Carryduff Running Club (“CRC”) – Privacy Impact Statement – 03/05/23
CRC is an Athletics NI affiliated club (reference xxxxxxx). CRC is both data controller and data processor under data protection legislation.
What data we will collect
In becoming a member of CRC, we will collect certain information about you which will include your name, date of birth, gender, relevant medical information, any allergies, email address, address and contact number. Following registration with CRC we will also register you with Athletics NI .
How long we will keep your information
We will retain your data for such time as you are registered with CRC and will delete your information when you have informed us that you wish to resign or by the month following the end of year membership subscription (normally April).
You have the following rights under data protection legislation:
1. to access a copy of the information comprised in your personal data.
2. request your information be changed if you believe it is not correct.
3. if you leave CRC, you can exercise your right to be forgotten.
4. to object to processing of your personal data that is likely to cause or is causing damage or distress.
5. to prevent processing for direct marketing.
6. to object to decisions being taken by automated means.
7. in certain circumstances, to have inaccurate personal data rectified, blocked, erased, or destroyed; and
8. to claim compensation for damages caused by a breach of data protection legislation.
Sharing your data
We may share your non personal data on our public social media (Facebook, Twitter, Spond and website). We will not share any other personal data you provide to us that is not Athletics Data. We will not transfer your data to any other third parties. However, it must be noted that v Facebook, Spond and Whatsapp social media accounts are not owned by v as an entity, these sites are owned and managed by club members, however the club committee do also have administration rights to these sites. Members will not be automatically enrolled to any social media site; this will be at the request of each individual member.
If you have any concerns or complaints in relation to how v collects and/or processes your personal data, you should contact CRC Chairperson and Club secretary in the first instance. If you are dissatisfied with how your concern/complaint is dealt with by CRC, you have the right to report your concern/complaint to the Information Commissioners Office (www.ico.org.uk).
As a club, we need to ensure that we can carry on our main activities while ensuring compliance with GDPR. These regulations cover how we are able to communicate with you (email/phone/website and social media), what information we store about you and how and what we use this information for. This governs all aspects of personal data including:
- Information we hold about you what we do with this information
- Registration of our members with Athletics NI
- Registration of athletes for races with the Club
- Website information
- Public social media
- Private (closed group) social media
- Personal communication versus organisational communication
- Photography and video.
Our website is hosted by Ionos, who utilise cloud storage. For the purposes of data protection legislation, CRC is the data controller. Your IP address (the unique identifier that computers and devices use to identify and communicate with each other) will be automatically recognised by the web server.
The only information that is stored is in respect of the club secretary and treasurer (name/email addresses) for invoice purposes. The website administrators have access to the website build using WordPress (restricted information regarding administrators is stored).
CRC is the owner of carryduffrc.com and carryduffrc.co.uk and we are committed to protecting your privacy and processing your personal data in accordance with the Data Protection Act (DPA) 1998 up to 24 May 2018 and the General Data Protection Regulation (GDPR) on and from 25 May 2018 (Data Protection Legislation).
This policy explains how the information we collect about you is used and kept securely as well as your rights to access your information under Data Protection Legislation.
The information we collect about you
As a club member, we hold information relating to your full name, date of birth, gender, relevant medical issues, any allergies, email address, address, telephone number(s).
This information is stored electronically by our membership secretary on a secure password enabled PC.
It is the members obligation to inform CRC of any address change. Any change in information will be shared between the club and membership secretary to ensure up to date records are maintained and are stored electronically as a distribution list on a password enabled PC. The members email addresses are not shared between any other committee members, unless the sender has raised a query for the committee to consider.
To manage the cookies and similar technologies used (tracking pixels, web beacons, etc.) and related consents, we use the consent tool “Real Cookie Banner”. Details on how “Real Cookie Banner” works can be found at https://devowl.io/rcb/data-processing/.
The legal bases for the processing of personal data in this context are Art. 6 (1) lit. c GDPR and Art. 6 (1) lit. f GDPR. Our legitimate interest is the management of the cookies and similar technologies used and the related consents.
The provision of personal data is neither contractually required nor necessary for the conclusion of a contract. You are not obliged to provide the personal data. If you do not provide the personal data, we will not be able to manage your consents.
We will retain your Athletics Data for such time as you are an athlete registered with CRC and will delete your information when you have informed us that you wish to resign or by the month following the end of year membership subscription (normally April), or if you exercise your right to be forgotten.
