GDPR Conformance and Data Guidelines

Introduction

 

This has been written to ensure that OS Runners conform to the General Data Protection Regulation (GDPR) (EU) 2016/679.  These will come into force on the 25th May 2018.  For more information, see https://www.eugdpr.org/.

Member Data

 

The GDPR applies to ‘personal data’ meaning any information relating to an identifiable person who can be directly or indirectly identified, in particular, by reference to an identifier.

 

OS Runners will store the following data (provided in the membership form when a user joins), for the given reasons:

Datum/Data Used for
Name Membership admin. (EA/non-EA), communications, race entries
CSSC Membership Number Membership admin., CSSC race entries
Date of Birth Membership admin. (EA/non-EA), communications, race entries
Address Membership admin. (EA/non-EA)
2nd Claim club (where applicable) Membership admin. (EA/non-EA)
Run England Membership Status Membership admin. (EA/non-EA)
Mailing list preferences Communications
Data opt-out details. Communications/media
Medical Data Membership admin, coaching sessions.

 

All data will be processed (retrieved) securely and treated as confidential.

 

Club members have the right to request any of the above data at any time, the request to be handled by the club secretary, or another committee member in their absence.

 

Club members also have the right to have their data deleted should they choose to.

 

Any data request must be dealt with within one calendar month.

 

Duplication of Data

 

All data will be kept only once, to ensure there is only one source of truth, and so it can be traced and removed, if requested.

Completed membership forms will be kept securely.  If received in digital format, the original source (e.g. email) will be deleted.  If received as a hard copy, the form will be scanned, then the hard copy destroyed.

Ex-Members

 

All data detailed in “Member Data” on ex-members will be deleted once they leave the organisation without asking us to remain a member and providing non-OS contact details.  Their name, reason for leaving and historic running data (e.g. handicap times) will still be kept.

Storage of Data

 

Currently all data is kept securely in TRIM.  Membership forms are stored as “Personal Documents” and we have a central mailing list and session attendance spreadsheet (both access-restricted).  The policy of document retention and deletion will be reviewed once the Ordnance Survey has either brought TRIM in-line with GDPR regulations or have chosen another document repository.

Medical Data

 

Medical data will be kept separately and securely, so that only coaches and the club secretary can access the data (password protected).  It will be presented in a format that can easily be printed and taken as a hard copy to coaching session.  This hard copy should be treated as highly confidential.

Membership Forms

 

The following text will be included on the membership form to inform runners what their data will be used for if they join EA.

“When you become a member of OS Runners you can also choose to be registered as a member of England Athletics (you will have to register with England Athletics if you ever compete for the club in competition Under UKA Rules). If you tick the box below we will provide England Athletics with your personal data which they will use to enable access to an online portal for you (called myAthletics). England Athletics will contact you to invite you to sign into and update your MyAthletics portal (which, amongst other things, allows you to set and amend your privacy settings). If you have any questions about the continuing privacy of your personal data when it is shared with England Athletics, please contact dataprotection@englandathletics.org.”

The forms will also be fully GDPR conformant, for example, any sign-up options will always be opt-in, rather than opt-out

Photographs

 

Photographs are sometimes taken at OS Runners sessions. In addition, photographs are often taken of OS Runners members taking part in running events.  The photographs are used by the Club on its website, on Facebook, Twitter and Instagram.  Note that in official events, in many cases photographs are posted with runners and individuals are identified.  The responsibility for this data falls outside of OS Runners.

Results

 

Results that include full names at races and running events are often posted on the website and via email.  Please be aware that when you participate in any sporting event, your results will be published on the organiser’s site and numerous other race results sites (e.g. Power of 10).

 

Opting Out

If member is unhappy about the use of their data or photographs as described in this document, they should notify any of the club Committee with their concerns.

Document Updates

 

This document will be reviewed annually, prior to the AGM, by the club secretary.

Any member of the club can request this document at any time.

 

V1.0 – Last edited 23/05/2018