Swindon Lightning Cheerleading Club (SLCC)

General Data Protection Regulation Policy

AIMS

SLCC aims to ensure that all personal data collected about staff, athletes, parents, visitors and other individuals is stored and processed in accordance with the General Data Protection Regulation (GDPR) and the expected provisions of the Data Protection Act 2018 (DPA 2018) as set out in the Data Protection Bill.

This policy applies to all personal data, regardless of whether it is in paper or electronic format.

We believe that protecting the privacy or our staff and athletes – regarding their safety though data management, control and evaluation – is vital to both the club and individual progress. This club collects and processes personal data from athlete, parents and staff in order to support coaching and learning effectively whilst upholding the safeguarding and safety priorities of the club. It also helps us to monitor and report on both individual athlete and team progress.

We take responsibility for ensuring that any data we collect and process is used correctly and only as is necessary; the club will keep parents/athletes fully informed of how the data is collected. What is collected, and how it is used. Competition results, attendance and registration records and any relevant medical information are examples of the type of data that the club needs.

SLCC (the “Club”) is committed to protecting the privacy of its users. This Privacy Policy (“Privacy Policy”) is designed to help you understand what information we gather, how we use it, what we do to protect it, and to assist you in making informed decisions when using our Service.  Unless otherwise indicated below, this Privacy Policy applies to any website that references this Privacy Policy, any Company website, as well as any data the Club may collect across partnered and unaffiliated sites.

For purposes of this Agreement, “Service” refers to the Club’s service which can be accessed via our website at www.swindonlightningcheerleading.com. The terms “we,” “us,” and “our” refer to the Club. “You” refers to you, as a user of Service.

DATA CONTROLLER

Our club processes personal data relating to parents, athletes, staff, visitors and others, and therefore is a data controller.

ROLES AND RESPONSIBILITIES

This policy applies to all staff employed by our club, volunteers and to external organisations or individuals working on our behalf. Staff who do not comply with this policy may face disciplinary action.

DATA PROTECTION OFFICER

SLCC does not have a data protection officer as does not meet the necessary requirements.

CONSENT

By accessing our Service, you accept our Privacy Policy and Terms of Use, and you consent to our collection, storage, use and disclosure of your personal information as described in this Privacy Policy. In addition, by using our Service, or services across partnered and unaffiliated sites, you are accepting the policies and practices described in this Privacy Policy. Each time you visit our website, or use the Service, and any time you voluntarily provide us with information, you agree that you are consenting to our collection, use and disclosure of the information that you provide, and you are consenting to receive emails or otherwise be contacted, as described in this Privacy Policy. Whether or not you register or create any kind of account with us, this Privacy Policy applies to all users of the website and the Service.

INFORMATION WE COLLECT

We may collect both “Non-Personal Information” and “Personal Information” about you. “Non-Personal Information” includes information that cannot be used to personally identify you, such as anonymous usage data, general demographic information we may collect, referring/exit pages and URLs, platform types, preferences you submit and preferences that are generated based on the data you submit and number of clicks. “Personal Information” includes information that can be used to personally identify you, such as your name, address and email address.

In addition, we may also track information provided to us by your browser or by our mobile application when you view or use the Service, such as the website you came from (known as the “referring URL”), the type of browser you use, the device from which you connected to the Service, the time and date of access, and other information that does not personally identify you.  We use this information for, among other things, the operation of the Service, to maintain the quality of the Service, to provide general statistics regarding use of the Service and for other business purposes. We track this information using cookies, or small text files which include an anonymous unique identifier. Cookies are sent to a user’s browser from our servers and are stored on the user’s computer hard drive. Sending a cookie to a user’s browser enables us to collect Non-Personal Information about that user and keep a record of the user’s preferences when utilizing our services, both on an individual and aggregate basis.  The Club may use both persistent and session cookies; persistent cookies remain on your computer after you close your session and until you delete them, while session cookies expire when you close your browser. Persistent cookies can be removed by following your Internet browser help file directions. If you choose to disable cookies, some areas of the Service may not work properly.

