Club Privacy Notice
Mile Oak Wanderers FC (Club) ("we", "our", "us") take your privacy very seriously.
This Privacy Notice sets out how we use and look after the personal information we collect from you. We are the data controller, responsible for the processing of any personal data you give us. We take reasonable care to keep your information secure and to prevent any unauthorised access to or use of it.
What personal data we hold on you
Personal data means any information about an individual from which that individual can be identified.
We collect, use, store and transfer some personal data of our participants [and their parents or guardians], and other Club members.
You provide information about yourself when you register with the Club, and by filling in forms at an event or online, or by corresponding with us by phone, e-mail or otherwise.
The information you give us may include your name, date of birth, address, e-mail address, phone number, gender, and the contact details of a third party in the case of emergency. We may also ask for relevant health information, which is classed as special category personal data, for the purposes of your health, wellbeing, and welfare and safeguarding. Where we hold this data it will be with the explicit consent of the participant or, if applicable, the participant’s parent or guardian.
Where we need to collect personal data to fulfil Club responsibilities and you do not provide that data, we may not be able honour or administer your membership.
Why we need your personal data
We will only use personal data for any purpose for which it has been specifically provided.
The reason we need participants’ and members’ personal data is to be able to run the football club and arrange matches; to administer memberships, and provide the membership services you are signing up to when you register with the club. Our lawful basis for processing your personal data is that we have a contractual obligation to you as a participant or member to provide the services you are registering for.
We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
|Purpose/ Processing Activity||Lawful Basis for processing under Article 6 of the GDPR.|
|processing membership forms and payments/ subs||Performance of a contract|
|organising matches||Performance of a contract|
|sending out match or Club information and updates||Performance of a contract|
|sharing data with coaches, managers or officials to run training sessions or enter events||Performance of a contract|
|sharing data with leagues we are in membership of, county associations and other competition providers for entry in events||Performance of a contract|
|sharing data with committee members to provide information about club activities, membership renewals or invitation to social events||The Club has a legitimate interest to maintain member and participant correspondence for club community purposes.|
|sharing data with third party service or facility providers||The Club has a legitimate interest to run the organisation efficiently and as it sees fit. Provision of some third party services is for the benefit of the Club, participants and its members.|
|sharing anonymised data with a funding partner as condition of grant funding e.g. Local Authority||The Club has a legitimate interest to run the organisation efficiently and as it sees fit. Application for funding is a purpose that benefits the Club, participants and its members.|
|publishing match and league results||Consent. We will only publish your personal data in a public domain, including images and names, if you have given your consent for us to do so. In the case of children under the age of 13 then only with written consent of parent/guardian|
|sending out marketing information such as newsletters and information about promotions and offers from sponsors||Consent. We will only send you direct marketing if you are an existing member, participant or other associated individual and you have not previously objected to this marketing, or, you have actively provided your consent.|
|To ensure we understand possible health risks||Consent. We will only process details on your medical history with your consent.|
Who we share your personal data with
When you become a member of the Club, your information, if you are a coach or volunteer will be or if you are another participant may be (depending upon which league(s) your team plays in) entered onto the Whole Game System database, which is administered by the FA. We also pass your information to the County FA and to leagues to register participants and the team for matches, tournaments or other events, and for affiliation purposes.
We may share your personal data with selected third parties, suppliers and sub-contractors such as referees, coaches or match organisers. Third-party service providers will only process your personal data for specified purposes and in accordance with our instructions.
We may disclose your personal information to third parties to comply with a legal obligation; or to protect the rights, property, or safety of our participants, members or affiliates, or others.
The Club’s data processing may require your personal data to be transferred outside of the UK. Where the Club does transfer your personal data overseas it is with the sufficient appropriate safeguards in place to ensure the security of that personal data.
Protection of your personal data
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
How long we hold your personal data
Your rights regarding your personal data
As a data subject you may have the right at any time to request access to, rectification or erasure of your personal data; to restrict or object to certain kinds of processing of your personal data, including direct marketing; to the portability of your personal data and to complain to the UK’s data protection supervisory authority, the Information Commissioner’s Office about the processing of your personal data.