Registration of athletes for our events (3rd party)
As an individual entering any event needs to be aware that, we will hold information relating to full name, date of birth, gender, email address, address, telephone number(s) for participation in our events. The race secretary may look at the information stored to support administrative processes and eligibility to compete where applicable. The results will also be published. When this data is collected by face-to-face registration or using an online registration/results service a privacy notice will be supplied informing participants that their details will be held and published as detailed below:
“You agree that we may publish your personal information as part of the results of the event and may pass such information to the governing body or any affiliated organisation for the purpose of insurance, licences or for publishing results either for the event alone or combined with or compared to other events. Results may include (but not limited to) name, any club affiliation, race times and age category”
How we use your information
We may use your personal information for several purposes, including:
- To deal with your requests and enquiries.
- To contact you for reasons related to your enquiry.
- To use your IP address to monitor traffic and gather browsing behaviours of visitors to our websites. We will not use your IP address to identify you in any way.
- Providing relevant and necessary information via email, text, post to you about the following:
- Changes to rules and regulations
- Updates to advice and guidance relating to specific roles held within CRC
- New members, transfer of membership, notify you of athletic events and competitions, courses, and any other items that would be of general interest including social events organised by CRC.
We may share your non personal Athletics Data on our public social media (Facebook, Twitter and Website). We will not share any other personal data you provide to us that is not Athletics Data. We will not transfer your data to any other third parties without obtaining your consent.
Members and participants in our races should be aware that their names, photos and video may be used to publicise races and achievements, including publishing race and competition results.
We have adopted the UKA Photographic Policy Guidance for the use of photographs
- Neither data protection nor privacy law prevents the taking of photographs or video in public places (including images of people such as athletes, coaches, officials or members of the public) for private or personal use.
- Where images are taken in public places, unless there is something unusually intrusive in the material, there will be only limited restrictions in how such images may subsequently be used.
- There are also particular protections for children (those under 18) in terms of how their image may be reused and published.
- Communicating information using Social media
- We have a public facing and members only social media account in the form of Facebook, Spond and Twitter. These can be used:
- to publicise events such as competitions, social events, club meetings
- share information about the club
- make a call to action
- give updates on previously shared information
- post pictures (see photographic policy above), videos and other content of interest to members
- potential members say, ‘Well done’, ‘Thank you’, or ‘We need your help!’
As you are all aware, anyone can post in social media, however with the GDPR in mind any personal information cannot have originated from any of the CRC pages ie with the official logo as this would be deemed a breach of data privacy and could potentially be referred to the ICO (The information Commissioners Office).
Person to person posts can be deemed as ‘friend to friend’ posts but consideration must be given to the content that has been written to ensure that cyber bullying behaviour is avoid including, for example :
- You do not post abusive messages on any profile wall
- You do not add rude comments to a picture a person has uploaded
- You do not post a video / picture that makes fun of someone
- You do not encourage others to share abusive, rude or disparaging content
- You do not use critical language or actions, such as sarcasm which could undermine an athlete’s self-esteem.
If you believe that cyber bullying has occurred, the following reporting process should be followed:
- In the first instance, the situation should be reported to one of the club committee officers that an athlete has been (cyber) bullying another athlete. In cases of serious bullying, the incidents will be referred to UKA for advice. If necessary and appropriate, police will be consulted.
- The committee will investigate the allegations to ensure any misunderstanding/lack of awareness is addressed. If accepted as bullying, the committee will also attempt to help the bully change their behaviour. If mediation fails and the bully is seen to continue the club committee will initiate disciplinary action under the club constitution
- If the committee agree bullying has taken place the athlete will be warned and put on notice of further action i.e. temporary or permanent suspension. If the bullying continues, consideration will be given as to whether a reconciliation meeting between parties is appropriate at this time.
- This in no way infringes on your right to involve the police at any time, CRC will work with any organisation that requests information regarding cyber bullying. This will be inline with all current legislation.
Protecting your information
Committee members by agreement share their email address within the confidentiality of the meetings. We regularly carry out surveys using a doodle poll (https://doodle.com/) but the data collected is within a closed group (CRC) and restricted to name only.
Finding out what information CRC has about you
Under the Data Protection Legislation, you can ask to see any personal information that we hold about you. Such requests are called subject access requests. If you would like to make a subject access request, please contact our chairperson at the following address firstname.lastname@example.org.