GDPR (Data Protection)

Statement:

Heugh Bowmen (the “Club”) is committed to protecting your personal data. We will implement various procedures to ensure that this data is only held for specified reasons, is accurate, stored securely and retained only for as long as is necessary. We will also respect individual’s rights to access, correct and remove their data. In this document, references to the Club means Heugh Bowmen. This notice explains how we collect and use the personal data about you, as required by the Data Protection Act and the General Data Protection Regulations (GDPR).

 

Who we are:

The Club is a not-for-profit organisation.

The Club operates a website: www.heughbowmen.org.uk (the “Website”).

The Club is a data controller as defined by GDPR. Data protection is the collective responsibility of the Club’s Committee.

 

Principles:

Consent should be given by a clear affirmative act establishing a freely given, specific, informed and unambiguous indication of the data subject’s agreement to the processing of personal data relating to him or her, such as by a written statement, including by electronic means, or an oral statement. Silence, pre-ticked boxes or inactivity should not therefore constitute consent. Consent should cover all processing activities carried out for the same purpose or purposes. When the processing has multiple purposes, consent should be given for all of them.

 

Procedures:

Privacy notices:

Privacy notices describe how the data we collect will be used. They will be communicated/ written in clear and plain language and used every time we collect personal data.

How we gather and use your data The Club gathers certain data about you. We collect data in the following ways:

  1. Data you give us:
  • Application forms for membership of the Club;
  • Beginners courses or Taster sessions at the Club;
  • Undertaking tournaments organised by and held at the Club
  1. Data from your use of our Website.
  2. Photographic methods

The following describes how and why we process your data by each collection occurrence.

Application to become a member of the Club

Data protection principle/criteria How applied
Legal basis for processing For legitimate reasons
Data collected Name, date of birth/age, postal address, email address, phone number, and any disability and/or medical issues
How we use individual’s data (Privacy Notice) To assign individuals to the appropriate membership class (based on age). To register members with county, regional and national organisation. To be able to contact you from time to time, to manage Club activities, to provide you information about the Club or its activities
How obtained? Supplied by individual on signed application form.
Shared within Club? Yes, electronic file (spreadsheet). Club Committee. Key users are Secretary, Chairman, Treasurer and Records Officer.
Shared outside Club? * Yes, electronic file (spreadsheet) or secure on-line data input Data is shared, on behalf of individuals, with the County, Regional and National* bodies as part of the national membership registration process. Names and membership type (senior/junior) to Seaton Carew Sports and Social Club.  Each organisation has its own Data Protection policies and procedures, which individuals should access via their websites.
How stored/where/length of storage? Paper forms until next membership renewal or up to 12 months following membership expiry.  Key Committee members until the next update from the Secretary.

* You will be given the option to opt in to 3 additional uses of your data by AGB: to receive the quarterly ‘Archery UK’ magazine (via post); the monthly ‘e-zine’ (via email); and, to allow 3rd party contact by their commercial partners (post/email). AGB currently uses a 3rd party data processor to process/maintain its membership database. As a member you will have the ability to amend your data held by AGB and the opt in/out options via the AGB website.

Other uses: Some of this data (name, gender, age category) may also be used within the Club to place you in categories for the Club’s shoots, competitions and skill classification.

A contemporaneous record is kept of each Club member’s archery classification and handicap and recent scores in Club organised archery rounds and competitions. This is held and published on the Club’s Website for up to 5 years. Personal data is limited to name only.

The Club’s Treasurer keeps member’s names and membership category on the Club’s accounting software (Excel spreadsheet). This is held for a minimum of 7 years (maximum 8 years).

If a Club member consistently achieves high scores (at least 3 times shooting 12 dozen rounds in a summer season) he/she may be eligible to shoot for the county. The Club’s Records Officer will only send data to the county with the member’s consent, usually verbally. If the member is a junior (under 18 years of age), consent will also be requested from the parent/guardian by email/in writing.

Other reasonable purposes of the Club that comply with data protection legislation.

