Great Yarmouth Swimming Club Privacy Notice
Great Yarmouth Swimming Club, (hereafter referred to as “the club”), as with all organisations, is required to comply with new General Data Protection Regulation (GDPR) which comes in to effect on 25 May 2018.
This notice will explain what data we hold, how we collect, use and share your data, the lawful bases upon which we process your data, protection and retention of your data, third party links and how we may share your data and your rights under the GDPR.
- Personal Data
The GDPR applies to “personal data”. This means any information relating to an identifiable person who can be directly or indirectly identified by reference to an identifier.
We may collect, use, store and transfer some personal data of our swimmers, their parents or guardians and other members.
Data may include: Name, address, date of birth, gender, contact details (telephone and e-mail), membership numbers, medical information and swimming achievements.
We may hold some health or other special category data of some of our swimmers or members for the purpose of their health, wellbeing, welfare and safeguarding. Where we hold this data it will be with the explicit consent of the swimmer or if applicable the swimmer’s parent or guardian.
Where we need to collect personal data to fulfil our responsibilities and a swimmer and/or parent/guardian as applicable, fails to provide that data, we may not be able to administer their participation in swimming.
- How do we collect your personal data?
Swimmers and/or parents/guardians may give us their personal data by a variety of means. The majority will be via our website, swim club systems (Swim Club Manager or SwimBiz), or e-mail, but may also include telephone, text, in person and post. Others such as swimming coaches/teachers, officers and or employees of the club or committee members may also input to the club systems.
- How does the Club use personal data?
We will use your personal information only for the purposes for which it has been provided.
Our lawful basis for processing personal data is that we have a contractual obligation to individuals as participants or members to provide the services of a swimming club.
We need swimmers’, parents’/guardians’ and members’ personal data to manage the club, administer membership and support swimmers’ development.
Please see detailed below of how we plan to use your data and the lawful basis upon which we rely to do so:
|GDPR lawful bases (Article 6)|
|Contractual||Fulfil any contract that we may enter into with you.|
|To send information to you|
|To respond to your enquiry|
|Performance of a contract||To process competition entries. This may include sharing data with other clubs and swimming bodies as competition providers for entry in events.|
|Share data with swimming coaches/teachers, to run educational courses, training sessions or enter events.|
|Legitimate interest||Use data in a way you would reasonably expect and which will has a minimal privacy impact, or where there is a compelling justification for the processing.|
|For research purposes – such as surveys. For example views on the development of the club.|
|If you submit your views to us we may circulate them internally for training and management purposes.|
|Consent||We may publish your views or comments on our website or in other media. We will only do this once permission has been granted.|
|We will only publish your personal data in a public domain, including images and names, if you have given your consent for us to do so. In the case of children, only with written consent of parent/guardian. This includes, for example, reports of competition results including images and names.|
- Direct Marketing
From time to time, we would like to send you marketing material, including social and fundraising information by e-mail, text or post. In addition, we will also send out information on behalf of selected third parties including relevant swimming organisations at a national, regional and local level, such as Swim England, Royal Life Saving Society and Norfolk ASA. We will only do this if you have given your consent to your personal data being used in this way (either when you submit your details to us or at a later stage). You can update your marketing preferences by contacting the club’s Data Protection Officer via email at email@example.com.
- Sharing your personal data
The club uses Swim Club Manager and SwimBiz to administer the club. Swimmers’, parents’/guardians’ and members’ may add their details to these systems, or may be entered by others such as swimming coaches/teachers, officers and or employees of the club.
The club may pass on information to Swim England for affiliation and other reporting purposes.
We may share your personal data with our affiliates, suppliers and sub-contractors. We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We only permit third parties to process your personal data for specified purposes and in accordance with our instructions.
We may disclose your personal information to third parties if we are under a duty to comply with any legal obligation; or to protect the rights, property, or safety of our participants, members or affiliates, or others.
- International Transfers
Whilst the majority of our suppliers are within the European Economic Area (EEA), some of our suppliers or third parties may process our personal data outside of the EEA. We review the data protection terms of these suppliers to ensure that your personal data will only be transferred out of the EEA, if sufficient appropriate safeguards are in place.
