ORPINGTON ROVERS FC DATA PROTECTION POLICY
New regulation affecting the UK in relation to data handling came into effect on 25th May 2018.
The club has looked at its requirements and believes that it is compliant. However, it has taken the opportunity to look carefully at how we manage and use members' data. This Policy statement succinctly sets out how we do that.
What data do we collect;
Names, addresses, phone numbers, email addresses, and other information contained in the membership application. We also keep records of fees paid and fees outstanding from members
What do we use it for:
Notification of club news, including matches, coaching opportunities with our club coach, other similar events, and issues affecting members including collection of fees etc. We do not use it for the benefit of other organisations without the express consent of the individuals concerned. However, we want to make it clear that Harry Harding, of Sportacus, our coaching deliverer, is on our membership mojo list, and as such can, and does, send information out to all members regarding Soccer Camps and other coaching opportunities. He does not have access to any individual members personal details, including their email addresses. If members wish to take up any offer so received, they are free to do so, and then they will be at liberty to agree what personal information they are willing to provide to Sportacus.
When and how will we cease to retain it (including owner request)
Data is retained until the member seeks its removal, or a member leaves the club and all transactions with him/her are complete.
How do we keep it safe
Data is stored on servers provided by Linode in their locked cage within a secure facility at Docklands provided by Telecity Group, and:
• physical access is protected at the building and cage by biometric or keypad pin
• data is backed up locally and an encrypted copy is also sent offsite to an Amazon facility in Dublin
• backup frequency for both is currently daily, with the offsite backup being moved to hourly in the next few months
• access to this data is protected by email address and password (either a membermojo password or password to access your email account)
• all traffic to and from our site is SSL encrypted. Passwords are encrypted using a modern hash and unique salt.
How we allocate responsibility for information accuracy and its safety
The providers of data to us are responsible for its accuracy on submission. Its safety is ultimately the responsibility of our Data Protection Officer, who currently is Rinaldo Besate, whose contact details are on our web site.
How we deal with a data protection breaches
They will be fully investigated and if they are likely to result in risk to the rights of individuals and their freedom, then it will be reported to the Information Commissioners Office.
1. ICO “Preparing for GDPR”
2. ICO “Data Protection self assessment”
3. What does GDPR mean for grassroots clubs – Muckle LLP
4. ICO – What to provide
If you have any queries or wish to make an appointment, please contact us using our contact.