Data Protection

Data Protection


Introduction


Pentyrch Bowling Club ( needs to collect and use certain types of information about its members and others for administrative purposes. PBC is committed to protecting individuals rights and privacy and ensuring that any personal information it holds is collected and processed appropriately, that is, fairly, transparently and legally. This policy describes PBCPBC’s procedures for ac hieving that objective.
 

The Data Protection Act 1998 ( governs the use of information about people (personal data). Personal data can be held on computer or in a manual file. They include names, addresses, phone numbers, emails, minutes of meetings, and photographs. For DPA purposes, PBC is the data controller collectively responsible for processing and using the information it holds. Officers and members of PBC who have access to personal information are expected to read and comply with this policy, wh ich will be updated as necessary in accordance with changes in legislation.


While committed to full compliance with the principles of the DPA, PBC, as a small, not for profit organisation, is exempt from the requirement to register its activities with the Information Commissioner s Office.  A list of definitions of technical terms used in this policy derived from the DPA and supplementary legislation is attached as Appendix A. The Act contains 8 principles for processing personal data. These are listed in A ppendix B. The Act also sets out the rights of data subjects, that is people about whom information is held. These are listed
in Appendix C.


Collecting data
PBC collects and processes data about members and others with whom it comes into contact. These are normally limited to personal contact information, but may include photographs or, exceptionally, health information which is necessary (and lawful under Article 9(2) of GPDR) to assess or meet members health or social care needs. PBC will ensure data sub jects know what personal data are being collected and why, and that data collected are only used for the purpose stated, are accurate and up to date, and are kept no longer than necessary for the stated purpose.


Correcting data
Individual data subjects h ave a right to have data corrected if they are inaccurate, to prevent use which is causing them damage or distress, or to stop marketing information being sent to them.


Data Protection Policy April 2024 Responsibilities
Responsibilities of Data Controller
As a small, not for profit organisation, PBC is the Data Controller legally responsible for complying with the DPA, which means that it determines what purposes personal information it holds will be used for. Its management committee will consider legal requirements and ensure that these are properly implemented, and that criteria and controls are applied appropriately. Specifically, it will ensure that PBC:
• Fully observes conditions regarding the fair collection and use of information,
• Meets its legal obligations and keeps a record of the purposes for which information is used,
• Collects and processes appropriate information only to the extent that it is needed to fulfil its operational needs or to comply with any legal requirements,
• Ensures the quality ie accuracy of information used and keep it up to date,
• Ensures that the rights of people about whom information is held (as listed in Appendix B) can be fully exercised under the DPA.
• Takes appropriate technical and organisational security measures to safeguard personal information,
·
• Treats people justly and fairly whatever their age, religion, disability, gender, sexual orientation or ethnicity when dealing with requestsr for information,·
• Maintains clear procedures for responding torequests for information.


Responsibilities of the club Data Protection Officer
The Club Secretary serves asthe Data Protection Officer responsible for implementing PBC’s policy. Assisted by the Membership Secretary, they have overall responsibility for:
• Obtaining consent from data subjects (see below) and explaining their rights,
• Ensuring everyone processing personal information understands that they are responsible for following good data protection practice,
• Ensuring that anyone wanting to make enquiries about handling personal information knows what to do,
Data Protection Policy April 2024
• Dealing promptly and courteously with any enquiries about handling personal information and describing clearly how PBC handles personal information.

Consent
When collecting data, PBC will ensure that the data subject:
• Clearly understands why the information is needed and what it will be used for,
• Grants explicit consent, either written or verbal, for data to be processed,
• Is informed of their rights to withdraw consent for data to be stored and processed, to have access to the data about them, and to correct any inaccuracies in it.

Data Storage


Introduction
Pentyrch Bowling Club ( needs to collect and use certain types of information about its members and others for administrative purposes. PBC is committed to protecting individuals rights and privacy and ensuring that any personal information it holds is collected and processed appropriately, that is, fairly, transparently and legally. This policy describes PBCPBC’s procedures for ac hieving that objective.


The Data Protection Act 1998 ( governs the use of information about people (personal data). Personal data can be held on computer or in a manual file. They include names, addresses, phone numbers, emails, minutes of meetings, and photographs. For DPA purposes, PBC is the data controller collectively responsible for processing and using the information it holds. Officers and members of PBC who have access to personal information are expected to read and comply with this policy, wh ich will be updated as necessary in accordance with changes in legislation.
While committed to full compliance with the principles of the DPA, PBC, as a small, not for profit organisation, is exempt from the requirement to register its activities with the Information Commissioner s Office.
A list of definitions of technical terms used in this policy derived from the DPA and supplementary legislation is attached as Appendix A. The Act contains 8 principles for processing personal data. These are listed in A ppendix B. The Act also sets out the rights of data subjects, that is people about whom information is held. These are listed in Appendix C.
 