Application to undertake a Beginners course or Taster session

 

Data protection principle/criteria How applied
Legal basis for processing For legitimate reasons
Data collected Name, age (date of birth for juniors), gender, postal address, email address, phone number, physical criteria, and any disability.
How we use individual’s data (Privacy Notice) We use all this data in order to ensure the Club has sufficient resources to provide the training required. Some data is anonymised.
How obtained? Supplied by individual via web form
Shared within Club? Yes. Club Coaches informed of attendees’ names, gender, age and their physical criteria.
Shared outside Club? * No
How stored/where/length of storage? All data destroyed one month after end of course

Undertaking tournaments**

 

Data protection principle/criteria How applied
Legal basis for processing For legitimate reasons
Data collected First Name, Surname, Gender, Bow style, Age category (or age if a junior), Club, County and Round.  Next of Kin, Medical conditions and Contact details will be held if supplied.
How we use individual’s data (Privacy Notice) To assign participants to appropriate archery rounds. To produce and inform participants of the target list. To produce and inform participants of the results.
How obtained? Supplied by individual on application form.
Shared within Club? Yes (except contact details) Target list
Shared outside Club? * Yes (except contact details) Target lists sent to participants’ contact. Results sent to participants/contact and on Club and County Website. Record Status Tournament Results sent to Archery GB.
How stored/where/length of storage? Paper forms with Tournament Organiser up to 12 months following tournament. Target list until results published and results indefinitely.

** Note: when tournaments are held at the Club ground but organised by another organisation (e.g. County Championships) then that organisation is the data controller. Refer to their published Data Protection policy, procedures and privacy notices.

 

Data from your use of our website:

Each time you visit our Website it may automatically collect certain data. This data includes technical data, such as Internet Protocol (IP) addresses used to connect your device to the internet, browser type and version, browser plug-in types and versions, operating system and platform and data relating to what pages you have viewed (e.g. by using cookies as described further below).

We will use the data we get from your use of our Website to:

  • Administer our Website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
  • Improve our Website to ensure that content is presented in the most effective manner for you and for your internet enabled device;
  • As part of our efforts to keep our Website safe and secure; and,
  • Other reasonable purposes of the Club that comply with data protection legislation.

Our Website contains links to other websites. This data protection policy only applies to this Website so when you link to other websites you should read their own data protection policies and/or privacy policies.

Cookies are text files placed on your computer to collect standard Internet log data and visitor behavior data. This data is used to track visitor use of the website and to compile statistical reports on website activity (as described above).

 

Photography:

Occasionally, Club members may wish to take photographs of Club members or members of the public attending Beginner’s courses, Taster sessions or Tournaments.

Common examples include:

  • Group photos during shoots for placing on the Website; and,
  • Video recording of members for coaching purposes.

The file will not be shared with anyone except the individual involved (unless permission granted). At all times, consent (verbally or written) will be sought. Permission will also be sought from parents or guardians when juniors are present. At any time, permission can be revoked and individuals have the right for any photographic record to be removed/deleted.

 

Profiling:

We do not carry out any profiling of individuals using their data.

 

Marketing:

We do not conduct or are involved with any marketing, except to occasionally inform Club members of availability of Club clothing.

 

Data Sharing and Disclosure:

We will not disclose your personal data to third parties (other than those previously identified) unless we are under a duty to disclose your personal data in order to comply with any legal obligation (for example to government bodies and law enforcement agencies).

 

Persons under 18:

If you are under 18 and would like to get involved, please ensure that you have consent from a parent or guardian before giving us your personal data. When we collect data about a child/young person/junior (anyone aged under 18) the form(s) will need to be signed by a parent or guardian.

 

Where we may store data:

The data that we collect from you will be transferred to and stored at the Club’s registered office and associated electronic systems. By submitting your personal data, you agree to this transfer, storing or processing. The Club will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this policy. Communication and reporting of any data losses will be based on risk to individual.

 

Your rights:

You have the right to:

  1. Have any inaccuracies in your data corrected. If you would like to update the details we hold about you other than online, please contact the Club Secretary via telephone, email or by letter (at the Registered address).
  2. Request that we delete your personal data.
  3. You have a right to request a copy of the personal data we hold about you.

Please address requests to the Club Secretary and we will respond within one month of receipt of your written request and confirmed ID. This request is free of charge unless the request is manifestly unfounded or excessive.

 

Audit:

A member of the Club’s Management Committee will conduct an audit annually, or more frequent if required, and report the results to the Committee and recorded. Any remedial actions will be implemented and completed as quickly as is reasonably practicable.

 

Changes to this notice and the way we treat personal data:

We may update the policy and procedures at any time, so please do check it from time to time. If we make any significant changes in the way we treat your personal data we will contact you directly.

 

Enquires and Complaints:

The Club’s Secretary is the first point of contact regarding any enquires arising from this policy and procedures. Where possible, please raise all enquires in writing/email. If you are unhappy with our work or something that we have done or failed to do, please inform us in writing. The Club will acknowledge receipt of all complaints and will endeavour to investigate the complaint within 15 working days. All complaints should be sent to the Club Secretary

You may also complain directly to the Information Commissioner’s Office if you are concerned with how we are handling your personal data using their online form which can be found here: https://ico.org.uk/concerns/handling/