Redheath Archers Data Protection Policy Doc ID: RA-DPP-01 Version 1.0
On 25th May 2018 the new European General Data Protection
Regulation (GDPR) comes into force, governing the data privacy for all EU
citizens. GDPR applies to all organisations that process personal data,
including clubs such as Redheath Archers. The
regulation is mandated and non compliance can result in heavy fines.
As a result, under this EU GDPR, every club member must be
informed of the data that the club holds about them (personal data) and give
permission for it to be used. Members also have the right to ask to see what
data the club holds about them at any time.
The following therefore represents RedheathArchers club policy with respect to personal data and
the impact of GDPR.
Our Data Protection Policy
The Data We Collect.
In order to carry out the activities of Redheath
Archers ('the club') it is necessary to collect a small set of personal information
about each club member. This personal information comprises of:
• Title, First and Last names
• Contact email address
• Contact telephone number(s)
• Physical address and postcode
• Date of Birth
• Parent/Guardian contact details (for Juniors)
• Important medical information provided to support
healthcare/first aid needs.
Such details are collected via one or more of the following
• Via direct email to the club contact email address.
• Via telephone enquiry
• Directly, in-person
The data collected shall be retained on paper membership
forms or electronically on computer files.
It is the policy of the club that only the minimum amount
of personal data needed shall be collected and stored. The data required is such that it is possible
to facilitate individuals membership of the club and
of Archery-GB plus enable club members to participate in club related events
such as competitions.
Personal Data (Special Category)
Where a member expressly requests that the club retain
additional important information (eg about important medical
conditions) then the club may also securely hold these details. Where this is
the case then it is the members responsibility to
ensure that their details as held by the club are kept up to date if as changes
to information occur.
The club shall be clear with all members about the personal
data it collects and for what purpose. This shall be achieved via this policy
document and other statements on membership forms. It is mandatory that every
club member understands how their personal data is to be used and explicitly
agrees to this. The default position in all cases is that agreement is not assumed.
In particular, these requirements shall be enforced at the
time new members join the club and regularly thereafter at annual renewal, when
each member shall be required to review and approve/sign to say that they
accept the club policy before their annual renewal will be processed.
The club shall at all times hold this data securely whether
it be in the form of electronic data or in physical
form such as paperwork.
Equipment used to access digital data is protected from
malicious attacks via security software and personal data protected via the use
of encryption methods. Data protection mechanisms are subject to annual reviews
and update at least every 6 months. Additionally, for coaching activities the
club coach may at times and with members permission,
create training and coaching material in the form of photos and video files.
These shall also be categorised as personal data and be held securely.
The club is committed to transparency in its approach to
the management of member details and as a result will always be open with
members about what data is held and how it is used.
Members’ Access to Data
Each club member shall have the right to review the personal
data that the club holds on them and request changes to or deletion of, all the
data that the club holds.
All such requests shall be serviced within a period of 30
Third Party Access to Data
The club takes data privacy seriously and shall not share
the personal details of any member with any third parties without the member's
prior and express consent (via email or in writing).
Permission to share data with Archery GB shall normally be
required and will be part of normal new member and renewal approvals.
Personal data held by the club may be shared with law
enforcement agencies (e.g. police) if emended and subject to necessary
• Club members shall not be given access to the personal
data held by the club of other club members without prior written or emailed
consent from the member who's details are to be
• The club shall never hold on file, any member's bank
Personal Data Management Procedures
The club shall manage all personal data related activities
via steps detailed in the club's personal data management procedures document
[RA-DMP-01]. This document outlines key activities relating to the management
of personal data and the events that trigger them. The personal data management
procedures document shall be shared with any club member upon request. Such
requests shall be serviced within a period of 30 calendar days.