- Protection of your personal data
The club has a duty to protect your privacy and have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. However, the nature of the Internet is such that the data may in some circumstances flow over networks without full security measures and could be accessible to unauthorised persons.
- Data Retention
We keep personal data on our swimmers, members and other website users while they are signed up to the club or any of our website services. We will delete this data after an individual has ended their membership or affiliation, or sooner if specifically requested and we are able to do so. We may need to retain some personal data for longer for legal or regulatory purposes.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
- Cookies (Check with website provider)
When you visit our website, we may collect, process and use information about you which may not personally identify you but which may be helpful for improving the operation of the website. Such information may be collected through "traffic data" and may entail the use of "cookies", "IP Addresses" or other numeric codes used to identify your computer. You can delete cookies or configure your computer to reject them, although this may disable the website’s ability to manage individual sessions.
- Third Party Links
- Your Rights
The GDPR sets out new rights for individuals and strengthening of existing rights. There are eight rights:
- The right to be informed (what data is obtained and how it is processed)
- The right of access
- The right to rectification (personal data can be rectified if it is inaccurate or incomplete)
- The right to erase (dependent on how the data is lawfully processed)
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automatic processing and profiling.
The GDPR sets a high standard of consent. You can withdraw your consent at any time where we are relying on consent only to process your personal data.
You can complain at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk).
- Contact Us
If you have any queries about this Privacy Notice, wish to stop direct marketing by the club or third parties or you wish to access or update your information please email the club’s Data Protection Officer via email at firstname.lastname@example.org.
USER PERSONAL INFORMATION
Any personal information you may provide to us on this website via, for example, a contact form or by signing up to our newsletter will never be sold, rented or otherwise distributed or made public without your express consent. We would only disclose personally identifiable information to the relevant authorities if we are required to do so by law
PERSONAL INFORMATION THAT THIS WEBSITE COLLECTS AND WHY WE COLLECT IT
This website collects and uses personal information for the following reasons:
1. Site visits tracking
Like most websites, this site uses Google Analytics to track user interaction. We use this data to determine the number of people using our site, to better understand how they find and use our web pages and to see their journey through the website.
Although Google Analytics records data such as your geographical location, device, internet browser and operating system, none of this information personally identifies you to us. Google Analytics also records your computer’s IP address which could be used to personally identify you but Google do not grant us access to this. We consider Google to be a third party data processor.
2. Our blog/news page
We have disabled the ability for users to add comments on our blog posts by default. We therefore do not collect or store any personal data from our blog.
3. Contact forms and email links
Should you choose to contact us using the contact form on our Contact us page the data you supply will be collated into an email and sent to us. We do NOT store this information on our website.
Should you choose to contact us using an email link instead, none of the data that you supply will be stored by this website. Instead the data will be collated into an email and sent to us.
4. Email newsletter
If we supply an email newsletter and you choose to join it, the email address that you submit to us will be forwarded to MailChimp who provide us with email marketing services. We consider MailChimp to be a third party data processor. The email address that you submit will not be stored within this website’s own database or in any of our internal computer systems.
Your email address will remain within MailChimp’s database for as long as we continue to use MailChimp’s services for email marketing or until you specifically request removal from the list. You can do this by unsubscribing using the unsubscribe links contained in any email newsletters that we send you or by requesting removal via our contact form. When requesting removal via email, please send your email to us using the email account that is subscribed to the mailing list.
If you are under 16 years of age you MUST obtain parental consent before joining our email newsletter.
While your email address remains within the MailChimp database, you will receive periodic newsletter emails from us.
ABOUT THIS WEBSITE’S SERVER
All traffic (transferral of files) between this website and your web browser is encrypted and delivered over HTTPS.
THIRD PARTY DATA PROCESSORS
We use a number of third parties to process personal data on our behalf. These third parties have been carefully chosen and, to the best of our belief and understanding, all of them comply with current legislation. Both third parties are based in the USA and are EU-U.S Privacy Shield compliant.
We will report any unlawful data breach of this website’s database or the database(s) of any of our third party data processors to any and all relevant persons and authorities within 72 hours of the breach if it is apparent that personal data stored in an identifiable manner has been stolen.
The data controller for this website can be obtained by using the Contact page.
LINKS TO OTHER WEBSITES
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.