GDPR (General Data Protection Regulation) places certain obligations on sports clubs who process
individual’s personal data. It regulates how personal information should be used and protects people
from misuse of their personal details. ABBOTS LANGLEY CRICKET CLUB holds or uses
information and therefore, our data protection policy sets out our commitment to protecting
personal data and how we implement that commitment with regards to the collection and use of
personal data.

ABBOTS LANGLEY CRICKET CLUB only collect personal data for “domestic or recreational
reasons”. It is important that ABBOTS LANGLEY CRICKET CLUB still adhere to the principles
of GDPR and understand best practice for managing information.

1. ABBOTS LANGLEY CRICKET CLUB are committed to:
• Ensuring that we comply with GDPR principals best we can, as listed below (section 2)
• Meeting our legal obligations as laid down by GDPR May 2018
• Ensuring that data is collected and used fairly and lawfully
• Processing personal data only in order to meet our operational needs or fulfill legal
requirements
• Taking steps to ensure that personal data is up to date and accurate
• Establishing appropriate retention periods for personal data
• Ensuring that data subjects' rights can be appropriately exercised
• Providing adequate security measures to protect personal data
• Ensuring that a nominated officer is responsible for data protection compliance and provides
a point of contact for all data protection issues - (The Secretary)
• Ensuring that all club officers are made aware of good practice in data protection
• Providing adequate training for all staff responsible for personal data
• Ensuring that everyone handling personal data knows where to find further guidance
• Ensuring that queries about data protection, internal and external to the organisation, are
dealt with effectively and promptly
• Regularly reviewing data protection procedures and guidelines within the club

2. General Data Regulation Principals
1. Personal data shall be processed fairly and lawfully
2. Personal data shall be obtained for one or more specified and lawful purposes, and shall not
be further processed in any manner incompatible with that purpose or those purposes
3. Personal data shall be adequate, relevant and not excessive in relation to the purpose or
purposes for which they are processed
4. Personal data shall be accurate and, where necessary, kept up to date
5. Personal data processed for any purpose or purposes shall not be kept for longer than is
necessary for that purpose or those purposes
6. Personal data shall be processed in accordance with the rights of data subjects under the
GDPR Act May 2018
7. Appropriate technical and organisational measures shall be taken against unauthorised and
unlawful processing of personal data and against accidental loss or destruction of, or damage
to, personal data
8. Personal data shall not be transferred to a country or territory outside the European
Economic Area unless that country or territory ensures an adequate level of protection for
the rights and freedoms of data subjects in relation to the processing of personal data

3. Data Protection Statement and Security
In order to comply with the GDPR Act May 2018 we need to inform you that your personal data
will be securely stored on a ABBOTS LANGLEY CRICKET CLUB database (in association with
Paysubsonline.com) and will only be made available to Committee Members and Cricket Club
Officials where appropriate. You will need to give us your consent to collect and store your personal
data.

If you are a child under the age of 18, your parent/guardian will need to consent to us collecting and
storing your personal data. You will also need to understand why we need to collect and store your
personal data. Consent can be withdrawn at any time, by contacting ABBOTS LANGLEY
CRICKET CLUB’s Secretary.
• All Club Databases and Documents containing personal information will be password
protected.
• Those Officers and Members of the Club responsible for keeping personal data will be duly
trained in appropriate security measures in order to keep the data secure.
• Passwords use by these Officers and Members of the Club responsible for keeping personal
data will be changed on a regular basis.
• Passwords will not be concurrent e.g. 1234, pppp, abcd. Neither will they be transposed
from change to change e.g. subtle21 to subtle22 and back
• Passwords will be at least eight digits long and contain a mixture of letters, numbers and
special characters e.g. ! & *
• All such Club Databases and Documents will be administered by nominated Club Officials.
• All emails sent by ABBOTS LANGLEY CRICKET CLUB Officials will contain the
following ‘disclaimer’ :
“This email and any attachments are confidential and may also be privileged. If you have received it
in error, you are on notice of its status. It is intended solely for the addressee. If you are not the
intended recipient, please notify the sender immediately and delete all copies of the email on your
systems and any attachments. Any unauthorised use is strictly prohibited. You must not otherwise
use, disclose, distribute, copy, print or rely on this email. Any view expressed in this email which
does not relate to the official business of Abbots Langley Cricket Club, is neither given or endorsed
by Abbots Langley Cricket Club. To the fullest extent of the law, Abbots Langley Cricket Club
accepts no liability for unauthorised use of this email.”

• All computers that are utilised by ABBOTS LANGLEY CRICKET CLUB Officials holding
such Club Databases and documents will have recognised Anti Virus software installed.
• All Hard Copies of such Club Databases and Documents will be shredded straight after use

4. Rights of Access
Individuals have a right of access to personal information about them which is held by ABBOTS
LANGLEY CRICKET CLUB. Any individual wishing to access their personal data should put their
request in writing to the Secretary. ABBOTS LANGLEY CRICKET CLUB will endeavour to
respond to any such written request as soon as is reasonably practicable and in any event, within 40
days.
You should be aware that certain data is exempt from the right of access under GDPR; this may
include information which identifies other individuals, information which ABBOTS LANGLEY
CRICKET CLUB reasonably believes is likely to cause damage or distress, or information which is
subject to legal professional privilege.

5. Exemptions
There are situations where access to information may be withheld by ABBOTS LANGLEY
CRICKET CLUB:
a) The GDPR Act contains a number of exemptions when information may be withheld, for
ABBOTS LANGLEY CRICKET CLUB purposes these include:
• Information which might cause serious harm to the physical or mental health of a child or
another individual;
• Cases where the disclosure would reveal a child is at risk of abuse;
b) Unstructured personal information.
ABBOTS LANGLEY CRICKET CLUB will generally not be required to provide access to
information held mutually and in an unstructured way.

6. Monitoring and Review
This policy will be monitored by the Secretary and will be reviewed annually or at any time when
changes to other policies or legislation may affect this current policy.