GLOSSOP CRICKET CLUB

GDPR Policy

General Statement of Duties: 

GDPR (General Data Protection Regulation) places certain obligations on sports clubs who process individual’s personal data. It regulates how personal information should be  used  and  protects  people  from  misuse  of  their  personal  details.    Glossop Cricket Club (holds or uses information and therefore, our data protection policy sets out our commitment to protecting personal data and how we implement that commitment with regards to the collection and use of personal data. 

Glossop  Cricket  Club  only  collect  personal  data  for  “domestic  or  recreational reasons”.  It  is  important  that  GLOSSOP CRICKET CLUB  still  adhere  to  the  principles  of  GDPR  and understand best practice for managing information. 

1.     GLOSSOP CRICKET CLUB are committed to: 

• Ensuring that we comply with GDPR principals best we can, as listed below 
• (section 2) 
• Meeting our legal obligations as laid down by GDPR May 2018 
• Ensuring that data is collected and used fairly and lawfully 
• Processing personal data only in order to meet our operational needs or fulfill legal requirements 
• Taking steps to ensure that personal data is up to date and accurate 
• Establishing appropriate retention periods for personal data 
• Ensuring that data subjects' rights can be appropriately exercised 
• Providing adequate security measures to protect personal data 
• Ensuring  that  a  nominated  officer  is  responsible  for  data  protection compliance and provides a point of contact for all data protection issues - (The Secretary) 
• Ensuring  that  all  club  officers  are  made  aware  of  good  practice  in  data protection 
• Providing adequate training for all staff responsible for personal data 
• Ensuring that everyone handling personal data knows where to find further guidance 
• Ensuring that queries about data protection,  internal and  external  to the organisation, are dealt with effectively and promptly 
• Regularly reviewing data protection procedures and guidelines within the club 

2.     General Data Regulation Principals 

1. Personal data shall be processed fairly and lawfully 
2. Personal data shall be obtained for one or more specified and lawful purposes, and  shall  not  be  further  processed  in  any  manner  incompatible  with  that purpose or those purposes 
3. Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed 
4. Personal data shall be accurate and, where necessary, kept up to date 
5. Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes 
6. Personal  data  shall  be  processed  in  accordance  with  the  rights  of  data subjects under the GDPR Act May 2018 
7. Appropriate  technical  and  organisational  measures  shall  be  taken  against unauthorised and unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data 
8. Personal data shall not be transferred to a country or territory outside the European  Economic  Area  unless  that  country  or  territory  ensures  an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data 

3.     Data Protection Statement and Security 

• All  Club  Registration  /Application  forms  and  Coaches  /Managers  Details forms contain our data protection statement: 

In order to comply with the GDPR Act May 2018 we need to inform you that your personal data will be securely stored on a Glossop Cricket Club database (in association with Paysubsonline.com) and  will  only  be  made  available  to  Committee  Members  and  Cricket  Club Officials where appropriate. You will need to give us your consent to collect and store your personal data. 

If you are a child under the age of 18, your parent/guardian will need to consent to us collecting and storing your personal data. You will also need to understand why we need to collect and store your personal data. Consent can be withdrawn at any time, by contacting GLOSSOP CRICKET CLUB’s Secretary. 

• All  Club  Databases  and Documents  containing  personal  information  will  be 
• Password Protected. 
• Those Officers and Members of the Club responsible for keeping personal data will be duly trained in appropriate security measures in order to keep the data secure. 
• Passwords use by these Officers and Members of the Club responsible for keeping personal data will be changed on a regular basis. 
• Passwords will not be concurrent e.g. 1234, pppp, abcd. Neither will they be transposed from change to change e.g. subtle21 to subtle22 and back 
• Passwords will be at least eight digits long and contain a mixture of letters, numbers and special characters e.g. ! & *. 
• All such Club Databases and Documents will be administered by a nominated 
• Club Official. Such Club Official will log all instances where he / she releases such Database or Document to other Committee Members or Club Officials whether that be by electronic transmission or hard copy.  The entry in the log will specify 'date', 'time', 'person that the data is released to' and the 'reason for the release' and the up-to-date log will be forwarded to the Chairman at regular intervals by the relevant Club Official. 
• All emails sent by GLOSSOP CRICKET CLUB Officials will contain the following ‘disclaimer’ : 

This email and any attachments are confidential and may also be privileged. If you have received it in error, you are on notice of its status. It is intended solely for the addressee. If you are not the intended recipient, please notify the sender immediately and delete all copies of the email on your systems and any attachments. Any unauthorised use is strictly prohibited. You must not otherwise use, disclose, distribute, copy, print or rely on this email. Any view expressed in this email which does not relate to the official business of 

Glossop Cricket Club, is neither given or endorsed by Glossop Cricket Club. To the fullest extent of the law, Glossop Club accepts no liability for unauthorised use of this email. 

• All computers that are utilised by GLOSSOP CRICKET CLUB Officials holding such Club Databases and documents will have recognised Anti Virus software installed. 
• All Hard Copies of such Club Databases and Documents will be shredded straight after use 

4.     Rights of Access 

Individuals have a right of access to personal information about them which is held by GLOSSOP CRICKET CLUB. Any individual wishing to access their personal data should put their request in writing to the Secretary.  GLOSSOP CRICKET CLUB will endeavour to respond to any such written request as soon as is reasonably practicable and in any event, within 40 days. 

You should be aware that certain data is exempt from the right of access under GDPR; this may include information which identifies other individuals, information which GLOSSOP CRICKET CLUB reasonably believes is likely to cause damage or distress, or information which is subject to legal professional privilege. 

5.     Exemptions 

There are situations where access to information may be withheld by GLOSSOP CRICKET CLUB: 

a)  The  GDPR  Act  contains  a  number  of  exemptions  when  information  may  be withheld, for GLOSSOP CRICKET CLUB purposes these include: 

• Information which might cause serious harm to the physical or mental health of a child or another individual; 
• Cases where the disclosure would reveal a child is at risk of abuse; 

b) Unstructured personal information. 

GLOSSOP CRICKET CLUB will generally not be required to provide access to information held mutually and in an unstructured way. 

6.     Monitoring and Review 

This policy will be monitored by the Secretary and will be reviewed annually or at any time when changes to other policies or legislation may affect this current policy.