As a data subject you are not obliged to share your personal data with the Club. If you choose not to share your personal data with us we may not be able to register or administer your membership.
We may update this Privacy Notice from time to time, and will inform you to any changes in how we handle your personal data.
If you have any questions about this Privacy Notice then please contact Geoff Balmont our Data Protection Officer on DPO.MOW@OUTLOOK.COM
Data Protection Policy
1. About this Policy
1.1 This Policy is to help clubs, County Football Associations and football leagues deal with data protection matters internally. This should be kept with other club / County Football Association / football league policies and a copy should be given (or made available) to all staff members, volunteers and others who come into contact with personal data during the course of their involvement with the club / County Football Association / football league.
1.2 The Club, (“we”, “our”, “us”) handle personal data about current, former, and on occasion prospective players [and their parents or guardians], employees, volunteers, committee members, other Club members, referees, coaches, managers, contractors, third parties, suppliers, and any other individuals that we communicate with.
1.3 In your official capacity with the Club, you may process personal data on our behalf and we will process personal data about you. We recognise the need to treat all personal data in an appropriate and lawful manner, in accordance with the EU General Data Protection Regulation 2016/679 (GDPR).
1.4 Correct and lawful treatment of this data will maintain confidence in the Club, and protect the rights of players and any other individuals associated with the Club. This Policy sets out our data protection responsibilities and highlights the obligations of the Club, which means the obligations of our employees, committee, volunteers, members, and any other contractor or legal or natural individual or organisation acting for or on behalf of the Club.
1.5 You are obliged to comply with this policy when processing personal data on behalf of the Club, and this policy will help you to understand how to handle personal data.
1.6 The Club committee will be responsible for ensuring compliance with this Policy. Any questions about this Policy or data protection concerns should be referred to the committee.
1.7 We process volunteer, member, referee, coach, manager, contractor, committee, supplier and third party personal data for administrative and Club management purposes. Our purpose for holding this personal data is to be able to contact relevant individuals on Club business and our legal basis for processing your personal data in this way is the contractual relationship we have with you. We will keep this data for 3 months after the end of your official relationship with the Club, unless required otherwise by law and / or regulatory requirements. If you do not provide your personal data for this purpose, you will not be able to carry out your role or the obligations of your contract with the Club.
1.8 All the key definitions under GDPR can be found here.
2. What we need from you
2.1 To assist with our compliance with GDPR we will need you to comply with the terms of this policy. We have set out the key guidance in this section but please do read the full policy carefully.
2.2 Please help us to comply with the data protection principles (set out briefly in section 3 of this policy and in further detail below):
2.2.1 please ensure that you only process data in accordance with our transparent processing as set out in our Privacy notice;
2.2.2 please only process personal data for the purposes for which we have collected it (i.e. if you want to do something different with it then please speak to Our Data Protection Officer first);
2.2.3 please do not ask for further information about players and / or members and / or staff and / or volunteers without first checking with Our Data Protection Officer
2.2.4 if you are asked to correct an individual’s personal data, please make sure that you can identify that individual and, where you have been able to identify them, make the relevant updates on our records and systems;
2.2.5 please comply with our retention periods listed in our Privacy Notice and make sure that if you still have information which falls outside of those dates, that you delete/destroy it securely;
2.2.6 Please treat all personal data as confidential. If it is stored in electronic format then please consider whether the documents themselves should be password protected or whether your personal computer is password protected and whether you can limit the number of people who have access to the information. Please also consider the security levels of any cloud storage provider (and see below). If it is stored in hard copy format then please make sure it is locked away safely and is not kept in a car overnight or disposed of in a public place;
2.2.7 if you are looking at using a new electronic system for the storage of information, please talk to Our Data Protection Officer first so that we can decide whether such a system is appropriately secure and complies with GDPR;
2.2.8 if you are planning on sharing personal data with anybody new or with a party outside the FA structure then please speak to Our Data Protection Officer before doing so who will be able to check that the correct contractual provisions are in place and that we have a lawful basis to share the information;
2.2.9 if you receive a subject access request (or you think somebody is making a subject access request for access to the information we hold on them) then please tell Our Data Protection Officer as soon as possible because we