As per the requirements of the newly release General Data Protection Regulation (GDPR), and due to the resignation of Richard Johnson as Data Officer, the Club is now searching for a replacement who will be responsible for data protection compliance.

The Clubs Privacy Policy has already been release to provide members with information including:

  • How does the Club and the RFU use your data
  • What information is collected
  • What information is received from third Parties
  • How does the Club and the RFU use the information
  • Withdrawing your permission (consent)
  • Who will we share the data with
  • Your rights
  • RFU Contacts
  • Data retention periods

The Club will only collect, keep, and use data only when absolutely necessary.  Most of the data collected will be from membership or tour document submissions, these forms will be reviewed every year to ensure that the information collected is still relevant.

Data will not be used beyond compatibility of the specified legitimate purposes stated within the Club Privacy Policy and the Personal Data Inventory document.  The Personal Data Inventory document is a detailed register data, its storage, and its processing.

Your data needs to be up-to-date, so if you have any changes in circumstances, please make the necessary adjustments of your records on the GSM system, or contact your Team Manager for assistance.

All data gathered will be kept securely on the password protected GMS system, password and virus protected electronic devices, or by mechanical means such as lockable filing cabinets.  Care will be taken in data transmission ensuring only those that need to see the data receive it, and large electronic distributions are done so using a “Blind Copy” e-mail function or anonymous web form distribution tools.

All data breaches i.e. the wrongful disclosure, loss, destruction, or corruption of personal data must be reported immediately to the Data Officer.  The Data Officer will then follow the Data Breach Processes to address the breach.

In the rare occasions where third parties need to process your data an agreement with the Club will be in place to ensure that they meet same GDPR requirements.  Sharing data with third parties that are based outside the European Economic Area will need special justification, guarantees, and agreements.

You have a right of access, so if you wish to see all of your data held by the club, please contact the Data Officer who will follow the Data Access Process to ensure that you have your data within 30 days.  Other right are stated within the Privacy Policy

For more further information on GDPR please refer to the General Data Protection Regulation on the UK Governments Information Commissioners Office website.

GDPR Document Links

WRFC Privacy Policy
Appenix A - Personal Data Inventory
Appendix B - Data Breach Management Flowchart
Appendix C - Subject Access Request Flowchart
CCTV Policy