GXLTC Privacy and Data Protection Policy
PRIVACY & DATA PROTECTION POLICY
Gerrards Cross Lawn Tennis Club
Bull Lane, SCP, SL9
Gerrards Cross Lawn Tennis Club (hereafter “the Club”) endeavours to act in all times in compliance with the requirements of the EU ‘General Data Protection Regulation’ or any other successor regulation, (“GDPR”).
This Privacy & Data Protection Policy governs the way the Club deals with personal information collected from members of the Club in accordance with the GDPR. It applies to information regarding the way it is collected, used, recorded, stored and destroyed, irrespective of whether the information is held in paper or electronic form. This Policy applies to all services offered by the Club.
How the Club collects Personal Data
The Club collects Personal Data if you voluntarily submit such information to the Club. You can always refuse to supply Personal Data, however, it may prevent you from using the full range of services the Club has to offer.
You provide this data by filling out any of the Club Application Forms including, but not limited to, online membership applications, competition, league, coaching, and other event entry forms.
Personal Data can be given by someone else on your behalf (for example a family member).
You may also give Personal Data to the Club when you use other internet applications or software used by the Club such as LTA’s ClubSpark or any other software used by the Club for leagues, court bookings, coaching, membership or other purposes.
Personal data includes (but not limited to):
- full name
- date of birth
- postal address
- email address
- telephone numbers
- medical conditions
- playing experience levels
- consents, including photography and social media consents.
Use of Personal Data
The Club may use your information for the following (but not limited to):
- administering your application to become a member;
- collecting payments from you for subscriptions or other fees;
- processing court bookings via ClubSpark or any other applicable software;
- organising, providing and running sporting events, activities, tournaments, leagues and competitions;
- administrating the Wimbledon ballot;
- collecting statistical information about the membership mix of the Club;
- helping improve our membership services;
- analysing how members are making use of the Club facilities;
- emailing you news and events related to the Club;
- sending you notifications for courses, holiday camps, clinics, etc.;
- sending you occasional surveys relating to the Club;
- reminding you of membership renewals;
- sending you invitations to Annual General Meetings or any other Club meetings;
- notifying you about changes or updates to the Club;
- responding to your requests, enquiries or support needs;
- informing you of team, tournament, or league news & results via various communication means (email, text or selected whatsapp groups);
- publish your phone and email address on secure gated members-only area of the website;
- notifying you of names of committee members, staff employed at the Club, contractors and volunteers (including team captains);
Storage of Personal Data
The Club uses the secure GDPR-compliant MailChimp software and Club Master by Art Software Ltd database software as platform on which we hold our membership database. We might be using ClubSpark and other on-court bookings in the future. ClubSpark is registered as a data controller with the Information Commissioner’s Office (ICO) and is GDPR compliant. Their latest registration certificate is available upon request: firstname.lastname@example.org
Your individual rights
At any time, you may verify and amend what personal data the Club hold about you. You will be able to edit and update your details by amending your profile details at the bottom of the emails that we send you via CRM (MailChimp). You can also contact email@example.com to notify about any changes to your membership record.
Retention of Personal Data
If you leave the club, the Club will retain your membership record and any of your Personal Data from the database only for as long as deemed necessary. You may also contact the Membership Secretary to have your contact details deleted upon request.
Sharing your Personal Data
The Club will not sell, trade, or rent Personal Data to others. It may use the data to generate generic aggregated demographic information and share such information with our business partners, trusted affiliates and advertisers for statistical purposes. The Club may use third party service providers to assist in its administration activities, such as sending out newsletters or surveys. The Club may share your Personal Data with these third parties for those limited purposes.
The Club may run competitions or social events which are open to non-members. We do not collect Personal Data but non-members are expected to sign the visitor/guest book at the Club.
Children between the ages of 0 and 18 years old joining the Club require the membership form to be completed by the parent/guardian who will become the Main Contact. Communications concerning the child/junior will be through the Main Contact or Club’s Welfare Officer.
Any payment transactions will be encrypted. We use some selected third-party software facilities, including GoCardless. Please note that, data storage on the GoCardless system, and the communication between GoCardless and the worldwide banking networks, is regularly audited by the banking authorities to ensure a secure transaction environment. They also ensure that they stay up-to-date with the latest versions of any third-party code used, and continually review their own proprietary code.
Where you have chosen a password which enables you to access your account on Club’s website or ClubSpark, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
Data security breach
In the event that Personal Data is stolen, lost or damaged it is the Club’s responsibility to report any data security breach to either the local police or the ICO (Information Commissioners’ Office) within 72 hours upon discovery.
If a breach of data security happens, including, but not limited to the loss or theft of a tablet or phone containing member data, the Club has a Data Protection Security Checklist in place. Where a breach is likely to result in a high risk to the rights and freedoms of an individual, such as loss of confidentiality, those concerned will be notified directly, including the ICO. In the event of a less serious breach, the member(s) will be informed and the rest of the data secured.
The Club is not required to have a registered data controller with the ICO. It is the Club Hon. Secretary who will act in this role supported by the Chairman and Club’s Administrator.
If you have any questions about this Privacy & Data Protection Policy please contact us via email: firstname.lastname@example.org
This document was last updated on 22 May 2018.