Data Protection

The Clubs Privacy Policy provides members with information including:

• How does the Club and the RFU use your data
• What information is collected
• What information is received from third Parties
• Withdrawing your permission (consent)
• Who will we share the data with
• Your rights
• RFU Contacts
• Data retention periods

The Club will only collect, keep, and use data only when absolutely necessary.  Most of the data collected will be from membership or tour document submissions; these forms will be reviewed annually to ensure that the information collected is still relevant.

Data will not be used beyond compatibility of the specified legitimate purposes stated within the Club Privacy Policy and the Personal Data Inventory document.  The Personal Data Inventory document is a detailed register of data, its storage, and its processing.

Your data needs to be up-to-date, so if you have any changes in circumstances, please make the necessary adjustments of your records on the GSM system, or contact your Team Manager for assistance.

All data gathered will be kept securely on the password protected GMS system, password and virus protected electronic devices, or by mechanical means such as lockable filing cabinets.  Care will be taken in data transmission ensuring only those that need to see the data receive it, and large electronic distributions are done so using a “Blind Copy” e-mail function or anonymous web form distribution tools.

All data breaches i.e. the wrongful disclosure, loss, destruction, or corruption of personal data must be reported immediately to the Data Officer.  The Data Officer will then follow the Data Breach Processes to address the breach.

In the rare occasions where third parties need to process your data, an agreement with the Club will be in place to ensure that they meet same GDPR requirements.  Sharing data with third parties that are based outside the European Economic Area will need special justification, guarantees, and agreements.

You have a right of access, so if you wish to see all of your data held by the club, please contact the Data Officer who will follow the Data Access Process to ensure that you have your data within 30 days.  Other rights are stated within the Privacy Policy.

For more further information on GDPR please refer to the General Data Protection Regulation on the UK Governments Information Commissioners Office website.