GDPR

GDPR

GDPR

The General Data Protection Regulation (GDPR) is an important change in government legislation regarding data protection and stands for The General Data Protection Regulation.  It effectively provides an update to the Data Protection Act, bringing in new requirements and increasing the penalties for breaches.  Any organisation that is required by law to comply with GDPR must do so by 25th May 2018 at the latest.  South Bank Taekwondo (SBTKD) collects and stores personal data from consenting members such as name and email address.  This data is managed in accordance with data protection principles:
 
  • we process it securely.
  • it is updated regularly and accurately.
  • it is limited to what the club needs.
  • it is used only for the purpose for which it is collected and
  • used for marketing purposes if the individual has given the club consent to do so.
 Data regarding a member’s result/s from an event such as competition/grading maybe passed to other organisations to publish, the individual entering the event needs to be aware of this.  By consenting to share your personal data with SBTKD on sign up: “You agree that we may publish your Personal Information as part of the results of the event and may pass such information to the governing body (British Taekwondo or any affiliated organisation (Taekwondo Chungdokwan Great Britain) for the purpose of insurance, licences or for publishing results either for the event alone or combined with or compared to other events. Results may include (but not be limited to) name, grade, any club affiliation, occupation and age category. “For the purposes of clarity, in becoming a member of SBTKD, SBTKD will collect certain information about you when you join us which will include your name, date of birth, gender, email address, home address, telephone number, next-of-kin contact phone number and email address.  This information is primarily used in the administration of SBTKD.  In addition to passing data to SBTKD the use of data is likely to include the following activities and more:
 
Training and competition entry
  • Share data with club coaches or officials to administer training sessions.
  • Share data with club team managers to enter events.
  • Share data with facility providers to manage access to the training venue or check delivery standards.
  • Share data with competition providers for entry into events.  
 Funding and reporting purposes
  • Anonymised data shared with a funding partner as condition of grant funding e.g. Local Authority.
  • Anonymised data analysed to monitor club trends.  
 Membership and club management
  • Processing of membership forms and payments.
  • Share data with committee members to provide information about club activities, membership renewals or invitation to social events.
  • Publishing of grading and competition results.
  • Website management.
  • Performance app management. 
 Marketing and communications (where separate consent is provided)
  • Sending information about promotions and offers from sponsors.
  • Sending club newsletter.
  • Sending information about selling club kit, merchandise or fundraising.
 Responding to subject access requests
Subject access requests (requests for copies of personal data from individual club members) currently via email only will be responded to within one calendar month.
 
Data retention
SBTKD do not keep data for longer than is necessary for the purpose for which it was collected. If you are an active member (currently training) we will keep your data safe and secure. If you become inactive (i.e. stop training) we will keep personal data for a maximum of two (2) months unless you email and instruct us to remove you from our records prior to this two month expiry period. This period allows for non-training periods such as holidays and unforeseen circumstances. Your core data will be deleted, you will be removed from our club email list, our WhatsApp group and your training record anonymised after this time. Should you wish to re-join us, standard joining fee and procedure will apply.
 
Breaches
We have 72 hours from being aware of a breach to report it to the ICO. Under the Data Protection Act there are no obligations to report breaches. That being said, personal data is held securely, i.e. that electronic documents are encrypted and password protected and are backed up on a regular basis.
 
Children
There are additional protections for children’s personal data. Our privacy policy is written in plain simple English and where there are any online service/s offered to children consent from the parent or guardian to process the personal data will need to be obtained.
 
Data transfer
One of the principles of the Data Protection Act 1998 (and the GDPR), is that we can only process data for the purpose for which it is collected. This means that when we collect a name and contact details of an individual, so that they can become a member of our club, we can’t simply use that information to allow other bodies (e.g. a club sponsor) to contact you for marketing purposes.
 
Privacy or data capture statements
When individuals provide us with their details, we are clear and transparent about why we have it and what we will do with their information, example: ‘sign you up to our newsletter’ with the capture statement ‘enter your email address’. The right data capture statements presented to individuals ensures what we will do with the information provided to us when they give us their personal details.
 
Does all this only apply to data that is held digitally, e.g. on a computer, or does it cover paper records?
We are constantly reviewing filing systems to limit the amount of paperwork we have to manage. Personal data collected manually i.e. via paper membership form and stored in files as a hard copy is managed in accordance with the data protection regulations. We see the transportation of data in any format (including paper) as a threat to information security. For this reason, South Bank Taekwondo keeps its membership records “in the Cloud” and does not permanently hold any hard copies paper or otherwise. The paper membership form used by you when joining us is shredded after being scanned and uploaded to the cloud.   Primary contact details for members and next-of-kin including name, phone number (landline/mobile) and email are held on the Chief Instructor’s mobile, which is only accessible by fingerprint/facial recognition by said Chief Instructor currently: Richard Lymer (Mobile: +44(0)7908917097).  Data security is key. Passwords are kept safe and files that contain personal data are encrypted. South Bank Taekwondo uses OneDrive, which has built in security measures for the protection of files, whilst in storage or in the process of being shared. For Microsoft’s privacy policy please visit: https://privacy.microsoft.com/en-gb