The Victoria Bowling club is very aware of its responsibilities for the protection of personal data that it holds for both members and employees.
Data Held
Only such data as is necessary for the running of the club, or as required by statute will be held.
For members, data will be obtained and used with specific permission from each member or for personal safety. Such data will be restricted to:
- Name
- Address
- Email address
- Home telephone and/or mobile numbers
- Status indication
- Date of joining
- Year of birth
- Emergency contact and telephone number
- Financial data for accounting purposes, which includes bank account numbers and name, sort code, and bank address where used for direct payment
Items 1 to 4 will be used for recording club membership and for communication purposes. Items 5 to denote full playing, non-playing and/or honorary members. Item 6 and 7 will be for demographic analysis of club membership and forward planning. Item 8 will be for emergency use due to illness etc. Item 9 will be for control of the club finances.
Data held for employees may be by specific permission, or in accordance with employment law. The Club shall obtain written evidence from outside agents that process the employee payroll that they fully conform to the GDPR.
Collection of data
Personal data retained for use by the club will be obtained from information submitted by members, prospective members and employees either on a membership application or renewal form or any other official club form, which will include their consent to use such data. Data will be destroyed either when it is no longer needed by the club or twelve months after the end of the year in which the subject ceases to be a member or employee, whichever comes first, unless required to meet statutory obligations. The reasons for collecting the data and how long it will be retained will be stated on the form. In the case of an unsuccessful application to join the club personal data will be destroyed as soon as membership is refused, and the applicant notified. If a member or staff member requests removal of their personal data from club records they should do so kin writing to the General Secretary and this will be done within 28 days of the receipt of such a request, except that data which is included in a club membership booklet or for statutory reasons. Members have a right to complain to the ICO if they believe there is a problem with the club’s handling of personal data.
Storage of data
Personal data will be stored securely both electronically or in ledgers. Telephone numbers will also be stored on the club telephone, which will be securely stored when an officer of the club is not present. Paper storage will, wherever possible, be stored in locked receptacles. The General Secretary and Membership Secretary will hold and be responsible for all data for members of the club except for financial data. Such data as is necessary for the performance of their duties will be held by the President and Deputy President, the Chairs of the Social Committee and Competitions and Handicaps Committee. The Treasurer and shadow Treasurer will hold, and be responsible for, financial and associated data. Members of the general committee will have access to data items 1 to 4 above, as required for their duties, and so will other members of the club with legitimate need.
Communication of data
Personal data must be protected in all forms of communication. Email will be used to communicate with members whenever possible and as such will be addressed bcc or be through the club group email. Listings of personal data will not be transmitted to members except by hand or by post, and this will include membership lists. Membership lists will include a prominent warning to members that they should take steps to ensure the security of the information included in the list. The data to be included in a membership list for each member, where there is consent, is:
- Name and address
- Email address
- Telephone numbers
- Status (either playing of non-playing).
Members of the general committee who have a requirement to share members personal data must do so using encrypted documents, that may be transmitted attached to emails, but not in open emails. When required information about members details needed by other members, e.g. changes to the membership list, will be listed in the protected area of the Club website.
Data breaches
Officers and members need to be aware of potential data breaches and act to protect personal data that they hold. Any suspected data breach shall be reported immediately to the General Secretary so that appropriate action, including reporting to the ICO if deemed necessary, shall be taken.