Throughout this document the Association shall mean Richmond Gymnastics Association.
Richmond Gymnastics Association is the data controller and is committed to complying with the General Data Protection Policy 2018 and the British Gymnastics Data Protection Policy.
1. Policy Statement
The Association is committed to a policy of protecting the rights and privacy of individuals in accordance with the new General Data Protection Regulations (GDPR 2018). The Association needs to process certain information about its members and other individuals it has dealings with for administrative purposes. To comply with the law, information about individuals will be collected and used fairly, stored safely and securely and won’t be disclosed to any third party unlawfully.
2. Background to the General Data Protection Regulations 2018
The General Data Protection Act 2018 enhances and broadens the scope of the Data Protection Act 1998. Its purpose is to protect the rights and privacy of living individuals and to ensure that personal data is not processed without their knowledge, and, is always processed with their consent.
3. Definitions GDPR 2018
Data relating to a living individual who can be identified from that information or from that data and other information in possession of the data controller. Includes name, address, telephone number, id number. Also includes racial or ethnic origin or religious beliefs. Also includes expression of opinion about the individual, and of the intentions of the data controller in respect of that individual.
RGA is the data controller.
Any living individual who is the subject of personal data held by the Association.
Any operation related to organisation, retrieval, disclosure and deletion of data and includes: Obtaining and recording data Accessing, altering, adding to, merging, deleting data Retrieval, consultation or use of data Disclosure or otherwise making available of data.
Any individual / organisation other than the data subject, the data controller (Association) or its agents. RGA will never send member information to a 3rd party.
Relevant Filing System
MEMSYS is RGA’s bespoke database system. It is a secure system where parents add on their own details and their children’s details. These details are all relevant for the health and safety of the gymnasts.
Parents will have to opt in to the following 3 options:
1- Marketing- including newsletters/ holiday camps/ courses
RGA produces newsletters regularly throughout the year to inform members of anything that has happened within the club and to remind members of term dates and up and coming events. By “opting in” you will continue to receive these newsletters throughout the year. RGA timetables numerous holiday camps, crash courses and extra sessions throughout the year for members and non-members. By “opting in” you will continue to receive information about RGA holiday camps, crash courses and extra sessions whenever they are timetabled
2- Fundraising- including fundraising for the “Raise the Roof” extension
As a charity, RGA relies on fundraising to assist with projects. Fundraising to date has bought equipment for the main centre and satellite centres throughout the Borough, assisted elite gymnasts with International expenses and provided funds for the building extension at the main centre. By “opting in” you will continue to receive information about fundraising activities throughout the year.
3- Events- including Christmas Displays/ Festivals/ Parties and competitions
RGA provides a number of competition and display opportunities for our members throughout the year free of charge. By “opting in” you will continue to receive information about RGA events for your children to participate in throughout the year. This includes the ever-popular Christmas Displays.
RGA member personal data or sensitive data will not be obtained, held, used or disclosed unless the individual has given consent. The Association understands “consent” to mean that the data subject has been fully informed of the intended processing and has signified their agreement, whilst being in a fit state of mind to do so and without pressure being exerted upon them. Consent obtained under duress or on the basis of misleading information will not be a valid basis for processing.
Parents must ensure they enter all relevant details onto their family account. Consent cannot be inferred from non-response to a communication.
In most instances consent to process personal and sensitive data is obtained routinely by the Association (e.g. a parent can access their personal account at any time and update all the information they have given RGA). The Association has implemented a tick box “opt in” system which will be renewed every year when membership fees are due. This document explains what the information is to be used for and that only specific staff members with administrative clearance will have access to these details.
If an individual does not consent to certain types of processing (e.g. direct marketing), the Association will ensure that the processing does not take place.
5. Security of Data
All personal data will be accessible only to those who need to use it.
Staff with administrative access will be able to access the full accounts.
Coaches will only be able to access basic details about the gymnasts that they teach- this includes but is not limited to: date of birth; badge levels; and medical information.
Care will be taken to ensure that PCs and terminals are not visible except to authorised staff and that computer passwords are kept confidential. PC screens will not be left unattended without password protected screen-savers and manual records will not be left where they can be accessed by unauthorised personnel.
Appropriate security measures are in place for the deletion or disposal of personal data. Manual records are shredded and disposed of as “confidential waste”.
This policy also applies to staff that process personal data “off-site”.
6. Rights of Access to Data
Members of the Association have the right to access any personal data which are held by the Association in electronic format and manual records which form part of a relevant filing system.
Any individual who wishes to exercise this right should apply in writing to the Office Manager. The Association reserves the right to charge a fee for data subject access requests. Any such request will normally be complied with within 40 days of receipt of the written request and, where appropriate, the fee.
7. Disclosure of Data
The Association will ensure that personal data is not disclosed to unauthorised third parties which includes family members, friends, government bodies, and in certain circumstances, the Police. Best practice, will be to take the contact details of the person making the enquiry and pass them onto the member of the Association concerned.
This policy determines that personal data may be legitimately disclosed where one of the following conditions applies:
The individual has given their consent (e.g. a parent has consented to the Association corresponding with a named third party);
- Where the disclosure is in the legitimate interests of the Association;
- Where the institution is legally obliged to disclose the data (e.g. HESA and HESES returns, ethnic minority and disability monitoring);
- As an alternative to disclosing personal data, the Association may offer to do one of the following:
- Pass a message to the data subject asking them to contact the enquirer;
- Accept a sealed envelope / incoming email message and attempt to forward it to the data subject.
Please remember to inform the enquirer that such action will be taken conditionally: i.e. “if the person is a member of the Association” to avoid confirming their status of, their presence in or their absence from.
If in doubt, staff should seek advice from the Office Manager.
8. Retention and Disposal of Data
The Association discourages the retention of personal data for longer than they are required. However, once a member has left the Association, it will not be necessary to retain all the information held on them. Some data will be kept for longer periods than others. This includes, but is not limited to: name; date of birth; any details about previous accidents.
Disposal of Records
Personal data will be disposed of in a way that protects the rights and privacy of data subjects (e.g. shredding, disposal as confidential waste, secure electronic deletion).
9. Publication of Association Information
All members of the Association should note that from time to time, the Association publishes a number of items that could include personal data, and will continue to do so. This may be names of individuals who have won a competition or event.
It is recognised that there might be occasions when a member of staff requests that their personal details remain confidential or are restricted to internal access. All individuals should be offered an opportunity to opt-out of any Association publications of the above (and other) data. In such instances, the Association should comply with the request and ensure that appropriate action is taken.