Surrey Heath Netball Club is committed to ensuring that personal information is held fairly, lawfully and securely in accordance with data protection laws.
This policy covers the different elements of personal information we collect from you, what we do with the information, how long we will hold it, what we won't do with the information, as well as what rights you have.
Introduction to Data Protection
We have an obligation under Regulation (EU) 2016/679 of the European Parliament - the General Data Protection Regulation ('GDPR') to provide you with information about how and why we use your data. We recognise our obligations and your legal rights set out in the GDPR. We are committed to protecting and respecting your privacy by complying with the principles of the GDPR.
Who are 'we'?
In this policy, whenever you see the words 'we', 'us' or 'our', it refers to Surrey Heath Netball Club. We are the Club responsible for delivery of netball activities for our club members. Surrey Heath Netball Club is the controller of all personal data processed by Surrey Heath Netball Club.
Data Protection Officer
Surrey Heath Netball Club does not have a Data Protection Officer. However, for information and queries about data protection compliance please email: email@example.com.
This policy was last updated on: 7th October.
What is personal data?
'Personal data' means any information relating to a living individual ('data subject') who can be identified, directly or indirectly by the information.
The types of personal data we may collect
The data we collect about you will vary, depending on our relationship with you. Below are examples of the sorts of data that we may collect:
How we use your personal information
We collect, store and process personal data for several purposes, mainly: membership of the club members. We will not use any of the information that we collect from you, or about you, for any purpose other than those listed in this document or for purposes that are similar. If we would like to use your personal data in any other way, we will present you with relevant information at the point at which one of these additional purposes arises.
The GDPR provides that legally we might hold and process your information for any of the following four reasons and we have included below a summary of what that means for Surrey Heath Netball Club and how we might use information you provide to us:
Where required to perform a CONTRACT. For example:
Where required to comply with our LEGAL OBLIGATIONS. For example:
Where there is a LEGITIMATE INTEREST. For example:
Retaining your information
If we collect your personal information, the length of time that we retain it is determined by a number of factors, including the purpose for which we use that information and to comply with our other legal obligations (apart from GDPR). We maintain a Retention Schedule, which records approved retention periods, the reasoning for the retention period and end of life treatment.
Children's data are collected and processed in accordance with the information below. Parents and guardians are expected to ensure that the children they are responsible for are aware of how their personal data will be processed by us.
We require parental or guardian consent to process personal data of any child under the age of 14.
Using your information for marketing
We only send marketing information to you if you have explicitly agreed to our doing so or have requested it and we will only do so in the way(s) you have agreed to. You can withdraw consent at any time. See below for more information.
Marketing information covers information about tickets to events, special offers, opportunities, products and services and other commercial information.
In connection with information about tickets, special offers, opportunities, products and services and other commercial information, the categories have been divided into two groups:
If you want to receive information from either of these two groups but haven't yet requested it, you can do so by contacting firstname.lastname@example.org.
If we contact you and you want to change how - or if - you receive our communications, please email@example.com.
Sharing your personal data and data processing
We only share personal data where we are required by law or with our suppliers or sub-contractors who carry out work for us and who you have given us permission to share it with. Other than the circumstances set out above, information about you will not be passed to a third party for any other purposes. All our suppliers and sub-contractors are required by their own data sharing agreements or contracts to treat your data as carefully as we would, to use it only as instructed, and to allow us to check that they do this.
Organisations we share your personal data with
Surrey Heath Netball Club does not perform any profiling that has legal or significant effect nor any automated decision making.
The personal information we collect may be transferred to and stored in countries outside of the UK and the European Union. Some of these jurisdictions require different levels of protection in respect of personal information and, in certain instances, the laws in those countries may be less protective than the jurisdiction you are resident. We will take all reasonable steps to ensure that your personal information is used only in accordance with this privacy notice and applicable data protection laws and is respected and kept secure. Where a third party processes your data on our behalf we will put in place appropriate safeguards as required under data protection laws.
International organisations we work with:
Where we have given you (or where you have chosen) a password, which enables you to access certain parts of our website, or membership portal, it is your responsibility to safeguard your password against the possibility that others may use it to gain unauthorised access. Do not store your password anywhere, in written or electronic form, or give it to someone else. Please let firstname.lastname@example.org know if any record containing your password is lost or stolen or if you think there has been a possibility that your security has been breached.
More on Information Security
Our website may, from time to time, contain links to and from the websites of third parties. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
What we don't do with your information
We never sell or share your information with other organisations to use for their own purposes.
The GDPR grants you certain rights ('information rights') which we summarise below.
Right of access
You have the right to obtain confirmation from Surrey Heath Netball Club as to whether or not personal data concerning you are being processed, and, where that is the case, you have the right to access that personal data.
Right to rectification
You have the right to oblige Surrey Heath Netball Club to rectify inaccurate personal data concerning you. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed by providing a supplementary statement.
Right to erasure (right to be forgotten)
You have the right (under certain circumstances, but not all) to oblige Surrey Heath Netball Club to erase personal data concerning you.
Right to restriction of processing
You have the right (under certain circumstances, but not all) to oblige Surrey Heath Netball Club to restrict processing of your personal data. For example, you may request this if you are contesting the accuracy of personal data held about you.
Right to data portability
You have the right (under certain circumstances, but not all) to oblige Surrey Heath Netball Club to provide you with the personal data about you which you have provided to Surrey Heath Netball Club in a structured, commonly used and machine-readable format.
You also have the right to oblige Surrey Heath Netball Club to transmit the data to another controller.
Right to withdraw consent
If the lawful basis for processing is consent, you have the right to withdraw that consent.
Right to object to direct marketing
Where your personal data are processed for direct marketing purposes, you have the right to object at any time to processing of your personal data for marketing, which includes profiling to the extent that it is related to such direct marketing.
Rights in relation to automated decision making and profiling
Surrey Heath Netball Club does not perform any automated decision-making based on personal data that produces legal effects or similarly significantly affects you.
Your right to lodge a complaint with a supervisory authority
If you wish to exercise any of your rights concerning your personal data, you should contact us at email@example.com or write to us at: 15, Harcourt Road. Camberley. Surrey.
The Surrey Heath Netball Club is not a 'public authority' as defined under the Freedom of Information Act and we will not therefore respond to requests for information made under this Act.
If you are not satisfied with the response you receive, you have the right to lodge a complaint with the supervisory authority. In the United Kingdom this is the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, telephone: 0303 123 1113, email: firstname.lastname@example.org.