Data protection

Battersea Ironsides RFC Ltd are committed to ensure our members rights are protected as per the Data Protection Act 1998.

We will protect members’ personal data and only use it as per the below:

We commit to the following

  • Ensure we comply with the eight data protection principles, as listed below

    • Meet our legal obligations as laid down by the Data Protection Act 1998

    • Ensure that data is collected and used fairly and lawfully

    • Process personal data only to meet our operational needs/fulfill legal requirements

    • Take steps to ensure that personal data is up to date and accurate

    • Establish appropriate retention periods for personal data

    • Ensure that data subjects' rights can be appropriately exercised

    • Provide adequate security measures to protect personal data

    • Ensure that a nominated officer is responsible for data protection compliance and provides a point of contact for all data protection issues

    • Ensure that all club officers are made aware of good practice in data protection

    • Provide adequate training for all staff responsible for personal data

    • Ensure that everyone handling personal data knows where to find further guidance

    • Ensure that queries about data protection, internal and external to the organisation, are dealt with effectively and promptly

    • Regularly review data protection procedures and guidelines within the club

How Battersea Ironsides RFC Ltd will meet those objectives

1.     All personal data held by the club, be it in paper or electronic form, will only be handled by the relevant person (ie. Vetted Manager of the age group, Membership secretary, RugbyFirst webmaster). For Minis and Juniors, those persons are required to have a valid and current RFU enhanced CRB.

2.     For Minis and Juniors, vetted volunteers will, in absence of manager or head coach, carry a list of players for safety/medical reasons.

3.     Only age group managers, membership secretaries and RugbyFirst webmaster have access to personal data.

4.     The data held is solely used for the purpose of registering the players with the RFU and ensuring the safety of the players. See website for the Membership form details of what data is required.

5.     The Minis and Juniors Registration form will be shredded at the end of each season, as per RFU’s guidance. Details will be kept on database for a maximum 3 years. Seniors Registration forms will be handled per the RFU guidelines.

6.     The data is held on the website, and access is restricted via passwords and webmaster authorisation.

7.     Seniors data is available to committee members for use as described in the policy.

8.     Volunteers must be vetted by the Data Protection Officer, including CRB if Minis and Juniors, before handling any personal data.

9.     Further information on how to ensure data is handled correctly is available on www.ico.gov.uk

10.  Anyone found infringing those principles will be excluded from the club and the relevant authorities involved, should the need arise.

11.  This policy shall be reviewed every three years or whenever the law changes, whichever is the longest.

Data protection principles

  • Personal data shall be processed fairly and lawfully

  • Personal data shall be obtained for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that/those purpose(s)

  • Personal data shall be adequate, relevant and not excessive in relation to the purpose for which they are processed

  • Personal data shall be accurate and, where necessary, kept up to date

  • Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose

  • Personal data shall be processed in accordance with the rights of data subjects under the Data Protection Act 1998

  • Appropriate technical and organisational measures shall be taken against unauthorised and unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data

  • Personal data shall not be transferred to a country or territory outside the European Economic Area.