Seven Kings Bowling Club (henceforth “Club”) has reviewed its systems and processes to ensure that it follows General Data Protection Regulation (GDPR) guidelines.
Personal and Sensitive Information
For the purpose of compliance, the Club classifies Personal Information (“PI”), such as a member’s name, address, telephone, email, date of birth, previous clubs/experience as ‘sensitive information’.
Details relating to medical conditions, ethnicity, family, employment or other do not form part of the Club’s information or application process: The Club does not ask for nor store a member’s Sensitive Personal Information (“SPI”).
Data Protection Officer (DPO)
The Club’s current small membership does not warrant a DPO to be assigned. Work is underway to promote the club and the idea of a DPO will be revisited again in 2023 should membership double (a target to be set by the Committee).
The web administrator and Secretary will ensure that the Club follows its policy guidelines in compliance with GDPR.
Should a member have concern over the use or storage of their personal data, they are fully entitled to make representation to the Club’s Secretary and to have it updated or removed completely.
The Club’s website is hosted on Hostinger (an internet services company), adhering to industry-standards that should prevent unauthorised access. The website is secured with an SSL certificate to ensure all data between the website and user browsers are encrypted.
The website currently operates a mostly view-only access to Club and general bowling information, a lot of which is readily available elsewhere on the open Internet.
The website currently has a single, password-protected administrator login to manage the website and its content.
The website also has a single, password protected, web page (accessed via the “MEMBER LOGIN” button) from where members are able to submit their availability for Club matches.
Some offline files are stored by the current Committee members on their personal computers, which require a personal username/password to access and use.
A Club Membership application currently has to be submitted in paper format, with primary and secondary Club member proposer signatures. This form is available online for prospective members to download and complete the best they can and hand-in at the Club. The form captures a home address, contact phone number, age and work status of the applicant for the specific purpose of managing team formations and weekday match schedules. There is no age profiling done whatsoever.
Reasonable care has been taken with the storage of paper documentation, to ensure it is not accessible by unauthorised personnel.
Handling of Personal Data
The Club complies with Article 6 of the UK GDPR Act: members have given consent for specific personal data to be collected and used for club operational purposes only.
All personal information has been freely provided by members and not obtained through online, mass-mailing or other fee-paying collection techniques or services. The same information is not used for any kind of personal profiling, neither is it shared with any third party company or sold.
Members have the right to ask and be told what information about them is held on file or/and being made available to other members.
Member contact information is currently held on paper and in files held by the club Secretary. All such files are stored in lockable cabinets and drawers.
There is currently no online members’ directory that is accessible from the website (other than a list of member/players that is accessible via a “MEMBER LOGIN” button, and this too for the sole purpose of members having a view of who is playing in forthcoming Club matches). Other than this one password-protected webpage, the website currently has no facility for active members to have unique login/passwords.
When and if individual members are given their own unique logins (not being planned to happen in the short term) to the website, at that time all members will be asked again to proactively confirm they agree for their personal information to be stored in electronic databases and files for the specific purpose of delivering value-added member services for their common benefit.
Members have the right to request their personal information be removed completely from the club’s electronic and paper databases.
Prospective members who complete a paper or online form (functionality currently not available) will confirm their agreement on the use of their personal data for the specific purpose of delivering member services efficiently and at low cost.
Members leaving the club will be removed from the active directory and will no longer have access to the restricted areas of the website.
For the 2023 season and annual consent, the club intends to collect some additional data on members. The complete list is shown in the table below:
|DATA COLLECTED||REASON FOR COLLECTION|
|Address||Required so that club information can be sent to members, who do not have an e-mail address. It also facilitates shared transport arrangements.|
|Age/ Date of Birth||Date of Birth is required to ensure that members pay the correct membership fee and are qualified to enter certain competitions.|
|Date of Joining Club||To enable long-serving members to be identified and recognised.|
|Disability||To allow club to fulfil its safeguarding duties and make necessary adjustments|
|E-mail address||Prime means of communication with members over teams, events, general matters and for the handbook.|
|Emergency Contact details||In case of accident or sudden illness of a member|
|Ethnicity||Suggested by Bowls England for statistical analysis and equal opportunity monitoring|
|Gender||Some competitions are gender specific. Moreover, unfamiliar first names could make it difficult to infer a gender so best to capture it directly or in a salutation.|
|Name||This is necessary for legal, insurance and licensing purposes. The Club is entitled to know who is permitted to be on its premises|
|Parent Contact details||Required for any junior member under 18|
|Phone Numbers||Home and mobile numbers are requested for contact purposes and for the Club handbook.|
|Key Holder||(Y/N) To help determine if a member has been given a set of keys to access the clubhouse.|
|Consent||Consent (checkboxes) for sharing mobile phone numbers and email addresses amongst Club members. This to organise teams for matches, general club communications and ride sharing to match venues, using messaging applications like WhatsApp and email.|
Consent to send all meetings related information (e.g. AGM agenda, MoMs, etc) electronically via email.
Photographs & Documents
Members (including committee members) may from time to time submit appropriate photographs or written documents to be put on the club’s website or be shared with some other publication (e.g. local newspaper). Such submissions will be assumed to have been made in good faith and deemed to have the consent from other individuals in the photos/images. The exception to this is a ‘general view’ category of images/photos which may include a number of “appropriate people” as part of an overall scene (e.g. photos of members of the Club partaking in a competition with another club).
Should any person included in any image/photo on the website or paper file request for it be removed, then the same will be edited or taken off completely as appropriate. No images/photos of children will be published in any form without the full parental or guardian consent.
Members will have the option to insert or remove a photo as part of editing their personal profile (when and if such functionality is made available on the website).
Members will ensure that when and if the Club’s website starts providing individual member login access, that members set up secure passwords for their accounts, adopting a policy of changing passwords on a regular basis (lots of resources available on the Internet to guide and help with this).
Members will confirm agreement (or otherwise) to be included in a members’ directory.
Members will ensure that any documents created, such as minutes of meetings, reports, etc. that include sensitive information are correctly handled in compliance with GDPR. If in doubt, ask the Club Secretary!
The Club operates for the benefit of its members and the local community in which it operates: an electronic or physical security breach is serious and could have GDPR repercussions. All known breaches of information security, however minor, should be reported to the Club Secretary.