From May 2018 the General Data Protection Regulation (GDPR) applies to voluntary organisations such as Tewkesbury Running Club. There is a lot of jargon used within the GDPRs, but basically, this is about how personal information about individuals is collected, used and looked after. This document sets out the detail about how the personal information provided by you will be used and looked after and explains your rights in relation to it.
2. Our commitment to you
Our commitment is to:-
· Keep personal information provided by you safe and private;
· Not use personal information for any purposes other than in connection with your membership of Tewkesbury Running Club, for the effective running of the Club and to keep you informed about developments at the Club and our activities.
· Make it easy for you to approach us if you have any concerns or questions relating to the holding or use of personal information.
3. Who we are and how we operate
Tewkesbury Running Club is a club for runners from the Tewkesbury area of all abilities. We seek to run the Club as informally as possible and to provide a friendly and supportive environment for those who run as a hobby, which might be through training opportunities, encouraging participation in races, through friendly competition and social activities.
There is more information about us on our website (www.tewkesburyrunningclub.com).
The individual responsible for data protection matters at Tewkesbury Running Club is Nigel Tillott whose email address is firstname.lastname@example.org.
4. How information is collected from you
Initial information about you may be provided by prospective members who contact us through our website, by email or telephone. Occasionally we may be given details of an individual whom we are told may have an interest in joining the Club and we may make contact in those circumstances. Please ensure that all personal information is accurately provided as the information which is held is only as accurate as the information provided in the first place.
5. What personal information will we collect from you?
We will require contact details including items such as name, address, telephone number and email address and will also require emergency contact details.
Members are registered with England Athletics which in turn provides insurance and allows a discount on race entries for most races. In order to register a member certain information is required in addition to basic contact information. Your gender and date of birth will be required for these purposes and is likely to be required for other purposes such as race entries or Club competitions. We will also ask you to provide, but not require that you provide, any relevant health information which may be of relevance when you are running with us.
6. What will the personal information be used for?
· Support and services:-
o To provide support and services to you as a member.
· To ensure vital interests:-
In situations where your health or welfare is at risk, we may provide information to others, such as emergency services to ensure, so far as possible, your health and wellbeing.
· When it is our legal obligation
It is most unlikely that we will have an obligation to provide information to others such as Regulators, but we may provide information to them if required to do so.
· When legitimate interests apply
We like to inform Club members of races, training opportunities and chances to get together to run and participate in social events.
We also like to share news about the running activities of members, for example, to ask of their participation in races or race reports referring to them and quoting times.
Clearly, we will not do this in such a way where there is any perceived detriment to members in doing so. If though as a member you do not wish us to undertake any of these activities please contact email@example.com and confirm the type of communications listed above which you would not wish us to undertake.
We may also use personal information for management and statistical purposes including retaining a membership list.
7. What about outsourcing?
We will pass personal information to other organisations from time to time, not for them to use for their own benefit but rather to assist us. This might, for example, include providing information to an auditor, to assist with the efficient administration and running of the Club, providing our IT needs and services for the benefit of the Club.
8. What happens if I don’t wish to provide personal information to Tewkesbury Running Club?
Without the information required by England Athletics, we will not be able to register and you will not be able to remain a member of the Club. Without basic contact information, we think it unlikely that your membership can be effective.
9. How long will Tewkesbury Running Club keep personal information for?
We will only retain personal information:-
· If you are a Club member for the duration of that membership and for no longer than 1 year after membership ceases;
· If you are not a member but we get information about you as part of enquiries about membership we will delete such information within 1 year of the last communication received from you or it becomes clear you do not wish to become a member, whichever is the later. If you ask us to erase information held about you prior to this we will do so.
10. Your rights in relation to the information held in relation to you
· Access - the right to make what is known as a Subject Access Request to obtain a copy of the personal information which we hold about you. If you make such a request we are required, in most circumstances, to provide a copy of the personal information without charge and within 30 days.
You may also seek confirmation of the nature of the personal information which we hold about you without seeking a copy of the information itself.
· Correction – it is important that you keep us up to date with any changes to the personal information provided. Subject to that you have the right to ask us to correct or complete any inaccurate or incomplete data held about you. It is possible that evidence will be required of the new information provided.
· Erasure – you are entitled to ask us to delete or remove personal information held where there is no good reason for us to continue to hold it. It may not always be possible to comply with your request due to ongoing obligations in relation to personal information. Where this is the case you will be informed and be told of the reasons why it is not possible to comply with the request.
· Object to processing – you may object to us processing personal information. There are some circumstances in which it will not be possible to comply with your request, for example, if it is necessary to process the information in connection with obligations which we have and which have been explained to you in this document. If you object to us processing information which has been processed under the legitimate interest head, we will stop processing it.
· Restriction of processing – you may ask us to suspend processing of personal information in the following situations:-
o If you want the data accuracy to be established;
o Where the use of the personal information is unlawful but you do not want it to be erased;
o You need the data to be held even though we no longer require it as you need it to establish, exercise, or defend legal claims; or
o You have objected to the use of the data by us but we need time to determine whether we have overriding legitimate grounds to process it.
· Request the transfer of information – sometimes rights apply to request a transfer of personal information held to other organisations, such as another organisation to provide similar services and facilities to those provided by ourselves. This right only applies to personal information that is processed by automated means and is held because it was necessary for the performance of the contract with you or personal information which is processed on the basis of your consent.
11. Keeping personal information safe
We have put in place appropriate security measures to prevent the personal information provided from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. Access to personal information is limited to the Club secretary, committee members and other members who have a need to know in relation to specific Club purposes, for example, the organisation of specific events for members. Procedures have been put in place to deal with any suspected breach of the requirements under the GDPRs. You and/or the Regulator referred to below will be notified of any potentially significant breach.
12. What happens if you want to complain?
It is hoped that you will not have cause to complain. If you do complaints should be referred to Nigel Tillott in the first place where possible. In the event that it is not possible or appropriate to refer a complaint to Nigel Tillott it may be referred to the Regulator, the Information Commissioner’s Office (ICO) whose address is:-
Information Commissioner's Office
· It is not anticipated that any personal information will be transferred outside of the European Union. We will notify you if this position changes.
· We don’t anticipate using automated decision making in relation to the personal information provided.
Dated October 2018