare obligations. We will review your personal data every year to establish whether we are still entitled to hold it. If we decide that we are not entitled to do so, we will delete/destroy personal data securely. 

6.2 We securely destroy all financial information once we have used it and no longer need it.

7. Your rights

7.1 You have rights under the GDPR:

  • to access your personal data; 
  • to be provided with information about how your personal data is processed;
  • to have your personal data corrected;
  • to have your personal data erased in certain circumstances;
  • to object to, or restrict, how your personal data is processed;
  • to have your personal data transferred to yourself or to another club in certain circumstances.

7.2 You have the right to take any complaints about how we process your personal data to the Information Commissioner: 

https://ico.org.uk/concerns/ 

0303 123 1113. 

Information Commissioner’s Office 

Wycliffe House

Water Lane

Wilmslow

Cheshire 

SK9 5AF

If you have any questions, comments or requests with regard to this policy or how we deal with data, please contact the Chairman on oswestryotterschair@gmail.com