Hamilton Gymnastics Club
Privacy Policy



Privacy Policy

Hamilton Gymnastics Club is the data controller and is committed to complying with the General Data Protection Policy 2018 and the British Gymnastics Data Protection Policy.

1. Policy Statement

The club is committed to a policy of protecting the rights and privacy of individuals in accordance with the new General Data Protection Regulations (GDPR 2018). The club needs to process certain information about its members and other individuals it has dealings with for administrative purposes. To comply with the law, information about individuals will be collected and used fairly, stored safely and securely and won’t be disclosed to any third party unlawfully.

2. Background to the General Data Protection Regulations 2018

The General Data Protection Act 2018 enhances and broadens the scope of the Data Protection Act 1998. Its purpose is to protect the rights and privacy of living individuals and to ensure that personal data is not processed without their knowledge, and, is always processed with their consent.

3. Definitions GDPR 2018

Personal Data
Data relating to a living individual who can be identified from that information or from that data and other information in possession of the data controller. Includes name, address, telephone number, id number. Also includes racial or ethnic origin or religious beliefs. Also includes expression of opinion about the individual, and of the intentions of the data controller in respect of that individual.

Data Controller
HGC is the data controller.

Data Subject
Any living individual who is the subject of personal data held by the club.

Processing
Any operation related to organisation, retrieval, disclosure and deletion of data and includes: Obtaining and recording data Accessing, altering, adding to, merging, deleting data Retrieval, consultation or use of data Disclosure or otherwise making available of data.

Third Party
Any individual / organisation other than the data subject, the data controller (HGC) or its agents. HGC will never send member information to a 3rd party.

Relevant Filing System
Clubright is HGC’s database system. It is a secure system where parents add on their own details and their children’s details. These details are all relevant for the health and safety of the gymnasts.

 4. Consent

HGC member personal data or sensitive data will not be obtained, held, used or disclosed unless the individual has given consent. The club understands “consent” to mean that the data subject has been fully informed of the intended processing and has signified their agreement, whilst being in a fit state of mind to do so and without pressure being exerted upon them. Consent obtained under duress or on the basis of misleading information will not be a valid basis for processing.

Parents must ensure they enter all relevant details onto their family account. Consent cannot be inferred from non-response to a communication.

In most instances consent to process personal and sensitive data is obtained routinely by the Club (e.g. a parent can access their personal account at any time and update all the information they have given HGC).

If any member of the Association is in any doubt about these matters, they should consult the Privacy Policy and contact the Association.

5. Security of Data

All personal data will be accessible only to those who need to use it.
Staff with administrative access will be able to access the full accounts.
Coaches will only be able to access basic details about the gymnasts that they teach- this includes but is not limited to: date of birth; badge levels; and medical information.

Care will be taken to ensure that PCs and terminals are not visible except to authorised staff and that computer passwords are kept confidential. PC screens will not be left unattended without password protected screensavers and manual records will not be left where they can be accessed by unauthorised personnel.

Appropriate security measures are in place for the deletion or disposal of personal data. Manual records are shredded and disposed of as “confidential waste”.
This policy also applies to staff that process personal data “off-site”.

6. Rights of Access to Data

Members of the club have the right to access any personal data which are held by the club in electronic format and manual records which form part of a relevant filing system.
Any individual who wishes to exercise this right should apply in writing to the Office Manager. The club reserves the right to charge a fee for data subject access requests. Any such request will normally be complied with within 40 days of receipt of the written request and, where appropriate, the fee.

7. Disclosure of Data

The club will ensure that personal data is not disclosed to unauthorised third parties which includes family members, friends, government bodies, and in certain circumstances, the Police. Best practice will be to take the contact details of the person making the enquiry and pass them onto the member of the club concerned.

This policy determines that personal data may be legitimately disclosed where one of the following conditions applies:

The individual has given their consent (e.g. a parent has consented to the club corresponding with a named third party);

  1. Where the disclosure is in the legitimate interests of the club.
  2. Where the institution is legally obliged to disclose the data (e.g. HESA and HESES returns, ethnic minority and disability monitoring).
  3. As an alternative to disclosing personal data, the club may offer to do one of the following:

·         Pass a message to the data subject asking them to contact the enquirer.

·         Accept a sealed envelope / incoming email message and attempt to forward it to the data subject.

Please remember to inform the enquirer that such action will be taken conditionally: i.e. “if the person is a member of the club” to avoid confirming their status of their presence in or their absence from.

If in doubt, staff should seek advice from the Office Manager.

8. Retention and Disposal of Data

The club discourages the retention of personal data for longer than they are required. However, once a participant leaves the club, it will not be necessary to retain all the information held on them. Some data will be kept for longer periods than others. This includes but is not limited to: name; date of birth; any details about previous accidents.

Disposal of Records

Personal data will be disposed of in a way that protects the rights and privacy of data subjects (e.g. shredding, disposal as confidential waste, secure electronic deletion).

9. Publication of Association Information

All members/participants of the club should note that from time to time, the club publishes a number of items that could include personal data/photos and will continue to do so. This may be names of individuals who have won or taken part in a competition or event.

It is recognised that there might be occasions when a member of staff requests that their personal details remain confidential or are restricted to internal access. All individuals should be offered an opportunity to opt-out of any Association publications of the above (and other) data. In such instances, the Association should comply with the request and ensure that appropriate action is taken.

This Privacy Policy was published on 5 of August 2018 and may be updated.