The purpose of this statement is to tell members how their personal data is obtained, used, stored, and deleted.
POTOC Data Protection Policy
Last updated 25 May 2018
Potteries Orienteering Club (POTOC) needs to hold and use information about its members. Some of this information is “personal data” as this term is defined in the Data Protection Act 1998 (the “DPA”). Accordingly, we are obliged to comply with the requirements of the DPA, and from 23 May 2018 also the GDPR. This policy is to provide you with information regarding those requirements and your responsibilities and rights under the DPA and GDPR.
POTOC holds, uses and otherwise processes information about individuals who may not be club members, who participate in our events and activities. All club members should bear in mind that, where this information constitutes personal data that relates to a living individual, the club is obliged to comply with the requirements of the DPA and GDPR.
POTOC is required to ensure that personal data it holds is:
- processed fairly and lawfully;
- processed only for specific purposes;
- adequate, relevant and not excessive;
- accurate and kept up to date;
- kept for no longer than is necessary;
- kept in accordance with your rights; and
- kept securely.
In essence, this means that we aim to tell members and other individuals whose personal information we hold, what information we hold, why and for what purpose we hold it, from whom we have obtained it and to whom we will disclose it. We also aim to ensure that the personal data we hold is up to date and held securely.
The club and its officials may hold some or all of the following data about some or all members and others who compete in orienteering events:
· postal and email addresses
· phone numbers
· year of birth and or competition age class
· orienteering competition results,
· offices held, and details of officiating at events and activities
· relevant skills and qualifications, including relevant courses attended
Contact data may be held for landowners and other organisations with whom we co-operate, their employees, agents and tenants. The data may be held in electronic or paper form.
The data may be obtained directly from an individual person or a family member or indirectly from the British Orienteering Federation, clubs or other organisations.
The data is used in organising the sport of orienteering and for social purposes, including, but not limited to, distribution of magazines and other literature, publication of competition entries and results, coaching, team selection, training and appointment of officials.
Data may be distributed in paper or electronic form between members, competitors, event officials and orienteering organisations.
Publication of personal data in paper form may occur in membership and contact lists, magazines, competition information and results and other literature. Publication on publicly accessible web sites may include name, age class and club in competition results; names with offices and photographs may be published, but addresses, contact numbers and personal background details will be published only with the explicit consent of the person.
The data will not be available for commercial purposes.
Personal Information of event participants
POTOC process entrant information on the basis of legitimate interest to produce competition results and to provide information to British Orienteering and meet insurance requirements.
Entry slips (paper) from events are retained as stipulated by British Orienteering’s event insurance. After the expiry of this period the slips are destroyed. Electronic copies of event entry information (for example downloaded from on line entry systems) may be retained in relation to insurance requirements on retaining details of participants for a minimum period, but these files are not accessible from the website, nor are they otherwise shared or published.
Personal information provided to an entry service provider such as Fabian4 or SportIdent will be accessible to the event entries secretary and event organiser in electronic form. This may be used by the event organiser to contact individuals before or after the event with information relevant to the event, and will be used to organise the event (assign start times, assign individuals to courses, prepare results etc) but will not be used by the club for any purposes not relating to the event and will not be passed to other third parties. The on-line entries service providers will have their own policies to comply with GDPR.
In order to comply with insurance requirements, the club will retain a copy of the downloaded entry details for 5 years after the date of the event, and delete the data after this time.
Published results from events may remain accessible indefinitely.
Personal Information of club members
Personal information on club members is primarily held by the membership secretary, on a computer that is not connected to the internet. One version of the Membership list is circulated annually, as a printed paper document, to all club members. The personal information in this list will be limited to:
· Names and contact emails for club officials
· The name of the individual member (or, in the case of a family of group, the name(s) of the principal member or members)
· Their approximate location (town, first part of postcode)
· Contact email address (unless the individual has asked for this not to be shown)
The club committee, and organisers of events, will have access to more complete membership information for the purposes of event organisation and club administration. This is transmitted as a printed paper document.
Personal information on members who have not renewed their membership is retained by the membership secretary (but not published in membership lists) for a period of one year after the date at which their membership lapses.
Sensitive Personal Information
In training and coaching sessions, the club may request individuals to disclose relevant medical conditions (or in the case of juniors, require their parents to disclose such details on their behalf) in order that the coach is able to respond appropriately in the event of an accident or medical emergency. These details are collected on paper only and are kept confidential, and are only kept for the activity for which they were provided.
At events organised by the club, the organising team will accept sealed envelopes containing confidential medical information, to be opened only in the event of a medical emergency concerning that individual. The organising team will provide form and envelopes so that participants can provide such information, but this is given voluntarily. The participant may reclaim their envelope when they have completed the event. Any completed forms or envelopes remaining at the end of the event will be destroyed unopened by the organiser.
At events where bibs are used, the organiser may recommend that relevant medical information is recorded on the reverse of the bib by its wearer, but this is done voluntarily. In this case the individual retains the bib and the information is not considered to be in the care of the club.
Member’s Obligations relating to Personal Data:
In agreeing to your terms and conditions of membership with POTOC, you have consented to POTOC holding, using and otherwise processing personal data and sensitive personal data relating to you for all purposes reasonably arising out of your membership of POTOC, including the purposes specified above.
Personal data relating to you will be held by POTOC both manually and on a computer. Such data shall only be kept for as long as we deem necessary, in accordance with the policy above. Other members of the club may have access to your personal data as may be required to fulfil the purposes specified above.
We are required to ensure that all personal data which we hold is accurate and kept up to date. In order to enable us to comply with this obligation, you are requested to promptly notify POTOC of any changes to your personal details including any changes to your name, address, and contact details.
Obligations relating to the Personal Data of Others
In the course of your duties as an official of the club or as a helper at an event, you may be required to process personal data which relates to other individuals. You are required to comply with the data protection principles set out above and with any specific instructions given to you regarding such personal data.
In particular, you must not, save in the proper performance of your duties during your membership, make use of, divulge or communicate to any person (including any person working for or with POTOC) or any organisation, company and/or firm, any personal data relating to any third parties.
You should be aware that in certain circumstances by making an unauthorised disclosure of personal data you will be committing a criminal offence.
On certain grounds, individuals whose personal information is held by the club are entitled to prevent POTOC from processing information or require that processing is stopped if the processing or the purpose for which the data is processed is causing or is likely to cause substantial damage or distress to the individual, or another, and that damage or stress is, or would be, unwarranted.
If you consider that the processing of your data will cause damage or distress, you should notify the club membership secretary. POTOC will respond to you within 21 days confirming that the data will not be processed, or providing reasons why preventing the processing of personal data would be unjustified.
You are entitled to make a subject access request and (subject to certain legal exemptions) to receive copies of your personal data which we hold.
If you wish to exercise this right, you must make a request in writing to the club membership secretary.
If, on investigation, it is found that personal data is inaccurate, you are entitled to have the inaccurate data removed or corrected. You will receive written confirmation that this has been done where appropriate.
If you would like more information about this policy please contact the club chairperson.
Revision of Policy
POTOC reserves the right to amend and/or withdraw this policy from time to time for any reason, including without limitation, to take account of changes in the law, best practice and/or operational requirements.