HOW WE USE AND SHARE INFORMATION

Personal Information:
In general, we do not sell, trade, rent or otherwise share your Personal Information with third parties without your consent. We may share your Personal Information with vendors and other third-party providers who are performing services for the Club. In general, the vendors and third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide for the Club.  For example, when you provide us with personal information to complete a transaction, verify your credit card, pay club fees, place an order, arrange for a delivery, or return a purchase, you consent to our collecting and using such personal information for that specific purpose, including by transmitting such information to our vendors (and their service providers) performing these services for the Club.

However, certain third-party service providers, such as payment processors, have their own privacy policies in respect of the information that we are required to provide to them in order to use their services.  For these third-party service providers, we recommend that you read their privacy policies so that you can understand the manner in which your Personal Information will be handled by such providers.

In addition, we may disclose your Personal Information if required to do so by law or if you violate our Terms of Use.

Non-Personal Information:

In general, we use Non-Personal Information to help us improve the Service and customize the user experience. We also aggregate Non-Personal Information in order to track trends and analyse use patterns of the Service. This Privacy Policy does not limit in any way our use or disclosure of Non-Personal Information and we reserve the right to use and disclose such Non-Personal Information to our partners, advertisers and other third parties at our sole discretion.

HOW WE PROTECT INFORMATION

We implement reasonable precautions and follow industry best practices in order to protect your Personal Information and ensure that such Personal Information is not accessed, disclosed, altered or destroyed.  However, these measures do not guarantee that your information will not be accessed, disclosed, altered or destroyed by breach of such precautions. By using our Service, you acknowledge that you understand and agree to assume these risks.

YOUR RIGHTS REGARDING THE USE OF YOUR PERSONAL INFORMATION

You have the right at any time to prevent us from contacting you for marketing purposes. When we send a promotional communication, you can opt out of further promotional communications by following the unsubscribe instructions provided in each promotional e-mail.   Please note that notwithstanding the promotional preferences you indicate by either unsubscribing, we may continue to send you administrative emails including, for example, periodic updates to our Privacy Policy.

CHILDREN AND SUBJECT ACCESS REQUESTS

Personal data about a child belongs to that child, and not the child’s parents or carers.   For a parent or carer to make a subject access request with respect to their child, the child must either be unable to understand their rights and the implications of a subject access request, or have given their consent.

Children below the age of 12 are generally not regarded to be mature enough to understand their rights and the implications of a subject access request. Therefore, most subject access requests from parents or carers of pupils at our club may be granted without the express permission of the pupil. This is not a rule and a pupil’s ability to understand their rights will always be judged on a case- by-case basis.

When responding to requests, we:

  • May ask the individual to provide 2 forms or identification
  • May contact the individual via phone to confirm the request was made
  • Will respond without delay and within 1 month or receipt of the request
  • Will provide the information free of charge
  • May tell the individual we will comply within 3 months or receipt of the request, where a request is complex or numerous., We will inform the individual of this within 1 month, and explain why the extension is necessary.

We will not disclose information if it:

  • Might cause serious harm to the physical or mental health of the athlete or another individual.
  • Would reveal that the athlete is at risk of abuse, where the disclosure of that information would not be in the child’s best interest.
  • Is contained in adoption or parental order records.
  • Is given to a court in proceedings concerning a child.

If the request is unfounded or excessive, we may refuse to act on it, or charge a reasonable fee which takes into account administrative costs.

A request will be deemed to be unfounded or excessive if it is repetitive, or asks for further copies of the same information.

When we refuse a request, we will tell the individual why, and tell them they have the right to complain to the Information Commissioner’s Office (ICO).

OTHER DATA PROTECTION RIGHTS OF THE INDIVIDUAL

In addition to the right to make a subject access request, individuals also have the right to:

  • Withdraw their consent and any time.
  • Ask SLCC to rectify, erase or restrict processing of their personal data, or object to the processing of it (in certain circumstances).
  • Prevent use of their personal data for direct marketing.
  • Challenge processing which has been justified on the basis of public interest.
  • Request a copy of agreements under which their personal data is transferred outside of the European Economic Area.
  • Object to the decisions based solely on automated decision making or profiling, (decisions taken with no human involvement, that might negatively affect them).
  • Prevent processing that is likely to cause damage or distress.
  • Be notified of a data breach in certain circumstances.
  • Make a complaint to the ICO.
  • Ask for their personal data to be transferred to a third party in a structured, commonly used and machine-readable format (in certain circumstances).

