HTC Data Protection Policy

Document Name HTC Data Protection Policy

Authors XXXXX

Responsibility All HTC Committee Members

Date Issued Rev 1: 21 Apr 2018

1 Introduction

Hildenborough Tennis Club (HTC) are committed to a policy of protecting the rights and privacy of individual members of the club (the Club).

The collection, storage and use certain types of Data is required in order for the club to function effectively. This personal information must be collected and dealt with appropriately. The General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation in EU law on data protection and privacy for all individuals and the governs the use of information about people (personal data). Personal data can be held on computers, laptops and mobile devices, or in a manual file.

The club will remain the data controller for the information held. The committee members are personally responsible for processing and using personal information in accordance with the GDPR.

2 Purpose

The purpose of this policy is to set out the Club’s commitment and procedures for protecting personal data. The Committee regards the lawful and correct treatment of personal information as important to successful working, and to maintaining the confidence of those with whom the club deals with.

3 Application

Whilst access to personal information is limited to members of the Club, Volunteers may undertake additional tasks which involve the collection of personal details from members of the public. In such circumstances, the Club will let people know why we are collecting their data and it is the Club’s responsibility to ensure the data is only used for this purpose.

The Club Committee is the Data Controller under the GDPR, and is legally responsible for complying with Act, which means that it determines what purposes personal information held will be used for. The Committee will take into account legal requirements and ensure that it is properly implemented, and will through appropriate management, strict application of criteria and controls:

1) Observe fully conditions regarding the fair collection and use of information. 2) Meet its legal obligations to specify the purposes for which information is used.

3) Collect and process appropriate information, and only to the extent that it is needed to

fulfil its operational needs or to comply with any legal requirements. 4) Ensure the quality of information used. 5) Ensure that the rights of people about whom information is held, can be fully exercised

under the GDPR, including:

  1. The right to be informed that processing is being undertaken 2. The right of access to one’s personal information 3. The right to prevent processing in certain circumstances, and

The right to correct, rectify, block or erase information which is regarded as wrong information 4. Take appropriate technical and organisational security measures to safeguard

personal information, 5. Ensure that personal information is not transferred abroad without suitable

safeguards, 6. Treat people justly and fairly whatever their age, religion, disability, gender,

sexual orientation or ethnicity when dealing with requests for information, 7. Set out clear procedures for responding to requests for information

The Data Protection Officer, who is part of the Club committee, is: Robin Douglas

The Data Protection Officer is responsible for ensuring that this policy is implemented and has overall responsibility for:

  1. Everyone processing personal information understands that they are responsible for

following good data protection practice 2. Everyone processing personal information is appropriately trained to do so 3. Everyone processing personal information is appropriately supervised 4. Anybody wanting to make enquiries about handling personal information knows

what to do 5. Dealing promptly and courteously with any enquiries about handling personal

Information 6. Describe clearly how the Club handles personal information 7. Regularly review and audit the ways the Club holds, manages and uses personal

Information 8. Regularly assess and evaluate its methods and performance in relation to

handling personal information

4 Informed Consent

Informed consent is when a Club member clearly understands why their information is needed, who it will be shared with, the possible consequences of them agreeing or refusing the proposed use of the data and then gives their consent.

The Club will ensure that data is collected within the boundaries defined in this policy. This applies to data that is collected in person, or by completing a form. When collecting data, the Club will ensure that the Club member:

  1. a) Clearly understands why the information is needed b) Understands what it will be used for and what the consequences are should the c) Member decide not to give consent to processing d) As far as reasonably possible, grants explicit consent, either written or verbal for data

to be processed e) Is, as far as reasonably practicable, competent enough to give consent and has given

so freely without any duress f) Has received sufficient information on why their data is needed and how it will be used

5 Data Storage and Use

5.1 Data Collected

The information the club holds on each member comprises:

Name* Postal Address Email Address Phone Numbers* British Tennis membership number The status of the Membership held (Adult, Junior, Male, Female, Social) If the case of Junior Members only, a record of their date of birth is held. This information is not held for Adult Members. Whether a deposit for a key to the clubhouse is held

5.2 Data Storage

The data in section 5.1 is held electronically on a web-based Google Sheet. This Google Sheet is access protected and is accessible only by authorised committee members. For a period each year (April to June typically) the Google Sheet also contains details of subscription payment information (i.e. who has paid, the sum paid and the date of the transaction). After the Subscription period is over then this information is deleted from the Google Sheet. The Club holds no personal financial details such as Sort Codes and Account numbers.

The above Google Sheet is linked electronically to the Club’s website such that the personal information marked with an asterisk above can be viewed online. The information can only be accessed by members who have been provided with the relevant password and is not available to the general public or to other website visitors.

The Club shall ensure that the data stored for each member is done so on an ‘informed consent’ basis and shall also ensure that a record of this consent is stored and available for audit purposes.

The Club does not, and shall not, hold any paper records of personal information.

5.3 Data Usage

The personal information of Members is used only to manage the club. This means it is used for the following purposes:

  • ● Membership administration
  • ● Club communications, including emails, newsletters and surveys Identification of team players
  • ● By Members to contact other Members for tennis related reasons

The Club shall not share or sell Member’s information to any third party for any purposes, included marketing. This includes our sponsorship partner (James Villas), who does not have access to membership information.

Any future relationship with a third party shall only be proceeded with if the arrangements are in sympathy with the intentions and thrust of this Data Protection policy.

5.4 Data Retention

Data relating to Club members is stored for the duration of the individuals membership of the Club. Any personal member related data that the Club holds will be completely removed / deleted once a member has indicated that they are cancelling their membership or after one month if no subscription renewal payment has been received by the Club Treasurer following the end of a membership year.

5.5 Published Data

Contact details for Team Captains are shown on the public part of the Club website so as to facilitate contact from other tennis clubs to arrange matches. The Club shall ensure that permission has been sought from the relevant members whose details are displayed in this area of the club’s website.

Photographs of individual members of the Club engaged in tennis and social activities connected to the Club appear in various parts of the Club website. No personal details of these Members are available outside of the password protected “Members Area” of the website. Should any Member object to the use of their photograph then they should contact any member of the Club committee and the photograph will be removed from the website.

Photographs of individual members of the Club Committee appear in various parts of the Club website. No personal details of these Members are available outside of the password protected “Members Area” of the website. The exception to this is the Club’s Welfare Officer who has agreed to their contact details being publicly available. Please refer to the Club’s Welfare and Safeguarding Policy for further information.

6 Policy Review This policy shall be reviewed on an annual basis. The next review date being 31-March-2019