Swindon Lightning Cheerleading Club (SLCC)
General Data Protection Regulation Policy
SLCC aims to ensure that all personal data collected about staff, athletes, parents, visitors and other individuals is stored and processed in accordance with the General Data Protection Regulation (GDPR) and the expected provisions of the Data Protection Act 2018 (DPA 2018) as set out in the Data Protection Bill.
This policy applies to all personal data, regardless of whether it is in paper or electronic format.
We believe that protecting the privacy or our staff and athletes – regarding their safety though data management, control and evaluation – is vital to both the club and individual progress. This club collects and processes personal data from athlete, parents and staff in order to support coaching and learning effectively whilst upholding the safeguarding and safety priorities of the club. It also helps us to monitor and report on both individual athlete and team progress.
We take responsibility for ensuring that any data we collect and process is used correctly and only as is necessary; the club will keep parents/athletes fully informed of how the data is collected. What is collected, and how it is used. Competition results, attendance and registration records and any relevant medical information are examples of the type of data that the club needs.
For purposes of this Agreement, “Service” refers to the Club’s service which can be accessed via our website at www.swindonlightningcheerleading.com. The terms “we,” “us,” and “our” refer to the Club. “You” refers to you, as a user of Service.
Our club processes personal data relating to parents, athletes, staff, visitors and others, and therefore is a data controller.
ROLES AND RESPONSIBILITIES
This policy applies to all staff employed by our club, volunteers and to external organisations or individuals working on our behalf. Staff who do not comply with this policy may face disciplinary action.
DATA PROTECTION OFFICER
SLCC does not have a data protection officer as does not meet the necessary requirements.
INFORMATION WE COLLECT
We may collect both “Non-Personal Information” and “Personal Information” about you. “Non-Personal Information” includes information that cannot be used to personally identify you, such as anonymous usage data, general demographic information we may collect, referring/exit pages and URLs, platform types, preferences you submit and preferences that are generated based on the data you submit and number of clicks. “Personal Information” includes information that can be used to personally identify you, such as your name, address and email address.
In addition, we may also track information provided to us by your browser or by our mobile application when you view or use the Service, such as the website you came from (known as the “referring URL”), the type of browser you use, the device from which you connected to the Service, the time and date of access, and other information that does not personally identify you. We use this information for, among other things, the operation of the Service, to maintain the quality of the Service, to provide general statistics regarding use of the Service and for other business purposes. We track this information using cookies, or small text files which include an anonymous unique identifier. Cookies are sent to a user’s browser from our servers and are stored on the user’s computer hard drive. Sending a cookie to a user’s browser enables us to collect Non-Personal Information about that user and keep a record of the user’s preferences when utilizing our services, both on an individual and aggregate basis. The Club may use both persistent and session cookies; persistent cookies remain on your computer after you close your session and until you delete them, while session cookies expire when you close your browser. Persistent cookies can be removed by following your Internet browser help file directions. If you choose to disable cookies, some areas of the Service may not work properly.
HOW WE USE AND SHARE INFORMATION
In general, we do not sell, trade, rent or otherwise share your Personal Information with third parties without your consent. We may share your Personal Information with vendors and other third-party providers who are performing services for the Club. In general, the vendors and third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide for the Club. For example, when you provide us with personal information to complete a transaction, verify your credit card, pay club fees, place an order, arrange for a delivery, or return a purchase, you consent to our collecting and using such personal information for that specific purpose, including by transmitting such information to our vendors (and their service providers) performing these services for the Club.
However, certain third-party service providers, such as payment processors, have their own privacy policies in respect of the information that we are required to provide to them in order to use their services. For these third-party service providers, we recommend that you read their privacy policies so that you can understand the manner in which your Personal Information will be handled by such providers.
HOW WE PROTECT INFORMATION
We implement reasonable precautions and follow industry best practices in order to protect your Personal Information and ensure that such Personal Information is not accessed, disclosed, altered or destroyed. However, these measures do not guarantee that your information will not be accessed, disclosed, altered or destroyed by breach of such precautions. By using our Service, you acknowledge that you understand and agree to assume these risks.
YOUR RIGHTS REGARDING THE USE OF YOUR PERSONAL INFORMATION
CHILDREN AND SUBJECT ACCESS REQUESTS
Personal data about a child belongs to that child, and not the child’s parents or carers. For a parent or carer to make a subject access request with respect to their child, the child must either be unable to understand their rights and the implications of a subject access request, or have given their consent.