PHOTOGRAPHS AND VIDEO

As part of our club activities, we may take photographs and record images of individuals within our club. We will obtain written consent from parents/carers for photographs and videos to be taken of their child for communication, marketing (including via SLCC social media channels) and promotional materials.

Consent on our public pages can be refused or withdrawn at any time.

DATA SECURITY AND STORAGE OF RECORDS

We will protect personal data and keep it safe from unauthorised or unlawful access, alteration, processing or disclosure and against accidental or unlawful loss, destruction or damage.  In particular:

  • Paper-based records and portable electronic devices such as laptops, mobile phones and hard drives that contain personal data are kept in a locked facility.
  • The athlete database and other personal data are stored on files which hare password protected.
  • Staff who store personal information on their personal devices are expected to follow the same security procedures as above.
  • Where we need to shared personal data with a third party, we carry out due diligence and take reasonable steps to ensure it is stored adequately protected.

DISPOSAL OF RECORDS

Personal data that is no longer needed will be disposed of securely. Personal data that has become inaccurate or out of date will also be disposed of securely, where we cannot or do not need to rectify or update it.  For example, we will shred or incinerate paper-based records and overwrite or delete electronic files.

PERSONAL DATA BREACHES

The club will make all reasonable endeavours to ensure that there are no personal data breaches. In the unlikely event of a suspected data breach, SLCC will report the data breach to the ICO within 72 hours. Such breaches in a club context may include but are not limited to:

  • Safeguarding information being made available to an unauthorised person.
  • The theft of a laptop containing non-encrypted personal data about athletes.

LINKS TO OTHER WEBSITES

The club’s website may provide links to other websites or applications. However, we are not responsible for the privacy practices employed by those websites or the information or content they contain. This Privacy Policy applies solely to information collected by us through the Service. Therefore, this Privacy Policy does not apply to your use of a third-party website accessed by selecting a link via our Service. To the extent that you access or use the Service through or on another website or application, then the privacy policy of that other website or application will apply to your access or use of that site or application. We encourage our users to read the privacy statements of other websites before proceeding to use them.

EMAIL COMMUNICATIONS & OPTING OUT

We will send you service-related announcements on occasions when it is necessary to do so. For instance, if our website service is temporarily suspended for maintenance, or a new enhancement is released, which will affect the way you use our service, we might send you an email.  Generally, you may not opt-out of these communications, which are not promotional in nature.  Based upon the Personal Information that you provide us, we may communicate with you in response to your inquiries to provide the services you request and to manage your account. We will communicate with you by email or telephone, in accordance with your wishes.  We may also use your Personal Information to send you updates and other promotional communications. If you no longer wish to receive those email updates, you may opt-out of receiving them by following the instructions included in each update or communication.

CHANGES TO OUR PRIVACY POLICY

SLCC reserves the right to change this Privacy Policy and our Terms of Use at any time. If we decide to change this Privacy Policy, we will post these changes on this page so that you are always aware of what information we collect, how we use it, and under what circumstances we disclose it. Any such modifications become effective upon your continued access to and/or use of the Service five (5) days after we first post the changes on the website or otherwise provide you with notice of such modifications. It is your sole responsibility to check this website from time to time to view any such changes to the terms of this Privacy Policy. If you do not agree to any changes, if and when such changes may be made to this Privacy Policy, you must cease access to this website. If you have provided your email address to us, you give us permission to email you for the purpose of notification as described in this Privacy Policy.

CONTACT US & WITHDRAWING CONSENT

If you have any questions regarding this Privacy Policy or the practices of this Site or wish to withdraw your consent for the continued collection, use or disclosure of your Personal Information, please contact us by sending an email to chair@swindonlightning.com

Last Updated: This Privacy Policy was last updated on 29th August 2019.