Burscough Archers

Burscough Archers

Data Protection Policy


1) Definitions

  1. Personal information is data about a person which is identifiable as being about them. It can be stored electronically or on paper and includes images and audio recordings as well as written information.
  2. Data protection is about how we, as an organisation, ensure we protect the rights and privacy of individuals, and comply with the law, when collecting, storing, using, amending, sharing, destroying or deleting personal data.

2) Responsibility

  1. Overall and final responsibility for data protection lies with the management committee, who are responsible for overseeing activities and ensuring this policy is upheld.
  2. All volunteers are responsible for observing this policy, and related procedures, in all areas of their work for the group.

3) Overall Policy Statement

  1. Burscough Archers is committed to keeping individual’s data safe and secure. Burscough Archers needs to keep personal data about its committee, members, volunteers and prospective members in order to carry out group activities.
  2. We will collect, store, use, amend, share, destroy or delete personal data only in ways which protect people’s privacy and comply with the General Data Protection Regulation (GDPR) and other relevant legislation.
  3. We will only collect, store and use the minimum amount of data that we need for clear purposes, and will not collect, store or use data we do not need.
  4. We will only collect, store and use data for:
    • purposes for which the individual has given explicit consent, or
    • purposes that are in our group’s legitimate interests, or
    • to comply with legal obligations
  5. We will provide individuals with details of the data we have about them when requested by the relevant individual.
  6. We will delete data if requested by the relevant individual, unless we need to keep it for legal reasons. Individuals should contact the club secretary in writing if they wish their data to be removed.
  7. Communications – we may communicate relevant news or details of upcoming events to individuals using direct email or via secure third-party platforms such as Mailchimp when it is within our legitimate interests to do so or when individuals have expressly agreed we may. Recipients of such communications may unsubscribe at any time.
  8. Photography and video taken at club nights and events, may be used on our website, social media platforms, newspapers and appropriate magazines as well as other promotional / internal documents. Individuals have the right not to have their photograph taken or to appear in any video and they should make their wishes known to the organiser before the commencement of, and taking part in, any event.
  9. We will endeavour to keep personal data up-to-date and accurate.
  10. We will store personal data securely.
  11. We will keep clear records of the purposes of collecting and holding specific data, to ensure it is only used for these purposes.
  12. We will not share personal data with third parties without the explicit consent of the relevant individual, unless legally required to do so.
  13. We will endeavour not to have data breaches. In the event of a data breach, we will endeavour to rectify the breach by getting any lost or shared data back. We will evaluate our processes and understand how to avoid it happening again. Serious data breaches which may risk someone’s personal rights or freedoms will be reported to the Information Commissioner’s Office within 72 hours, and to the individual concerned.
  14. To uphold this policy, we will maintain a set of data protection procedures for our committee and volunteers to follow.

4) Data Specific to New and Current Members

  1. The club will hold the following data for each member: - title, name, address, telephone number, mobile number and date of birth. The club will not hold any medical information unless a member specifically asks us to do so, for that members own personal safety.
  2. The Club will not retain any financial data on its members, beyond the recording of payments made to/ from the Club.
  3. It will be necessary to register new and renewed club memberships with Archery GB, Northern Counties Archery Society and Lancashire Archery Association. We will provide Archery GB with personal data which Archery GB will use to enable access to an online portal for the member at (https://agb.sport80.com) which, amongst other things, allows members to set and amend their privacy settings. If a member has any questions about the continuing privacy of their personal data when it is shared with Archery GB, they should contact gdpr@archerygb.org.
    NB. Only a member’s name is given to Northern Counties Archery Society and Lancashire Archery Association, to register their membership of both organisations.
  4. If a member chooses to join the Club’s closed WhatsApp group they should be aware that their name and mobile phone number, will be visible to other club members using the WhatsApp group.
  5. A member’s email address, and mobile number if they join the WhatsApp group, will be used for all club communications by the Club Secretary or appointed officer.
  6. When entering any internal or external competitions, your details may be used to submit your scores to a third party organiser. Details are likely to include, name, gender, age, bow style, scores, AGB membership number and any disability.
  7. It is a member’s responsibility to ensure that their personal data is kept up to date both on the Archery GB online portal and with the Club Secretary. It is a member right to ask what data the club holds on them and for any or all of their data to be removed from the Club’s records and this should be done in writing to the Club Secretary. The Club Secretary is committed to respond within the time limits in force within the GDPR regulations. This is currently one month.
  8. When a member leaves the club, only the members name and email address will be kept on file by the Club as proof of their past membership. A member has the right to ask for all their details to be removed but should be aware that if the Club does so, the Club will not be able to prove their past membership. All requests must be in writing to the Club Secretary.

5) Beginners Courses and GDPR

  1. When individuals register for a beginners course we collect the following information: - title, name, address, telephone number, mobile number and, in the case of junior participants, date of birth. This information is gathered for insurance purposes and is not shared with any other organisation.
  2. We also collect any health information individuals wish to give us that may be relevant to their participation in Archery. This information will be held in the strictest confidence but may be shared with our coaches, only where necessary, to assist them in determining the most suitable equipment and teaching styles to suit an individual’s personal needs.
  3. Following a course, we will retain only the name and email address of participants as proof of completion of the course and these will be kept secure for up to five years before being deleted.
  4. Individuals can request that all information relating to them be deleted following a course, but we will then be unable to confirm they have completed a course.

6) Have-a-Go and Marketing Events

  1. From time to time we may ask participants in events, for their names and email addresses in order that we can contact them about future events they may be interested in. You will be under no pressure to give your details and will still be welcome to take part in the activity you have chosen to attend.
  2. If you do give your details, these will be held securely online in our Mailchimp email platform account and our database. We will not share your information with any third party organisation and you may unsubscribe at any time.

7) Review

  1. This policy will be reviewed every two years.

Club Secretary.
Burscough Archers.
11th May 2019.