Heaton Harriers & AC – Privacy Impact Statement (modified from EA privacy statement)
About us
Heaton Harriers & AC is an England Athletics affiliated club (reference 2658052) in the Northeast region for cross country, track and field and road running disciplines. Heaton Harriers & AC is both data controller and data processor under data protection legislation.
What data we will collect
In becoming a member of Heaton Harriers & AC, we will collect certain information about you which will include your name, date of birth, gender, relevant medical information, any allergies, email address, address, telephone number, names of the affiliated clubs that you are/were a member of and details of any coaching or officiating licenses you hold. Following registration with Heaton Harriers & AC we will also register you with England Athletics. EA will contact you directly using the email address you supplied to inform you of your URN number and also for you to confirm your registration details and privacy settings using the EA MyAthletics portal.
Why we will collect it
We will collect and process your Athletics Data for the purposes of registering you as a member of Heaton Harriers & AC. We will supply EA with this information for the purpose of administering your involvement in the sport. We will process it based on legitimate interests. The legitimate interests are the interests of registering you as a member and to administer the sport. When you are registered with Heaton Harriers & AC we will store your information securely (password protected) on a personal laptop (membership secretary, club secretary and Heaton Juniors Administrator). Once registered with EA, an online user profile (MyAthletics) will be created/amended which includes a section for your subscription preferences. EA will only use your Athletics Data for the purposes of registering and administering your involvement in the sport unless you have opted into any subscriptions.
How long we will keep it
We will retain your Athletics Data for such time as you are an athlete registered with Heaton Harriers & AC and will delete your information when you have informed us that you wish to resign or by the month following the end of year membership subscription (normally April).
Your rights
You have the following rights under data protection legislation:
1. to access a copy of the information comprised in your personal data.
2. request your information be changed if you believe it is not correct.
3. if you leave Heaton Harriers, you can exercise your right to be forgotten.
4. to object to processing of your personal data that is likely to cause or is causing damage or distress.
5. to prevent processing for direct marketing.
6. to object to decisions being taken by automated means.
7. in certain circumstances, to have inaccurate personal data rectified, blocked, erased, or destroyed; and
8. to claim compensation for damages caused by a breach of data protection legislation.
Sharing your data
We may share your non personal Athletics Data on our public social media (Facebook, Twitter, Spond and website). We will not share any other personal data you provide to us that is not Athletics Data. We will not transfer your data to any other third parties without obtaining your consent. However, it must be noted that Heaton Harriers Facebook, Spond and Twitter social media accounts, are not owned by Heaton Harriers as an entity, these sites are owned and managed by club members, however the club committee do also have administration rights to these sites. Members will not be automatically enrolled to any social media site; this will be at the request of each individual member.
Privacy policy
All the personal data we collect from you will be collected, stored, and processed in accordance with the terms of Heaton Harriers & AC privacy policy.
Complaints
If you have any concerns or complaints in relation to how Heaton Harriers & AC collects and/or processes your personal data, you should contact Heaton Harriers & AC data protection officer in the first instance. If you are dissatisfied with how your concern/complaint is dealt with by Heaton Harriers & AC, you have the right to report your concern/complaint to the Information Commissioners Office (www.ico.org.uk).
Privacy Policy Heaton Harriers & AC commitment to Privacy
As a club, we need to ensure that we can carry on our main activities while ensuring compliance with GDPR. These regulations cover how we are able to communicate with you (email/phone/website and social media), what information we store about you and how and what we use this information for. This governs all aspects of personal data including:
- Information we hold about you what we do with this information
- Registration of our members with England Athletics
- Registration of athletes (not just Heaton Harriers) for our races (Anita Nott, Memorial 10K)
- Website information
- Public social media
- Private (closed group) social media
- Personal communication versus organisational communication
- Photography and video.
Our website is hosted by BlueHost, who utilise cloud storage. For the purposes of data protection legislation, Heaton Harriers & AC is the data controller. Your IP address (the unique identifier that computers and devices use to identify and communicate with each other) will be automatically recognised by the web server.
The only information that is stored is in respect of the club secretary and treasurer (name/email addresses) for invoice purposes. The website administrators have access to the website build using WordPress (restricted information regarding administrators is stored).
Heaton Harriers & AC is the owner of www.heatonharriers.org.uk and we are committed to protecting your privacy and processing your personal data in accordance with the Data Protection Act (DPA) 1998 up to 24 May 2018 and the General Data Protection Regulation (GDPR) on and from 25 May 2018 (Data Protection Legislation).
This policy explains how the information we collect about you is used and kept securely. It also explains your privacy choices as a UKA affiliated club member as well as your right to access your information under Data Protection Legislation.
The information we collect about you
As a club member, we hold information relating to your full name, date of birth, gender, relevant medical issues, any allergies, URN number, email address, address, telephone number(s), coaching/officiating qualifications.
