- Your privacy is important to you. This Policy explains when and why we, Ashford Tri Club (herein ATC or the Club), collect personal information about our members (and other people who may participate in Club events), how we use it, how we keep it secure, and your Rights in relation to it under the Data Protection Act (DPA) and the General Data Protection Regulations (GDPR).
- We reserve the ability to amend this Policy from time-to-time without prior notice. This Policy will be published on the ATC website, with the most recent amendments clearly indicated including additions or removed content.
- We will always comply with the GDPR when dealing with your personal data. Further details on the GDPR can be found at the website for the Information Commissioner’s Office. For the purposes of the GDPR, we will be the ‘controller’ of all personal data we hold about you. The Data you provide to us will never be sold or shared with third parties unless you have provided your consent.
- The Club is run by an elected Committee, with specific Officers forming the Management Committee, as set out in the Constitution. The adoption of this Policy was agreed by all members of the Management Committee and is now an integral part of the club’s adopted Policies.
- Given our size, we do not have an appointed ‘Data Protection Officer’. However, the Club Chairperson is the ‘Data Compliance Lead’ for the Club, as supported by the Management Committee. In the first instance, if you are concerned with any part of this Policy or its implications for you, you should contact the Chairperson or a member of the Management Committee. The wider Committee has a supportive oversight role in this.
- We do not have any membership level below ‘Adult’ – that is anyone below 16 years of age for the purposes of this policy (it should be noted that the UK may choose on its own under a Data Protection Bill to reduce the age to 13 with regard to GDPR matters). Nonetheless, until that time consent from a person with ‘Parental responsibility’ will need to be provided for anyone younger than 16 years of age. As we do not run events or have members below this age it is not envisaged that such provisions will be required at this time. In all cases, we will seek to verify individual’s ages to ensure that parental consent is obtained when processing the data of anyone under 16 years of age.
What Information Do we Hold, and Why?
- The table below sets out the main information we collect, hold, and why. In the main this is Data that is collected when you join the Club, or take part in our activities.
|Type of Information||Purpose||Basis of processing|
|Member’s name, address, telephone number, e-mail address||Managing the Member’s membership in the Club, performing administration, and providing information in connection with and related to that membership||In the interest of the Club member in managing the club|
|Emergency contact details – provided on coached session forms/membership cards||For coaches and/or First Aiders to contact emergency contact in the event of an emergency||Protecting the Member’s vital interests and those of their friends, family and/or dependants and for the legitimate interests of members in operating the Club.|
|Photos and videos of Members, volunteers, officials and others who participate in both Club and external events – including coaching sessions or social activities||Putting on the Club’s website and in publications – including the Club’s newsletter – and/or social media pages and use in press releases||For the legitimate interests of members in operating the Club.|
|Member’s name, address, telephone number, e-mail, address and date of birth/age-related information, club affiliations and race times.
For events we run any published results will be limited to names, race times, and any club affiliations.
|Managing race entries and race results. Sharing race results with other clubs and the race governing bodies – such as the British Triathlon Federation and providing race results to print and online media||For the legitimate interests of members in operating the Club.
|Member’s name, address, telephone number, e-mail Address Managing volunteers for Club events. This may include details such as those who are First Aid trained.||Managing volunteers for Club events. Sharing information between volunteers to enable effective running of those events. For example, social events and the Hythe Bay Tri||For the legitimate interests of members in operating the Club.|
|Member’s name, age, times for ATC League Table and Triathlon England/British Triathlon race series||Managing league tables and race results. Sharing race results with race governing bodies – such as the British Triathlon Federation||For the legitimate interests of members in operating the Club and to foster sportsmanship.|
Who has Access to the Data?
- The main persons who have access to all or some of this information are restricted to:
Secretary – In relation to the good administration of the club.
Membership Secretary – For processing membership requests.
Webmaster – Secure storing data and race results, including DOBs of Members, on the league tables.
Treasurer – Checking payments: however, payment details are not retained by the Club.
Session Coaches – Emergency contacts and medical information on sign-in sheets or membership cards.
Chairperson/ Vice Chairperson – Helping process results, including league tables.
Kit Manager – Distribution of kit stock.
Race Event Organisers – Details of Marshals/Technical Officials/First Aiders/Paramedics for use at the event
Committee Members directly involved in the annual awards presented at the AGM. This will only be to check Member nominations against our Membership records, held by the Membership Secretary and Webmaster.
Selected general Members in the creation of annual League Tables for intra- and inter- club and Federation events. Access to relevant data will be controlled by the Chairperson and the selected general Members made fully aware of their responsibilities in managing this data securely.
- Where necessary, other Committee members may need access to parts of any personal data which will be handled in line with this Policy. This Data will not be shared without the approval of a member of the Club’s Management Committee.
