Mounts Bay Archery Club
Data Protection Policy
Updated April 2018
Mounts Bay Archery Club is fully committed to compliance with the requirements of the General Data Protection Regulation (GDPR), which supersedes the Data Protection Act 1988.
Mounts Bay Archery Club needs to collect and use certain types of information about its members. This personal information must be dealt with appropriately however it is collected, recorded and used; this principle applies whether on paper, on a computer or recorded by other means.
Mounts Bay Archery Club regards the lawful and correct handling of personal information as essential and therefore ensures that personal information is treated with sensitivity at all times. To this end Mounts Bay Archery Club fully adheres to the Principles of Data Protection as detailed in the GDPR.
These specify that personal data must be:
- Processed fairly and lawfully;
- Obtained for specified and lawful purposes;
- Be adequate, relevant and not excessive;
- Be accurate and kept up to date;
- Not be kept any longer than necessary;
- Be processed in accordance with the data subject’s (the individual’s) rights;
- Be kept secure; and
- Not be transferred outside the European Economic Area unless the recipient country ensures an adequate level of protection.
Mounts Bay Archery Club will through appropriate management, strict application of criteria and controls:
- Fully observe the conditions regarding the fair collection and use of the information;
- Meet its legal obligations to specify the purpose for which the information is used;
- Collect and process only that information which is required in order to fulfil operational needs or the compliance of legal requirements;
- Ensure the quality of all information used;
- Apply strict checks to determine the length of time information is held;
- Ensure the rights of people about whom information is held can be fully exercised under the GDPR, that includes:
- the right to be informed that processing is being undertaken;
- the right of access to one’s personal information;
- the right to prevent processing in certain circumstances; and
- the right to correct, rectify, block or erase information which is regarded as wrong information;
- Ensure that appropriate technical and organisational security measures are in place to safeguard such personal information;
- Ensure that no transfer of information is made abroad without suitable safeguards being in place;
- Treat people impartially and fairly irrespective of their age, religion, disability, gender, sexual orientation or ethnicity when dealing with requests for information; and
- Have in place clear procedures for responding to requests for information.
In addition to the above, Mounts Bay Archery Club will ensure that:
- There is a member of the Club with specific responsibility for Data Protection;
- All Club members responsible for managing and handling personal information understand that they are responsible to follow good data protection practice;
- All Club members managing and handling personal information are appropriately trained to do so;
- All Club members managing and handling personal information are appropriately supervised;
- Procedures are in place so that anybody wanting to make enquiries about handling personal information knows what to do;
- All Club members deal with queries concerning personal information promptly and courteously;
- Methods of dealing with personal information are clearly described;
- Monitor and review the way personal information is held, managed and used;
- The methods of handling personal information are regularly assessed and evaluated;
- All Club members are aware that any breach of the rules and procedures relating to Data Protection may lead to disciplinary action; and
- This policy document forms part of the induction process for new Club members.
Mounts Bay Archery Club will review this policy at least annually, and ensure it is brought to the attention of all Club members, to ensure best practice in data management, security and control and to ensure compliance with changes or amendments made under the General Data Protection Regulation or those of the European Union.