This information is stored electronically by our membership secretary on a secure password enabled PC. It is this information that the membership secretary will transfer to England Athletics to register the athlete (see section “The information we provide to England Athletics”).
It is the members obligation to inform Heaton Harriers of any address change, this will in cloud residence and email. Any change in information will be shared between the club and
membership secretary to ensure up to date records are maintained and are stored electronically as a distribution list on a password enabled PC. The members email addresses are not shared between any other committee members, unless the sender has raised a query for the committee to consider.
Data retention
We will retain your Athletics Data for such time as you are an athlete registered with Heaton Harriers & AC and will delete your information when you have informed us that you wish to resign or by the month following the end of year membership subscription (normally April), or if you exercise your right to be forgotten.
The information we provide (and receive) to/from England Athletics
New members will have seen the inclusion of the following statement when completing the membership application form. Existing members please see the following information.
When you become a member of or renew your membership with Heaton Harriers you will automatically be registered as a member of England Athletics. We will provide England Athletics with your personal data, which they will use to enable access to an online portal for you (called myAthletics). England Athletics will contact you to invite you to sign into and update your MyAthletics portal (which, amongst other things, allows you to set and amend your privacy settings). If you have any questions about the continuing privacy of your personal data when it is shared with England Athletics, please contact dataprotection@englandathletics.org. I’ve also attached a link to EA GDPR here https://www.englandathletics.org/clubs–community/club-management/gdpr-and-data-protection-advice
When registering an athlete with England Athletics, we will supply the name, date of birth, gender, email address, address, telephone number, name of the EA affiliated Clubs with which you are registered and any coaching or officiating licenses that you hold (Athletics Data).
We will also receive details of the transfer of registered members from one club to another. As an athlete, you will maintain the same record but the club’s name associated with the record will change.
Once registered with EA, an online user profile (MyAthletics) will be created/amended which includes a section for your subscription preferences. EA will only use your Athletics Data for the purposes of registering and administering your involvement in the sport unless you have opted into any subscriptions.
Where you have opted into additional communications in your subscription preferences section of your MyAthletics portal EA will process your Athletes Data on the basis of consent. When you become a registered athlete with EA, they will share your Athletics Data with the following bodies* as part of the administration of your involvement in the sport:
- UK Athletics
- Selected members of the National Council
- Selected members of the 9 Regional Councils – London, South East, East, Yorkshire and Humber, North West, North East, South West, West Midlands and East Midlands
- Selected members of each County Athletics Association
- Selected members of each Area Athletics Association – Northern, Midlands and South of England
- CoFSECs
- Other home country athletics organisations – Wales, Scotland and Northern Ireland
- Third party data managers who support EA in managing the sport
Only the data that is needed for those purposes and, where possible, will be anonymised before sharing.
*Correct as of 04/04/22
Registration of athletes for our events (3rd party)
As an individual entering any event needs to be aware that, we will hold information relating to full name, date of birth, gender, URN number, email address, address, telephone number(s) for participation in our events. The race secretary may look at the information stored with EA to ensure the athlete is EA registered to check and validate data to support administrative processes and eligibility to compete where applicable. The results will also be published. When this data is collected by face-to-face registration or using an online registration/results service e.g., ResultsBase, a privacy notice will be supplied informing participants that their details will be held and published as detailed below:
“You agree that we may publish your personal information as part of the results of the event and may pass such information to the governing body or any affiliated organisation for the purpose of insurance, licences or for publishing results either for the event alone or combined with or compared to other events. Results may include (but not limited to) name, any club affiliation, race times and age category”
With the new GDPR we now require consent for further communication from May 25th. This must be freely given, and you must opt in rather than opt out.
Any personal data that we collect from you will be deleted following a period of up to 12 months following registration at our events. After this time, we will delete our data records held locally. Name, results, club, and age categories at the time of the event will be retained indefinitely.
Results Base (the company we use to manage race entries/timing) will retain email addresses in their database. This data (relating solely to our named events) may be used by Heaton Harriers & AC via ResultsBase for the sole purpose of communication and promotion of our future events. For example, for the Anita Nott race, an email may be sent out to all of last year’s participants, who have who have requested contact form future events.
We plan to adopt this approach for the Heaton Harrier memorial race.
How we use your information
We may use your personal information for several purposes, including:
- To deal with your requests and enquiries.
- To contact you for reasons related to your enquiry.
- To use your IP address to monitor traffic and gather browsing behaviours of visitors to our websites. We will not use your IP address to identify you in any way.
- Providing relevant and necessary information via email, text, post to you about the following:
- Changes to rules and regulations
- Updates to advice and guidance relating to specific roles held within athletics
- New members, transfer of membership, notify you of athletic events and competitions, courses, CPD events and qualifications and any other items that would be of general interest including social events organised by Heaton Harriers & AC.
