BEDFORD RUGBY FOLLOWERS ASSOCATION
DATA PROTECTION STATEMENT
GDPR stands for General Data Protection Regulation and replaces the previous Data Protection Directives that were in place. It was approved by the EU Parliament in 2016 and comes into effect on 25th May 2018.
GDPR states that personal data should be 'processed fairly & lawfully' and 'collected for specified, explicit and legitimate purposes' and that individuals data is not processed without their knowledge and are only processed with their 'explicit' consent.
GDPR covers personal data relating to individuals. Bedford Rugby Followers Association (BRFA) is committed to protecting the rights and freedoms of individuals with respect to the processing of personal data. The Data Protection Act gives individuals the right to know what information is held about them. It provides a framework to ensure that personal information is handled properly.
GDPR includes 7 rights for individuals
1) The right to be informed - BRFA collect and store your information via the annual Application Form to be able to keep you informed of relevant BRFA outings and activities and also to ensure we can make contact with your named Emergency Contact in case of emergency. Storage of this is kept in a secure locked filing cabinet in the Treasurer's house. The only exception is for away trips, when the Outings &. Membership Secretary will take a hard copy list of Emergency Contact details with her in case she has to make contact with anyone.
We also keep a record of your email address (where you have given approval) to update you about outings and activities. This information is kept on the Treasurer's PC that is password protected, within an excel document that is also password protected. The Webmaster also keeps current members' names and email addresses in the google email ap and on his PC and smart phone to enable him to send information (where you have given approval) on outings and activities by email. The PC is password protected and the phone is also secured with a screen lock.
2) The right of access - At any point an individual can make a request relating to their data and BRFA will need to provide a response (within 1 month). BRFA can refuse a request, if they have a lawful obligation to retain data but they will inform the individual of the reasons for the rejection. The individual will have the right to complain to the ICO if they are not happy with the decision.
The right to erasure - You have the right to request the deletion of your data where there is no
compelling reason for its continued use. Hard copy application forms will automatically be shredded
after your membership period ends and any electronic records will be deleted.
The right to restrict processing - You can object to BRFA processing your data. This means that
records can be stored but must not be used in any way.
The right to data portability - BRFA does not require this function. We do not transfer your data
between devices, locations or third parties.
The right to object - You can object to your data being used for certain activities like marketing
(Facebook) or research.
The right not to be subject to automated decision-making including profiling - Automated decisions
and profiling are used for marketing based organisations. BRFA does not use personal data for such
Storage and use of personal information - All paper copies of Membership Application Forms are kept in a locked filing cabinet. You can have access to your own form on request. These records are shredded after each year's membership ends.