PRIVACY NOTICE

This is the Privacy Notice for Arun District Indoor Bowling Club Limited (The Club) issued in accordance with the General Data Protection Regulations (GDPR) – please read it carefully.

Introduction

This Privacy Notice is to let you know how we handle your personal data. This includes what you tell us about yourself and your choices about what marketing you want to receive from us. We are committed to respecting your privacy.  This Privacy References to we, our or us in this privacy notice are to the Arun District Indoor Bowling Club Limited  (ADIBC)

We have not appointed a Data Protection Officer to oversee our compliance with data protection laws as we are not required to do so but our Welfare (Safeguarding & Risk Assessment) Officer and Company Secretary has overall responsibility for data protection compliance in our organisation. Contact details are set out in the "Contacting us" section at the end of this privacy notice.

Your personal data is any information relating to you from which you can be identified.

This notice sets out:

Where you provide personal data about another person, this Privacy Notice will also apply to that data so please share it with that person. This Privacy Notice applies to any personal data which you may provide to us in person, over the telephone, by email, on our website and/or by post. This Privacy Notice also applies to any personal data which we may collect from third parties about you and/or which we may collect when you access our website and/or in the course of our relationship.

You can choose not to give personal data. We may need to collect personal data by law, or under the terms of a contract and/or relationship that we have with you. If you choose not to give us this personal data, it may delay or prevent us from meeting our obligations. It may also mean that we cannot perform services so we cancel a product or service you have with us.

Wherever we refer to “processing” of personal data in this Privacy Notice this includes any combination of the following activities: collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

This Privacy Notice only applies to personal data collected by or on behalf of The Club via the The Club’s website or by any other means. The Club’s website may from time to time contain links to and from other websites (advertisers and associated bowling bodies, including but not limited to, World Indoor Bowls Council, the English Indoor Bowling Association, Sussex County Indoor Bowling Association, Sussex Womens Indoor Bowling Association). If you follow a link to any external website or alternatively reach our website from a third party website, please be aware that these websites will have their own privacy policies, separate from ours, and we therefore do not accept any responsibility or liability for these policies. Please check their policies before you submit any personal data to these websites.

Our commitment

We commit to:

Who We Are

Arun District Indoor Bowling Club Limited is the trading name of Arun Bowling Club

You can contact our Data Protection Officer (DPO) at:

The Data Protection Officer,

c/o The Company Secretary,

Arun District Indoor Bowling Club Limited

Nyewood Lane,

Bognor Regis,

West Sussex.

PO21 2TT

or by email to ??????????????????

Legal basis for processing your personal data

We need to have a proper reason under the GDPR whenever we process your personal data ourselves or share it with others outside the Club. These reasons are:

A legitimate interest is when we have a business or bowling reason to process your personal data, but this must not unfairly go against your rights. If we rely on our legitimate interest, we will tell you what that is.

In the section below this one is a list of all the ways that we may process your personal data, and which of the reasons we rely on to do so. This is also where we tell you what our legitimate interests are.

Unless we have your explicit consent to do so, we will not process special categories of personal data revealing any of the following information about you: racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning health, sex life or sexual orientation.

Information we collect and how we collect it

We may collect personal data from you in the following ways:

We may collect your personal data from third parties we work with including:

Our website uses ‘cookies’ - a small file of letters and numbers that are stored on your computer by the websites you visit. We use cookies to improve your user experience by enabling the website to ‘remember’ you, either for the duration of your visit (using a ‘session cookie’) or for repeat visits (using a ‘persistent cookie’), this enables us to show content relevant to you on your next visit. We also use cookies to track usage, analyse trends and gather information on how our website is used which allows us to improve our website. Cookies are not linked to other personally identifiable information. For detailed information about our cookies policy please visit ??????????????????????

The type of information we may ask you to provide about yourself and therefore collect includes, but is not limited to:

  1. personal contact details that allows us to contact you directly such as name, title, email addresses and telephone numbers;
  2. date of birth;
  3. gender;
  4. references and other information included in a CV or cover letter or as part of the application process for membership;
  5. Records of your interactions with us such as telephone conversations, emails and other correspondence and your instructions to us;
  6. use of and movements through our online portal, IP addresses, usernames and other IT system identifying information;
  7. records of your attendance at any events (matches, games, meetings) hosted by ADIBC;
  8. CCTV footage and other information obtained through electronic means such as swipe card and key fob records;
  9. images in video and/or photographic form and voice recordings;
  10. details of next of kin, family members, coaches and emergency contacts;
  11. records and assessment of any player rankings, grading or ratings, competition results, details regarding events/matches/games attended and performance (including that generated through player pathway programme);
  12. any disciplinary and grievance information;
  13. medical flags, allergies, blood type, religious indicators as to medical emergency.
  14. Personal cheques paid to ADIBC for various concerns, competitions, subscriptions, county Annual Patrons subscriptions, match fees, green fees, transportation related costs.