Children below the age of 12 are generally not regarded to be mature enough to understand their rights and the implications of a subject access request. Therefore, most subject access requests from parents or carers of pupils at our club may be granted without the express permission of the pupil. This is not a rule and a pupil’s ability to understand their rights will always be judged on a case- by-case basis.
When responding to requests, we:
- May ask the individual to provide 2 forms or identification
- May contact the individual via phone to confirm the request was made
- Will respond without delay and within 1 month or receipt of the request
- Will provide the information free of charge
- May tell the individual we will comply within 3 months or receipt of the request, where a request is complex or numerous., We will inform the individual of this within 1 month, and explain why the extension is necessary.
We will not disclose information if it:
- Might cause serious harm to the physical or mental health of the athlete or another individual.
- Would reveal that the athlete is at risk of abuse, where the disclosure of that information would not be in the child’s best interest.
- Is contained in adoption or parental order records.
- Is given to a court in proceedings concerning a child.
If the request is unfounded or excessive, we may refuse to act on it, or charge a reasonable fee which takes into account administrative costs.
A request will be deemed to be unfounded or excessive if it is repetitive, or asks for further copies of the same information.
When we refuse a request, we will tell the individual why, and tell them they have the right to complain to the Information Commissioner’s Office (ICO).
OTHER DATA PROTECTION RIGHTS OF THE INDIVIDUAL
In addition to the right to make a subject access request, individuals also have the right to:
- Withdraw their consent and any time.
- Ask SLCC to rectify, erase or restrict processing of their personal data, or object to the processing of it (in certain circumstances).
- Prevent use of their personal data for direct marketing.
- Challenge processing which has been justified on the basis of public interest.
- Request a copy of agreements under which their personal data is transferred outside of the European Economic Area.
- Object to the decisions based solely on automated decision making or profiling, (decisions taken with no human involvement, that might negatively affect them).
- Prevent processing that is likely to cause damage or distress.
- Be notified of a data breach in certain circumstances.
- Make a complaint to the ICO.
- Ask for their personal data to be transferred to a third party in a structured, commonly used and machine-readable format (in certain circumstances).
PHOTOGRAPHS AND VIDEO
As part of our club activities, we may take photographs and record images of individuals within our club. We will obtain written consent from parents/carers for photographs and videos to be taken of their child for communication, marketing (including via SLCC social media channels) and promotional materials.
Consent on our public pages can be refused or withdrawn at any time.
DATA SECURITY AND STORAGE OF RECORDS
We will protect personal data and keep it safe from unauthorised or unlawful access, alteration, processing or disclosure and against accidental or unlawful loss, destruction or damage. In particular:
- Paper-based records and portable electronic devices such as laptops, mobile phones and hard drives that contain personal data are kept in a locked facility.
- The athlete database and other personal data are stored on files which hare password protected.
- Staff who store personal information on their personal devices are expected to follow the same security procedures as above.
- Where we need to shared personal data with a third party, we carry out due diligence and take reasonable steps to ensure it is stored adequately protected.
DISPOSAL OF RECORDS
Personal data that is no longer needed will be disposed of securely. Personal data that has become inaccurate or out of date will also be disposed of securely, where we cannot or do not need to rectify or update it. For example, we will shred or incinerate paper-based records and overwrite or delete electronic files.
PERSONAL DATA BREACHES
The club will make all reasonable endeavours to ensure that there are no personal data breaches. In the unlikely event of a suspected data breach, SLCC will report the data breach to the ICO within 72 hours. Such breaches in a club context may include but are not limited to:
- Safeguarding information being made available to an unauthorised person.
- The theft of a laptop containing non-encrypted personal data about athletes.
LINKS TO OTHER WEBSITES
EMAIL COMMUNICATIONS & OPTING OUT
We will send you service-related announcements on occasions when it is necessary to do so. For instance, if our website service is temporarily suspended for maintenance, or a new enhancement is released, which will affect the way you use our service, we might send you an email. Generally, you may not opt-out of these communications, which are not promotional in nature. Based upon the Personal Information that you provide us, we may communicate with you in response to your inquiries to provide the services you request and to manage your account. We will communicate with you by email or telephone, in accordance with your wishes. We may also use your Personal Information to send you updates and other promotional communications. If you no longer wish to receive those email updates, you may opt-out of receiving them by following the instructions included in each update or communication.
CONTACT US & WITHDRAWING CONSENT