Data Protection Policy.docx

London Storm Data Protection Policy

1. Purpose

This policy outlines how London Storm Dodgeball Club collects, stores, and processes personal data to ensure compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Scope

This policy applies to all committee members, volunteers, and other representatives who handle personal data on behalf of London Storm Dodgeball Club. It covers all personal data held by the club, whether in electronic or paper format.

3. Definitions

Personal Data: Any information relating to an identifiable individual.

Processing: Any operation performed on personal data, including collection, storage, use, and sharing.

Data Subject: An individual whose personal data is processed.

4. Data Collection

London Storm Dodgeball Club collects personal data for the following purposes:

Member registration and management.

Communication regarding club activities, events, and updates.

Accident and incident reporting.

Financial management, including fee collection.

5. Lawful Basis for Processing

The club processes personal data under the following lawful bases:

Consent: Data subjects have given clear consent for specific purposes.

Contract: Processing is necessary for a contract with the individual.

Legal Obligation: Compliance with a legal obligation.

Legitimate Interests: Processing is necessary for the legitimate interests of the club.

6. Data Storage

Personal data is stored securely as follows:

Electronic Data: Stored on Google Drive or within the Spond application, both of which are password-protected and accessible only to authorized committee members.

Physical Data: Any paper records are stored securely and accessible only to authorized personnel.

7. Data Retention

Personal data will be retained only as long as necessary to fulfil the purposes for which it was collected or as required by law.

8. Data Sharing

Personal data will only be shared with third parties when necessary, such as:

Affiliations with relevant sports organizations.

Compliance with legal obligations.

No data will be sold or shared for marketing purposes.

9. Data Subject Rights

Individuals have the following rights under the UK GDPR:

Right to Access: Request a copy of their personal data.

Right to Rectification: Request correction of inaccurate or incomplete data.

Right to Erasure: Request deletion of their data under certain circumstances.

Right to Restrict Processing: Request restriction of data processing.

Right to Data Portability: Receive their data in a portable format.

Right to Object: Object to certain types of processing.

Requests should be directed to the club’s Data Protection Officer Jake Wyatt.

10. Data Breaches

In the event of a data breach, the club will:

Notify the affected individuals if the breach poses a high risk to their rights.

Report the breach to the Information Commissioners Office (ICO) within 72 hours, if required.

11. Refusal to disclose personal data

If you do not provide my personal data, then your membership cannot be registered with the club as the club requires details of emergency contacts etc. for safety reasons.

12. Policy Review

This policy will be reviewed annually or when there are changes in relevant legislation.

Policy updated: 16 November 2024

Review Date: 16 November 2025