- We may also share your personal information with the police and other law enforcement agencies for the purposes of crime prevention or detection. If we disclose your information, we ask the organisation to demonstrate that the data will assist in the prevention or detection of crime, or that Heaton Harriers & AC is legally obliged to disclose it. This is done on a strictly case by case basis and through a tightly controlled process to ensure we comply with Data Protection Legislation.
We may share your non personal Athletics Data on our public social media (Facebook, Twitter and Website). We will not share any other personal data you provide to us that is not Athletics Data. We will not transfer your data to any other third parties without obtaining your consent.
Members and participants in our races should be aware that their names, photos and video may be used to publicise races and achievements, including publishing race and competition results. As with the publication of results (see registration of athlete’s section) can we also draw your attention to the wording below:
“As a Heaton Harrier club member, you agree that we may publish your personal information as part of the results of the event and may pass such information to the governing body or any affiliated organisation for the purpose of insurance, licences or for publishing results either for the event alone or combined with or compared to other events. Results may include (but not limited to) name, any club affiliation, race times, photographs and age category”.
We have adopted the UKA Photographic Policy Guidance for the use of photographs available here for reference.
- Neither data protection nor privacy law prevents the taking of photographs or video in public places (including images of people such as athletes, coaches, officials or members of the public) for private or personal use.
- Where images are taken in public places, unless there is something unusually intrusive in the material, there will be only limited restrictions in how such images may subsequently be used.
- There are also particular protections for children (those under 18) in terms of how their image may be reused and published.
- Communicating information using Social media
- We have a public facing and members only social media account in the form of Facebook, Spond and Twitter. These can be used:
- to publicise events such as competitions, social events, club meetings
- share information about the club
- make a call to action. e.g. – Help out – Pay your subs – Be at the bus for 10am
- give updates on previously shared information
- post pictures (see photographic policy above), videos and other content of interest to members
- potential members say, ‘Well done’, ‘Thank you’, or ‘We need your help!’
As you are all aware, anyone can post in social media, however with the GDPR in mind any personal information cannot have originated from any of the Heaton Harriers organisation pages ie with the official logo as this would be deemed a breach of data privacy and could potentially be referred to the ICO (The information Commissioners Office).
Person to person posts can be deemed as ‘friend to friend’ posts but consideration must be given to the content that has been written to ensure that cyber bullying behaviour is avoid including, for example:
- You do not post abusive messages on any profile wall
- You do not add rude comments to a picture a person has uploaded
- You do not post a video / picture that makes fun of someone
- You do not encourage others to share abusive, rude or disparaging content
- You do not use critical language or actions, such as sarcasm which could undermine an athlete’s self-esteem.
If you believe that cyber bullying has occurred, the following reporting process should be followed:
- In the first instance, the situation should be reported to one of the club welfare officers (Iain McKinnon and Linda Francis) that an athlete has been (cyber) bullying another athlete. In cases of serious bullying, the incidents will be referred to UKA for advice. If necessary and appropriate, police will be consulted.
- The committee will investigate the allegations to ensure any misunderstanding/lack of awareness is addressed. If accepted as bullying, the committee will also attempt to help the bully change their behaviour. If mediation fails and the bully is seen to continue the club committee will initiate disciplinary action under the club constitution
- If the committee and welfare officer agree bullying has taken place the athlete will be warned and put on notice of further action i.e. temporary or permanent suspension. If the bullying continues, consideration will be given as to whether a reconciliation meeting between parties is appropriate at this time.
- This in no way infringes on your right to involve the police at any time, Heaton Harriers will work with any organisation that requests information regarding cyber bullying. This will be inline with all current legislation.
Protecting your information
By submitting your personal data, you agree to the transfer, storing or processing by Heaton Harriers & AC to England Athletics. We will take all reasonable steps to ensure that your data is treated securely and in accordance with this privacy policy. The Internet is not generally a secure medium for communication and therefore we cannot guarantee the security of any information you send to us over the Internet.
Currently the club secretary sends regular communication (e-newsletter) with members but only be by using BCC functionality. With the new GDPR we now require your consent for further communication. This must be freely given, and you must opt in rather than opt out, so unless we hear back from you, you won’t receive any correspondence/notifications or any more of the scintillating newsletters that I send out to you all!
For juniors (children under the age of 13) parent or guardian consent to collect information on them will be required.
Committee members by agreement share their email address within the confidentiality of the meetings. We regularly carry out surveys using a doodle poll (https://doodle.com/) but the data collected is within a closed group (Heaton harriers & AC) and restricted to name only.
Finding out what information Heaton Harriers & AC about you
Under the Data Protection Legislation, you can ask to see any personal information that we hold about you. Such requests are called subject access requests. If you would like to make a subject access request, please contact our Data Protection Officer at the secretary@heatonharriers.org.uk
Contacting Heaton Harriers & AC about this Privacy Policy
If you have any questions or comments about this Privacy Policy please contact us at secretary@heatonharriers.org.uk