Carlisle Subscription Bowling Club
Website Privacy and Use Policy
The Policy
This privacy policy is for this website and governs the privacy of its users who choose to use it. It explains how we comply with the GDPR (General Data Protection Regulation), the DPA (Data Protection Act) [pre GDPR enforcement] and the PECR (Privacy and Electronic Communications Regulations). This policy will explain areas of this website that may affect your privacy and personal details, how we process, collect, manage and store those details and how your rights under the GDPR, DPA & PECR are adhered to.
Use of Cookies
This website does not use Cookies, which are small files saved to a website users computer / device that track, save and store information about the user's interactions and usage of the website.
Adverts and Sponsored Links
This website does not contain sponsored links or adverts.
Policy on General Data Protection Regulations (GDPR)
Introduction – This policy concerns the personal information (data) held by the Club, its security and use.
The policy is written in response to the GDPR, in force from 25 May 2018. It defines the people involved, the data collected by the Club, how it is stored and used internally and externally, and members’ rights over their data.
The Club uses this data solely for the purposes of the effective running of the Club. It does not share the data with anyone without your consent except Cumbria Bowls Association (CBA) and Bowls England (BE) for some specific post holders and affiliation purposes.
The Data Controller for the purposes of the GDPR will be the Club through the Committee. They will be responsible for the implementation and review of this policy. Given the nature of data held and Club size, the committee has appointed a Data Protection Officer from within the committee. Any concerns relating to data protection should be addressed to the Club Chairman who will pass the enquiry to the above Officer.
The Data Processor will be the Club Secretary who will hold the club membership database. The Secretary is responsible for the collection of the data, its security, ensuring that permission for the data to be held, used, and shared as described below is given, and updating of club records including deletion where required.
What Data is Collected and Why
It is necessary for the personal information to be collected for the effective running of the Club as tabulated below:
Data Collected and Reason for Collection
Name
This is necessary for legal, insurance and licensing purposes. In addition, the Club is entitled to be aware of who is permitted to be on its premises
Address
Required so that club information can be sent to members, not all of whom have an e-mail address. In addition, it facilitates shared transport arrangements for matches etc.
Phone Number
Home and mobile numbers are for competitions, contact purposes.
E-mail address
The prime means of communication when required to contact members about competitions, teams, events and other general matters.
Under or over 18 years old
Club fees are age dependent so this is required to establish the correct fees.
Gender
Some competitions are gender specific
Date of Joining Club
To enable long-serving members to be identified and recognised as appropriate.
The Club does not collect or hold any ‘sensitive data’ about a member such as health issues.
When is the Data Collected and Reviewed
This data is collected when a member first joins the Club through a Club Membership Application form. The accuracy of the personal information will be reviewed annually when a member renews their membership.
Who Collects and Holds the Data
The data is collected and held by the Club Secretary. To ensure the security of the data held, the Club requires that access to their computer is password protected.
What Data is Shared outside the Club
Cumbria Bowling Association – The CBA publishes annual handbooks which contain contact information which may include:
The holders of these posts will be required to confirm that they agree to the sharing and publication of this data.
Bowls England and EIBA – publish an annual handbook which contains contact information for the Club, namely
As above, the individual post holder will be required to confirm their agreement to this.
The Club will require that organisations do not further share the data or use it for any purpose except communications and publications as specified above. The Club will not release the data to any other organisations for marketing or other purposes. The data is not used in any form of automated decision making or profiling.
No data is shared by the Club Secretary within the Club except telephone numbers so that members and team captains may arrange teams for games and contact members over a match should the need arise.
The Club will not publish any personal data on the club website except names and telephone numbers of club officers and officials.
Member’s Rights to their Personal Data
All members have the right to be provided with a copy of the data held on them by the Club. Any request for this should be made in writing (including e-mail) to the Club Secretary. The Club has one month to reply to any such request. The data held on a member will be deleted within one month of notice that the member has left or is not re-joining the Club.
Young People’s Data
GDPR will set an age for a young person to give their own consent to the collection and storage of their personal data. However, given the Bowls England requirements concerning young people, if any club member is below 18, permission for the collection and use of their data will be sought from the parents/guardians of the young person. Any member requiring contact with a young person should approach the Secretary to seek agreement for the release of contact details.
Breaches of Data Security
If at any point a breach of data security is suspected or identified, then that suspicion or fact must be reported immediately (verbally if necessary and confirmed in writing) to the Club Chairman who is responsible for investigating breaches of security, determining the resultant degree of risk and deciding on the action to be taken, reporting this at the first opportunity to the Club Committee.
Where a breach is likely to result in a serious risk to the rights and freedoms of individuals (say involving health or financial issues), the Club Chairman has 72 hours to report the incident to the Information Commissioners Office (ICO).
The Club recognises that the requirements of the GDPR apply as much to paper files and records as it does to digital ones and will ensure that any paper records are similarly securely treated. As security issues are much more problematic for paper records, the Club will seek to reduce the use of paper files to the minimum possible.
Consent on the Holding and Use of the Data
On applying to join the Club, a member will be given a copy of this policy and asked to confirm that they have read and accepted it, and that the Club may contact them through mail, e-mail and/or phone as outlined. Such communications will be restricted to matters such as: Carlisle Subscription BC and Bowls England issues; club meetings, minutes and events; availability for and selection of teams; and other such club related material. In addition, they will be asked to consent to the publication of their name and phone number(s) and email address for communications and so that they and other members can arrange matches as part of Club Competitions.
It should be noted that if consent is withdrawn for the publication of any data in printed form it will be removed from the next publication but will remain in previously printed editions of publications.
Reviews
It is expected that a member will update their personal information, if alterations in their details have changed during the year. At the annual renewal of subscriptions members will be asked to reconfirm the accuracy of the data held on them and to reconfirm their consent as described above, and by signing the enclosed GDPR Form..
Contact Us
Carlisle Subscription Bowling Club
Myddleton Street
Carlisle
Cumbria
CA1 2AA