South Cotswold League Policy on General Data Protection Regulations (GDPR)
Introduction – This Policy concerns the personal information (data) held by the South Cotswold League, its security and use. The League has 16 member clubs and a Management Committee of four elected members. The Policy is written in response to the GDPR, in force from 25 May 2018. It defines the people involved in data collection in the League, how it is stored and members’ rights over their data.
This data is used solely for the purposes of the effective running of the League and the League does not share the data with anyone. The data is not used in any form of automated decision making or profiling.
Review of Data Collection – To enable the League to run effectively, the League Secretary holds information in a database. There are three categories of information held:
> Club Contacts – the name and email address of the League contact in each club. This information is available only to the League Secretary and is used to contact clubs, it is not shared or published;
> Team Contacts – the name and phone number(s) of each league-team’s contact. This information is
published to all club and team contacts so that matches can be arranged; and,
> Results – the name and email address of people who receive the results each week. The email address book is also available to the Fixtures Secretary who sends out the results.
Data Security – The database is held by the Secretary (acting as both Data Controller and Data Processor) on a secure computer with the file also password protected.
Member’s Rights to their Personal Data – All members have the right to be provided with a copy of the data held on them by the League. Any request for this should be made in writing (including e-mail) to the League Secretary who has one month to reply to any such request. There will be no charge for such access to data. The data held on a member will be deleted within one month of notice that the record is no longer relevant.
Breaches of Data Security – If at any point a breach of data security is suspected or identified, then that must be reported immediately (verbally if necessary and confirmed in writing or e-mail) to the League Chairman who will investigate and determine any subsequent actions as necessary. Where a breach is likely to result in a serious risk to the rights and freedoms of individuals (say involving health or financial issues), the Chairman has 72 hours from notification to report the incident to the Information Commissioners Office (ICO).
Reviews – The data held is updated annually and this policy will be reviewed at least every three years.
Consent – You are asked to confirm that you have read the League Policy and that you consent being contacted as indicated above. Please complete the table below and return this notice preferably by e-mail.
Alternatively, cut off the text below and send it to me.
Please mark the appropriate box for each statement:
I have read and accept the League Policy Yes / No
I consent to the League and Clubs contacting me by phone Yes / No
I consent to the League contacting me by e-mail Yes / No
South Cotswold League Secretary
[GPDR League Policy.docx – 2018]