BBL PRIVACY POLICY
Barnes Bridge Ladies Rowing Club needs to gather and use certain information about individual people. These can include members, coaches, volunteers, suppliers and other people with whom the organisation has a relationship or whom the club may need to contact from time to time.
This policy describes how this personal data must be collected, handled and stored to meet the data protection standards and to comply with the law.
WHY DOES THIS POLICY EXIST?
This policy ensures that Barnes Bridge Ladies Rowing Club:
- Complies with data protection law and follows good practice
- Protects the rights of members, partners, suppliers and other contacts
- Is open about how it stores and processes personal data
- Protects itself from the risks of a data breach.
DATA PROTECTION LAW
The General Data Protection Regulation (GDPR) came into force in the UK on 25th May 2018. The regulation lays out the way in which organisations are to handle personal information. It specifies the rights of the individual and the responsibilities of any organisation that captures, stores and processes data which can be identified as personal – for example names, date of birth, address, performance data.
Barnes Bridge Ladies Rowing Club takes privacy seriously and follows the Data Protection Act when asking for or handling your information including: personal data shall be processed fairly and lawfully; data is processed only for the purpose(s) for which it was collected; data is accurate and kept up to date.
WHAT PERSONAL DATA DO YOU COLLECT?
- We collect and hold contact information such as: name, address, phone number, emailaddress (“Contact data”) for members, coaches, volunteers, alumni, friends of the cluband suppliers as well as competitors who register for Pairs Head or are otherwise hostedat our club
- For active rowers and coaches, we also collect data such as date of birth, emergencycontact details and relevant health/ medical information, relevant qualifications andcredentials (“Rowing Data”)
- For active rowers we collect rowing and training performance related data and results ofclub educational/ safety tests (“Training Data”).
- Coaches or other members may take video footage of training sessions for feedbackpurposes. We also take videos/ photographs of racing and social occasions (“ImageData”)
- Where you will be making regular financial transactions with the club we will ask you tosign up to an independent online payment processing service. We do not collect or holdyour financial data.
WHAT DO YOU DO WITH THE PERSONAL DATA?
Contact data is used
- To communicate with rowers, coaches, volunteers and suppliers about club activities,training, membership and finance matters, safety and compliance
- To communicate with Pairs Head competitors or the representatives of boats hosted by usabout Pairs Head or hosting arrangements
- To communicate with all members, alumni and friends with news of the club and otherinformation which may be of interest, including the organisation of social activities? To initiate and manage payments from you or to you.
Rowing data and Training Data is used
- To manage club rowing activities, including water and land training, competition, safetyand compliance matters
- To ensure compliance with British Rowing regulations and other regulatory requirements? To monitor individual and squad performance
Contact Data and Training Data are stored on encrypted documents on Google Drive. For Rowing Data we may access and occasionally download information from your British Rowing profile on the British Rowing site.
Image Data is usually taken by coaches and other members on personal mobile phones or cameras so you should be aware that not all such data is stored or controlled by us. Video footage of training sessions is used for coaching feedback. We may post some photographs and video footage from races and social occasions on our website or social media feeds, or in newsletters. In signing up to the club you give consent for images of you to be used in this way.
We collect, store and process this data on the basis that we have a legitimate interest in order to manage club activities, ensure legal and regulatory compliance and your health and safety, manage any complaints, and market our club. However at the point of sign up we also seek your specific consent to this policy.
We may share your information with our funders (Civil Service Sports Council – CSSC) or potential funders, such as our bank and with our professional advisors who have a reasonable need to see it.
We may disclose your information to enforcement authorities if asked to do so, or to a third party in the context of actual or threatened legal proceedings or if otherwise required to do so by law.
HOW LONG DO YOU RETAIN THE PERSONAL INFORMATION?
The duration for which we retain your personal information will differ depending on the type of information and the reason why it was collected. In general we will retain your records for 2 years. You may request corrections to or the removal of your data at any time by contacting the Membership Secretary or via the website contact form. However, in some cases personal information may be retained on a long-term basis: for example, information that we need to retain for legal purposes will normally be retained for at least 6 years. Data on the British Rowing site is held and accessed by us in compliance with British Rowing policies.
You may ask us to update contact information or remove you from our contact lists at any time by writing to the Membership Secretary or via our website contact form, or by responding to the options offered on the emails we send you.
RESPONSIBILITIES
Everyone who works for or volunteers with the Barnes Bridge Ladies Rowing Club has some responsibility for ensuring data is collected, stored and handled appropriately and in line with this policy and data protection principles. However, the committee is ultimately responsible for ensuring that the club meets its legal obligations.
Active rowers will have access to other members phone numbers via the groups which are used to coordinate training. If they wish to use individual numbers outside the club groups they should ensure that they have the agreement of the other party, particularly if that person has left the club.
General guidelines
Those working with club data should access and use it only as needed to carry out their club responsibilities; as far as possible the club will restrict access to personal data via systems controls but this may not be feasible for all roles. Data should not be shared informally nor disclosed to unauthorised people. Data should be regularly reviewed and updated. The club will provide training to anyone who wishes to understand their responsibilities when handling data.
Data storage
When data is stored on paper, it should be kept in a secure place (locked drawer or filing cabinet) where unauthorised people cannot see it. Data printouts should be shredded and disposed of securely when no longer required.
When data is stored electronically, it must be protected from unauthorised access, accidental deletion and malicious hacking attempts. Data should be protected by strong passwords, backed up frequently and not saved directly on laptops or other mobile devices like tablets or smartphones.
Data use
When working with personal data, computer screens must always be locked when left unattended. Data which is transferred electronically must be encrypted or password protected, and copies of personal data should not be saved to personal computers.
PAIRS HEAD
We are the organisers of the annual Pairs Head race on the river Thames and collect data from participants for this event. This policy also applies to the data collected for this event.
WHERE CAN I FIND OUT WHAT PERSONAL DATA IS HELD BY BARNES BRIDGE LADIES ROWING CLUB?
If you have any questions about what information the club holds and why, or how it is being kept, please contact the Membership Secretary at Barnes Bridge Ladies Rowing Club or speak to a member of the committee. We will always verify the identity of anyone making a subject access request before handing over any information.
Further information about data protection can be found at the Information Commissioner’s website.
Revised Policy approved on 14th March 2023
Next review March 2024