Please note that we may require this information to be able to respond to your enquiry or to provide our services or marketing information to you. You can however at any time tell us to change or remove any personal data or to stop or restrict the processing of your personal data.

How we use your personal data

We may use the personal data collected/provided by you to:

  1. ensure that content from our website is displayed in the most effective way for you and for your computer/device;
  2. respond to your enquiry;
  3. send you information about our services;
  4. notify you about changes to our service;
  5. carry out analysis to make improvements to our website and/or services;
  6. monitor our service to you;
  7. keep our records up to date;
  8. develop and manage bowling services, and what we charge for them;
  9. define types of members for new bowling services;
  10. develop and carry out bowling activities;
  11. study how bowlers use our products and services;
  12. manage how we work with other organisations that provide services to us and our bowlers;
  13. make and manage supplier payments;
  14. collect and recover money that is owed to us;
  15. comply with laws and regulations that apply to us;
  16. detect, investigate, report, and seek to prevent financial crime and fraud;
  17. respond to complaints and seek to resolve them; and to
  18. run our business in an efficient and proper way. This includes managing our financial position, business capability, planning, communications, corporate governance, and audit.

Our legal basis under the GDPR for each of these purposes are as follows:

LEGAL GROUNDS

USE STATED ABOVE

To comply with our legal duty

7,15,16

It is in our legitimate interest or the legitimate interest of a third party except where such interests are overridden by your interests or your fundamental rights or freedoms:               


1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18

We have your consent to it

2,10, 17

Where we have stated above that our grounds are that we have your consent, we will understand your consent to have been given when you expressly accept these terms. You can withhold or withdraw your consent at any time using the contact details for the DPO or the Company Secretary in this notice.

Where we don’t have your express consent we may base our processing of your personal data on any other basis that applies.

If we intend to use your personal data for any purpose not stated above we will first notify you of the intended use and the legal grounds.

Sharing your personal data

We may disclose your personal data to third parties in certain circumstances but we will not sell, rent or trade your personal data.

The personal information we collect is not transferred to or stored in countries outside of the UK.

Where relevant, we may give third party providers who supply services to us, or who process personal data on our behalf, access to your personal data in order to help us to process it for the purposes set out above. When doing so, we will ask them to confirm that their security measures are adequate to protect your personal data.

Within the purposes set out above we may share your personal data with the following third parties:

How we use your information to make automated decisions

We do not use systems to make automated decisions based on personal data we have – or are allowed to collect from others – about you..

Protecting your information

We will seek to keep your personal data secure by taking appropriate technical and organisational measures against unauthorised or unlawful processing and against accidental loss, destruction or damage.

Only authorised personnel and third parties will have access to your personal data.

If logging on to our website it is your responsibility to protect login details. You must treat these as confidential and must not share or disclose your login details to any other party.

We will retain your personal data for no longer than the period of time needed for the purposes that we collected the data and for as long as we have legal grounds to retain it. There is no fixed period after which all record of your personal data will be deleted as this will depend on the circumstances and the purposes of the processing but we will take steps and maintain policies to keep retention under proper review. We will not seek your consent before deleting any personal data.

Changes to this Privacy Notice

Any changes we may make to this Privacy Notice in the future will be posted on this website and, where appropriate, notified to you by email. Please check back frequently to see any updates or changes to this Privacy Notice.

Your right of access to your Personal Data

You have the right to access your personal data including us providing to you, without charge, a copy (which may be in electronic form) of any of your personal data that we are processing or that third parties are processing on our behalf.

We will also provide to you, if you request it, the following information:

Requests for this information or a copy of your personal data should be in writing, enclosing proof of identification such as a copy of your passport, driving licence or other documentation confirming your name and address (for example a utility bill) to be addressed to:

The Data Protection Officer,

c/o The Company Secretary,

Arun District Indoor Bowling Club Limited

Nyewood Lane,

Bognor Regis,

West Sussex.

PO21 2TT

or by email to ??????????????????

Your right to removal or correction of personal data and to restriction of processing

You have the following rights under GDPR:

In each case we will tell you what action we are taking and we will also notify any third party to whom the data has been disclosed. Your request should be made to the address above

Your right to data portability

You have the right to receive from us the personal data that you have given us in a structured, commonly used and machine-readable format (“Right to data portability”) and/or to have the data sent by us directly to another party. Please note that this right only applies in certain circumstances, which is when we held the data on grounds of your consent or to perform a contract with you or for steps preparatory to such a contract and we were processing that data by automated means.

Your request should be made to the address above

Your right to complain to the regulator

Please let us know if you are unhappy with how we have processed your personal data. You can contact us by writing to the Company Secretary at the address given above.

You have the right to lodge a complaint with the Information Commissioner’s Office (ICO) which is the UK supervisory authority for the processing of personal data. Further details are available on the ICO’s website.

Enquiries and to exercise your rights

If you have any questions, or want more details about how we process your personal data or if you wish to exercise any of your rights, you can contact us by writing to the Data Protection Officer at the address given above.

Updated 2 July 2018           of