Collecting data
PBC collects and processes data about members and others with whom it comes into contact. These are normally limited to personal contact information, but may include photographs or, exceptionally, health information which is necessary (and lawful under Article 9(2) of GPDR) to assess or meet members health or social care needs. PBC will ensure data sub jects know what personal data are being collected and why, and
that data collected are only used for the purpose stated, are accurate and up to date, and are kept no longer than necessary for the stated purpose.


Correcting data
Individual data subjects h ave a right to have data corrected if they are inaccurate, to prevent use which is causing them damage or distress, or to stop marketing information being sent to them.


Responsibilities of the data Controller
As a small, not for profit organisation, PBC is the Data Controller legally responsible for complying with the DPA, which means that it determines what purposes personal information it holds will be used for. Its management committee will consider legal requirements and ensure that these are properly implemented, and that criteria and controls are applied appropriately. Specifically, it will ensure that PBC:
• Fully observes conditions regarding the fair collection and use of information,
• Meets its legal obligations and keeps a record of the purposes for which information is used,
• Collects and processes appropriate information only to the extent that it is needed to fulfil its operational needs or to comply with any legal requirements,
• Ensures the quality ie accuracy of information used and keep it up to date,
• Ensures that the rights of people about whom information is held (as listed in Appendix B) can be fully exercised under the DPA.
• Takes appropriate technical and organisational security measures to safeguard personal information,
·
• Treats people justly and fairly whatever their age, religion, disability, gender, sexual orientation or ethnicity when dealing with requests for information,
·
• Maintains clear procedures for responding to requests for information.

Responsibilities of the Data Protection Officer
The Club Secretary serve as the Data Protection Officer responsible for implementing PBC’ss policy. Assisted by the Membership Secretary, they have overall responsibility for:
• Obtaining consent from data subjects (see below) and explaining their rights,
• Ensuring everyone processing personal information understands that they are responsible for following good data protection practice,
• Ensuring that anyone wanting to make enquiries about handling personal information knows what to do,
Data Protection Policy April 2024
• Dealing promptly and courteously with any enquiries about handling personal information and describing clearly how PBC handles personal information.
Consent
When collecting data, PBC will ensure that the data subject:
• Clearly understands why the information is needed and what it will be used for,
• Grants explicit consent, either written or verbal, for data to be processed,
• Is informed of their rights to withdraw consent for data to be stored and processed, to have access to the data about them, and to correct any inaccuracies in it.

Data Storage
Information and records relating to members and others will be stored securely and will only be accessible to authorised individuals for administrative purposes. Information will only be stored for as long as it is needed or is required by statute and will thereafter be deleted. PBC will ensure all personal and organisational data are non--recoverable from any computer system previously used within the organisation, which has been passed on/sold on tota third party.
 

Data Subject Access Requests

Data subjects have a statutory right of access to data held about them and can expect to bebe enabled to access data within one month of that trequest (other than in exceptional circumstances), and free of charge (other than when thee request is excessive orrepetitive in  which circumstances a modest fee can be charged).


Disclosure


PBC is committed to the lawful and correct treatment of personal information and would not expect to share with third parties other thanwhen required by law. There are circumstances where the law allows (or even requires) an organisation to disclose data (including sensitive data) without the data subject consent. These include:

1. Carrying out a legal duty or as authorised by the Secretary of State

2. Protecting vital interests of a Data Subject or other person

3. Where the Data Subject has already made the information public

4. Conducting any legal proceedings, obtaining legal advice or defendingany legal rights.


Deletion (erasure) of personal data.
Personal data should only be kept for as long as they are needed and securely disposed of once no longer required.  PBC will ensure thatthis information is confidentially destroyed at the end of the relevant retention period.

Further information
If members of PBC have specific questions about information security and data protection, they are advised to contact the Club Secretary in the first instance. For general information about data protection and the legislation governing it, they should consult The Information Commissioner’s website (www.ico.gov.uk).

©Copyright. All rights reserved.

Information icon

We need your consent to load the translations

We use a third-party service to translate the website content that may collect data about your activity. Please review the details in the privacy policy and accept the service to view the translations.