Data Protection Policy
Data Protection Policy
For the purposes of the General Data Protection Regulation (“GDPR”) and UK data protection laws, the Controller of Winton Tennis Club is Michael Kennedy, Club Membership Secretary and Treasurer.
About this document
How we collect your information
We collect your personal data in two main ways:
• From the information you provide (or someone on your behalf provides) to us when you interact with us by making an application to join the club;
• Communications with you when your personal circumstances change such as current address or phone number.
The types of information we collect
We may collect the following types of personal data about you:
• Contact and communications information, including:
• Your contact details (including email address(es), telephone numbers and postal address(es);
• Records of communications and interactions we have had with you.
How we use your information
The purposes for which we may use personal data (including special categories of personal data and criminal convictions and offences data, where applicable) we collect in connection with your employment or other engagement with us include:
• For general communications with you in connection to the club including events and matches;
• External and internal audit and record-keeping purposes;
• Sharing your personal data with the LTA, county tennis associations and other venues for reasonable purposes in connection with the operation of the Venue.
The basis for processing your information
We may process your personal data for the above purposes because:
• It is necessary for the performance of a contract with you or in order to take steps at your request prior to entering into such a contract;
• It is necessary for our or a third party’s legitimate interests. Our “legitimate interests” include our reasonable interests in the operation of the Club, in accordance with all relevant legal requirements;
• For compliance with our legal obligations (e.g. to exercise or perform any right or obligation conferred or imposed by law in connection with employment or for the prevention and detection of crime, and in order to assist with investigations (including criminal investigations) carried out by the police and other competent authorities).
Sharing your information with others
We will share, with your permission your contact details with team captains where you have expressed an interest in playing matches for the club. We will also share your information with other club members for the purpose of the box league or other events.
• Internal and external auditors and legal advisers;
• When we are legally required to do so (by a court, government body, law enforcement agency or other authority of competent jurisdiction), for example by HM Revenue and Customs;
• To the LTA and county tennis associations (this includes West Hants and Matt Cole who operate the Tennis In The Park scheme).
We will notify you promptly in the unlikely event of any breach of your personal data which might expose you to serious risk.
We have implemented generally acceptable standards of technology and operational security in order to protect personal data from loss, misuse, or unauthorised alternation or destruction. We will notify you promptly in the event of any breach of your personal data which might expose you to serious risks.
Please note however that where you are transmitting information to us over the internet this can never be guaranteed as 100% secure.
How and where your information is kept
The membership database is held on the Membership Secretary’s computer. The computer and software is password controlled. Access is limited to the membership Secretary. Limited information including telephone numbers and email addresses are also held by other committee members and team captains on their personal computers. These computers are password controlled and access is limited to these members only.
How long your information is kept
We will hold your personal data on our systems for as long as you are a member of the Club and for as long afterwards as is necessary to comply with our legal obligations. We will review your personal data every year to establish whether we are still entitled to process it. If we decide that we are not entitled to do so, we will stop processing your personal data and remove it from our database.
Under certain circumstances, by law, you have the right to:
• Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
• Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
• Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below).
• Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal data for direct marketing purposes.
• Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it. You can also withdraw your consent, where this is the basis for our processing your information (without affecting the lawfulness of our previous processing based on consent).
• Request the transfer of your personal data to another party.
Please note that the above rights are not absolute, and we may be entitled to refuse requests where exceptions apply.
If you have given your consent and you wish to withdraw it, please contact the data controller, using the contact details set out below.
Contact and complaints
If you are not satisfied with how we are processing your personal data, you can make a complaint to the Information Commissioner.
You can find out more about your rights under applicable data protection legislation from the Information Commissioner’s Office website available at www.ico.org.uk.