- All Club committee members are aware of this Policy and maintaining our compliance. At the first Committee meeting following the AGM, the Committee will re-affirm its knowledge of this Policy, why it needs to be followed and consider whether it requires updating. Any committee member(s) retiring from their position on the Committee, either at this point or any other point during the year, will be asked to hand over any personal data they have relating to their previous role, and passwords will be specifically changed to ensure data is protected in line with this Policy.
Storage and Security Of Data
- Data is stored securely on the membership database which is hosted by our website provider. This Data remains the ‘property’ of the Club and not the hosting site. The only persons who have direct access to this are the Webmaster, Membership Secretary and Secretary. When renewing membership to the club, we ask for the same information to make sure our records are accurate. The passwords are updated regularly in accordance with industry security standards and access to this is limited to those indicated in this paragraph.
- If already expressly requested by you, your email address and name is also added to the Club email distribution list within online software known as ‘Mail Chimp’. This is a secure system where your email contact is never shown to the public and is only used by the Committee to deliver weekly newsletter and occasional event specific updates. All persons on the mailing list can unsubscribe at any time by clicking the unsubscribe button on any received emails.
- Your information is only used for general club communications and management. It will not be used for any marketing purposes or outside the Club. We also take steps to ensure that when your data is shared with your consent – such as during club events for chip timings – that any such organisations also comply with the GDPR.
- We take all steps within our control to make sure your data is kept safe and against unauthorised and unlawful access or against accidental loss. This includes (but is not limited to) keeping passwords updated, the information on secure servers, ensuring accuracy in sending out emails, for example.
- If any data breach(es) occur, such as sending an email to the wrong contact for example, we will report this to the relevant body. This could include the Information Commissioner’s Office (ICO) and/or the British Triathlon Federation. We will also seek to tell you as soon as possible. If you believe your Data has been breached, or any other data held by us, you should inform us as soon as possible.
- If necessary, a data breach log will be maintained and reported to the Committee at each meeting. However, this does not and should not prevent any breach from being reported/closed as soon as it is known of.
- If any Committee member seeks further training on keeping data secure; whether manually or digitally, the Club will take all steps possible to ensure training is provided.
- We will also update our Privacy Statement when signing up to events we run so that it reads on the lines of:
“You agree that we may publish your Personal Information as part of the results of the Event and may pass such information to any governing body or any affiliated organisation for the purpose of insurance, licences or for publishing results either for the event alone or combined with or compared to other events. Results may include (but not be limited to) name, any club/ home country/regional/county affiliation, results, age category, penalties.”
“You also agree that in the event of a disciplinary or welfare incident that you are either involved in or witness, we may pass on your personal information to British Triathlon or any other relevant Authorities for the purposes of supporting any investigatory activity into that incident.”
- There may also be some Data which is related to the Club, such as social media pages on Facebook, Flickr, or Twitter for example. This Data is not held by the Club, but rather on the relevant service provider’s platform. If you have any concerns with Data held on those, you should contact the relevant provider as the Club does not host these services. They are used solely to publicise upcoming events and training sessions, for example.
So what if I want to see what Data of mine you have? – Subject Access Request
- Any Member who wishes to see the information stored about them can do so. Any request will be actioned within 30 calendar days. This should be made in writing to the Club Chairperson or Secretary – either by email or letter.
Okay so I have left the Club or the event has passed – Storage Time
- We will only keep your information for as long as we need it for the purpose it has been provided for. If you are not a Member for a period exceeding 3 years, or other period set out in our legal obligations, your information will be deleted.
- If you leave the club and wish your information and Data to be deleted and removed from our records earlier, contact the Membership Secretary, Secretary, or Club Chairperson in writing (email or letter) to request this. The information will be deleted from our database. Once removed, any such data will not be retrievable. You may therefore be asked as part of our data protection process to confirm that it is you wishing this Data to be deleted – this is to ensure it is you making the request.
Any further queries?
- If you have any concerns at all about the Data held by our Club, or how it is securely stored, or any other data protection queries you should, in the first instance contact the Data Compliance Lead (the Chairperson) or in their absence a member of the Management Committee.
- Your Rights under the GDPR:
- To access your personal data
- To be provided with information about how your personal data is processed
- To have your personal data corrected
- To have your personal data erased in certain circumstances*
- To object to or restrict how your personal data is processed
- To have your personal data transferred to yourself or to another business in certain circumstances.
*In addition to the rights afforded to you by the GDPR, at the Club’s discretion and where practicable to do so, the Club may agree to remove from its website and social media sites images of members or others participating in Club events following receipt of a request to do so.
- We are a friendly club, and would ask that you contact us first if you have any concerns. However, you have the right to take any complaints about how we process your personal data to the Information Commissioner: https://ico.org.uk/ Tel: 0303 123 1113 Address: Information Commissioner’s Office Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF