DENMEAD STRIDERS
DATA PROTECTION POLICY
Denmead Striders is committed to protecting all personal data that it receives.
We will only collect as much data as is required to meet the administrative
needs of the club.
Access to data is strictly limited to those who need it and they are expected to
have read and abide by this policy.
Data collection is limited to the membership database and passing of data to
England Athletics if the member requires UKA affiliation. As a small not-forprofit organisation we are not required to register with the Information
Commissioners Office.
Security of Data
This policy requires that any personal data held by the club is securely kept and
reasonable steps are taken to ensure it remains confidential.
Access to the data is only allowed where appropriate for the
administrative needs of the club.
Data stored electronically should be encrypted when not in active use
and when being transported.
Redundant copies of data should be safely disposed of when no longer
required (eg membership renewal forms should be shredded)
Stored Data
Membership Database
The club maintains a database of its members. This includes basic personal
information required for the administration of the club such as name, address,
phone number, date of birth, payment status and UKA affiliation if applicable.
Race Entries
Personal data is collected under three categories;
Entrants – online entries (covered by RunBritain data protection policy)
and paper forms collect data provided by entrants. This is available to
the volunteers organising the race and is disposed of securely after the
race.
Finishers – this includes gender and age to determine category.
Volunteers – contact details only held as required to ensure safe
organisation of the race.
This policy does not apply to
UKA affiliation – requires the club to pass details to England Athletics.
This is then out of the control of the club, details of England Athletics
Privacy Policy can be found at www.englandathletics.org/privacy-policy
Races and associated sites – any data passed to other organisations
when entering races is not covered by the club’s data protection policy.
This should be available from the relevant site used.
Social Media – sites are not covered by the club’s data protection policy
as these operate under their own data policies.
Disclosure of Data
Personal data should only be used for the proper administration of the club.
Transfer of data is only regarded as appropriate in the following circumstances:
Disclosure is required to comply with the law
Where data is transferred to a person within the club engaged in an
administrative role and the data was required to carry out their duties.
The person receiving the data will be required to have read and
understood this policy.
A third party organisation performing services for the club (such as
insurance) where the committee have approved the transfer.
Notification of Breach
If the committee becomes aware of any breach of members data steps should
be taken to immediately correct the breach. Any affected members should be
notified at the earliest opportunity.
The committee should investigate any breach and report at the next AGM or
EGM.
Responsibility
The committee is the Data Controller under the act.
We do not need to appoint a Data Protection Officer but any committee
member can be contacted if there are any concerns.
Members of the club are responsible for ensuring that any personal data
supplied to the club is accurate and up to date.
Right of Access
Any person whose data is held by the club has a right to access the data to
confirm its accuracy. Members wishing to check their data should contact the
membership secretary.
Right of Erasure (right to be forgotten)
Members have the right to withdraw consent to the processing of their data,
this will result in their membership being terminated.
Data Retention Policy
Data will be held for as long as the data subject is a member of the club. When
the person leaves or is no longer a member their personal data will be deleted.