The Whitchurch & District Bowling League (hereafter ‘the League’) have issued the following GDPR requirements for clubs affiliated to the League. The League expects the club secretary or the club committee to inform their members of the privacy policy of the League. 

The League respects the right of the club members to privacy. As part of our commitment to protect their privacy, we have produced this policy to explain what personal data we hold and how we use it. We also want to make sure they are aware of their rights under the General Data Protection Regulation (GDPR). Our aim is to be fair and transparent about how we use the personal data. Data Controller

What personal data we hold and why:

When you join become a member of the League, you provide us with personal data on some of your members. The personal data will include:- 

• Names

• Telephone number(s) 

• Email addresses

This information is held by the League when your members take part in the League activities, typically league, competitions and matches. It is predominately the only personal information we hold. 

How do we collect this personal information? 

All the information collected is obtained directly from your members or your club. The information will generally be collected via entry forms, filled in to take part in the League activities. At the point when your members enter competitions they will have assumed to provide the League with their consent to circulate their data for the League’s use. Consent is required in order to ensure our compliance with data protection legislation. 

How do we use the personal data?

 The GDPR requires organisations to justify why they use personal data, and specify which of the six 'Lawful Basis for Processing' they are assigning to each task. 

• League management 
• registering and administering applications to enter League competitions 
• informing the affiliated clubs of statutory items, such as AGM notices 
• informing HMRC of 'Gift-Aid' donations 
• informing you of the results of League competitions 

The lawful basis for processing are Legal Obligation and Contract. 

Matches and Competitions:

• sharing contact details with club captains, vice-captains or team managers to help manage team selection for matches 

• sharing contact details with opponents to help arrange competitions 

• sharing contact details with internal league organisers 

The lawful basis for processing is Legitimate Interests. Your members can ask for details not to be shared, but this would make it difficult for their inclusion in matches and competitions. 

Clubs may choose to stop receiving these communications (opt-out) by informing the League Hon Secretary. 

Who do we share personal data with? 

If your members have entered League competitions, we will forward their name, telephone number and email to the other competitors to allow for communication and match arrangements. We do not share the personal data outside of the League. 

How long do we keep personal data?

We will hold onto personal data for as long as the activities last. Some records may be held for longer, such as records submitted to HMRC, but will be securely destroyed after seven years. The data stored is reviewed regularly. Old and incorrect data is deleted from the system and from any backups. 

How do we store personal data?

 We have in place a range of security safeguards and software to protect personal information against loss or theft, as well as unauthorised access, disclosure, copying, use, or modification. The data is held by one or more of the following methods 

• Entirely on a Paper Based filing system held by the Match, League, and Hon Secretaries. • On a database/spreadsheet/external membership management system, held by the same secretaries and accessed by committee members/coaches as appropriate. 

• The Club's website, provided by a third party, which stores personal data as part of our online account. The website company have their own Privacy Policy. See our web site for details. 

If there are any concerns over the account details, the League should be contacted as the Data Controller. 

Special category data:

We will only collect health data on medical conditions for the safety of your member at League functions. This information is securely held, and is not available to the public. It is optional whether these details are provided. 

Children:

WE hold Clubs responsible for additional information on parents and/ legal guardians in line with their Safeguarding Policy. We never disclose the child's details without the prior consent of the parents. 

Your rights to control personal data of your members:

 The GDPR provides your club with a number of rights over the personal data of your members held by the League. At any time you can: