Release 2.19q
Privacy Notice

General Data Protection Regulation 2018 (GPDR)

New regulations about what personal data organisations can hold about people came into force at the end of May 2018

What personal data does the club collect?

The data we routinely collect includes members’ names and email addresses.

The club also collects the scores from games you play, normally  identifiable by your name but can be made anonymous.

What is this personal data used for?

We use this data for the administration of your membership, the communication of information, and the organisation of events.

Results from club games are displayed on our website and included in statistical analyses.

Who is your data shared with?

Your name and results are shared with BriAn, the scoring system we use, and on our website hosted by Bridgewebs. No other data is shared with any other third party.

Where does this data come from?

Data comes from members when they join, or when they update information held by the club.

Scoring data comes directly from the scoring app used by the club.

How is your data stored?

This information is stored in two main ways: a paper record of all agreements by you that the club can hold designated data, lists of members held on both paper and digital documentation, and lists of email addresses. All data held digitally is stored in password protected environments, passwords being known to Committee Members on a need-to-know basis.

Who is responsible for ensuring compliance with the relevant laws and regulations?

Under the GDPR (General Data Protection Regulation 2018) we have a statutory requirement to have a Data Protection Officer. The person who is responsible for ensuring the club discharges its obligations under the GDPR is James Palmer.

Who has access to your data?

Members of the committee have access to members’ data in order for them to carry out their legitimate tasks for the organisations.

What is the legal basis for collecting this data?

The club collects personal data that is necessary for the purposes of its legitimate interests as a membership organisation.

How you can check what data we have about you?

If you want to see the data we hold about you, you should contact James Palmer. We are required to provide this to you within one month.

(In general there will be no fee charged for this service, although the regulations allow for a reasonable fee to be charged based on the administrative cost of providing the information if a request is manifestly unfounded or excessive, or for requests for further copies of the same information.)

Does the Club collect any “special” data?

The GDPR refers to sensitive personal data as “special categories of personal data”. The club does not currently collect any “special” data.

How can you ask for data to be removed, limited or corrected?

There are various ways in which you can limit how your data is used.

  • If you wish you could become an “anonymous” member. This would involve you having a pseudonym under which you would play.
  • You could maintain your club membership with your correct name but with limited contact details. However, we do need to have at least one method of contacting you.
  • You may choose not to receive information emails (we do not send any out on behalf of other organisations).
  • Any of these options can be implemented for your club membership by contacting James Palmer.

How long we keep your data for, and why?

We normally keep members’ data for a period after their membership lapses in case they later wish to re-join. However, we will delete any former member’s contact details entirely on request.

Since underlying statistical data, eg scores from bridge games, continues to be necessary in relation to the purpose for which it was originally collected and processed, results from events are not deleted by the club, although they will no longer be attributed to a player who does not want their data to be kept.

Historical ranking lists and prize lists are required for archiving purposes and names cannot be removed from them.

Any other data, such as that relating to accounting or personnel matters, is kept for the legally required period.

Comment