Old Wimbledonian Warriors RFC Data Protection POLICY based on principles of the Data protection act of 1998


DATA PROTECTION

  Data Protection Policy 

  1. Old Wimbledonian Warriors RFC are committed to ensure our members rights are protected as per the Data Protection Act 1998.
  2. We will protect members’ personal data and only be used as per the below :We commit to the following;
  3. Meet our legal obligations as laid down by the Data Protection Act 1998
  4. Ensure that data is collected and used fairly and lawfully
  5. Process personal data only to meet our operational needs or fulfill legal requirements
  6. Take steps to ensure that personal data is up to date and accurate
  7. Establish appropriate retention periods for personal data
  8. Ensure that data subjects' rights can be appropriately exercised
  9. Provide adequate security measures to protect personal data
  10. Ensure that a nominated officer is responsible for data protection compliance and provides a point of contact for all data protection issues
  11. Ensure that all club officers are made aware of good practice in data protection
  12. Provide adequate training for all staff responsible for personal data
  13. Ensure that everyone handling personal data knows where to find further guidance
  14. Ensure that queries about data protection, internal and external to the organisation, are dealt with effectively and promptly
  15. Regularly review data protection procedures and guidelines within the club
  16. How Old Wimbledonian Warriors will meet those objectives :
  17. All personal data held by the club, be it in paper or electronic form, will only be handled by the relevant person (ie. The age group Manager, Membership secretary, GMS administrators). For Minis and Juniors, this will be subject to continual review.
  18. For Minis and Juniors, vetted volunteers will, in absence of manager or head coach, carry a list of players for safety/medical reasons.
  19. Only age group managers, membership secretaries and GMS admin have access to personal data.
  20. The data held is solely used for the purpose of registering the players with the RFU and ensuring the safety of the players. See website for the Membership form details of what data is required.
  21. The Minis and Juniors Registration form will be shredded at the end of each season, as per RFU’s guidance. When practicable details will be kept on database for a maximum 3 years. Seniors Registration forms will be handled per the RFU guidelines.
  22. No Players personal data to be held on any website, other than contact details of relevant club officials.
  23. Seniors data is available to committee members for use as described in the policy.
  24. Volunteers must be vetted by the Data Protection Officer if their role requires or consequently gives them access to personal data. 
  25. Further information on how to ensure data is handled correctly is available on www.ico.gov.uk
  26. Anyone found infringing those principles will be excluded from the club and the relevant authorities involved, should the need arise.
  27. This policy shall be reviewed every three years or whenever the law changes, whichever is the longest.


DATA PROTECTION PRINCIPLES

Personal data shall be processed fairly and lawfully

  1. Personal data shall be obtained for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that/those purpose(s)
  2. Personal data shall be adequate, relevant and not excessive in relation to the purpose for which they are processed
  3. Personal data shall be accurate and, where necessary, kept up to date
  4. Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose
  5. Personal data shall be processed in accordance with the rights of data subjects under the Data Protection Act 1998
  6. Appropriate technical and organisational measures shall be taken against unauthorised and unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data
  7. Personal data shall not be transferred to a country or territory outside the European Economic Area.


Code of Rugby