DATA PROTECTION POLICY STATEMENT
Bathgate Thistle Community Football Club is fully committed to the protection of data of all Community Club members as part of its day to day running of the club and shall take all reasonable steps to do so in accordance with this Policy.
For the purposes of this policy it applies to data held by the club including that of associated members of the club and/or third-party information held by the club to which is held on record.
1.1 Bathgate Thistle CFC is required to process relevant personal data regarding its members and any associated third parties as part of its daily operation and shall take all reasonable steps to do so in accordance with this Policy.
1.2 Processing may include obtaining, recording, holding, disclosing, destroying or otherwise using data. In this Policy any reference to members o or third-parties includes current past or prospective members or third parties.
1.3 All members authorise Bathgate Thistle CFC to hold data, under cover of the Data Protection Act 1998, in relation to advertising, marketing & public relations, accounts & records, administration of membership records including preparation of team-lines and fundraising activities.
1.4 The club’s appointed Secretary will act as Data Protection Compliance Officer.
2. The Principles
2.1 Anyone processing personal data must comply with the eight principles of good practice. These provide that personal data must be:
2.1.1 Processed fairly and lawfully.
2.1.2 Processed for limited purposes and in an appropriate way.
2.1.3 Adequate, relevant and not excessive for the purposes.
2.1.5 Not kept longer than necessary for the purpose.
2.1.6 Processed in line with data subject’s rights.
2.1.8 Not transferred to people or organisations situated in countries without adequate protection.
3. Personal Data
3.1 Personal data covers both facts and opinions about an individual. Bathgate Thistle CFC may process a wide range of personal data of members and third-parties as part of its operation.
3.2 This personal data may include (but is not limited to), names and addresses, bank details, disciplinary and attendance records, dates of birth and membership details.
4. Sensitive Personal Data
4.1 Bathgate Thistle CFC may, from time to time, be required to process sensitive personal data regarding an employee and/or member.
4.2 Sensitive personal data includes but is not limited too
4.2.1 Medical information
4.2.2 Data relating to membership
4.2.3 Data relating to disciplinary proceedings
4.2.4. Criminal records and proceedings
4.2.5 Data relating to point 5.1
4.3 Where sensitive personal data is processed by Bathgate Thistle CFC the explicit consent of the appropriate individual will be required as and when making application for membership.
5. Processing Personal Data
5.1 Is any activity that involves use of the data, including simply viewing the data. It includes obtaining, recording or holding the data, or carrying out any operation or set of operations on the data including organising, amending, retrieving, using, disclosing, erasing or destroying it. Processing also includes transferring personal data to third-parties.
5.2 Bathgate Thistle CFC and its Executive Committee may hold some or all of the following data about some or all members and others who compete in football under the jurisdiction of Bathgate Thistle CFC and associated Leagues: name, postal and email addresses, phone and fax numbers, year of birth, disclosure information, competition age class, competition results, offices held, skills and qualifications, courses attended and details of officiating at competitions. The data may be held in electronic or paper form.
5.3 The data is used in organising youth football for the club and for social purposes, including, but not limited to, mailing of appropriate information to teams and individuals, publication of competition entries and results, tournaments, coaching, team selection, training and appointment of officials.
5.4 The data is used in organising youth football for the club and for social purposes, including, but not limited to, mailing of appropriate information to teams and individuals, publication of competition entries and results, tournaments, coaching, team selection, training and appointment of officials.
6. Rights of Access
6.1 A formal request from a data subject for information Bathgate Thistle CFC holds about them must be made in writing, signed and addressed to the clubs Data Protection Compliance Officer. Committee members, volunteers, registered officials, members of the club or third-parties who receive a written request should forward it to the Data Protection Compliance Officer immediately. Bathgate Thistle CFC will respond to the request within 40 calendar days.
6.2 When receiving telephone enquiries, the club’s Data Protection Compliance Officer should be careful about disclosing any personal information held by Bathgate Thistle CFC. In particular they should:
6.2.1 Check the caller's identity to make sure that information is only given to a person who is entitled to it. A common-sense approach should be taken when verifying the identity of the caller. For example, if you personally know the individual and are satisfied that they are calling this ought to be sufficient. If you do not know the caller, you could ask to return their call and ensure that the number given tallies with that on the membership database record for the person.
6.2.2 Suggest that the caller put their request in writing where the club’s Data Protection Compliance Officer is not sure about the caller's identity and where their identity cannot be checked. Alternatively, the individual should be asked to attend in person (especially if the information is of a sensitive nature).
6.2.3 Refer to the club’s Data Protection Compliance Officer for assistance in difficult situations (for example, where any request might involve disclosing someone else’s personal data). Any Committee members, volunteers, registered officials, members of the club or third-parties should not be bullied into disclosing personal information.
7.1 Certain data is exempted from the provisions of the Data Protection Act which includes the following:
7.1.1 The prevention or detection of crime
7.1.2 The assessment of any tax or duty
7.1.3 Where the processing is necessary to exercise a right or obligation conferred or imposed by law upon the club or governing body (SYFA)
7.2 The above are examples only of some of the exemptions under the Act. Any further information on exemptions should be sought from the club’s Data Protection Compliance Officer.
8. Disclosure of Information
8.1 Bathgate Thistle CFC may receive requests from third parties to disclose personal data it holds about Committee members, volunteers, registered officials, members of the club or third-parties. Bathgate Thistle CFC confirms that it will not generally disclose information unless the individual has given their consent or one of the specific exemptions under the Data Protection Act applies.
8.2 Where Bathgate Thistle CFC receives a disclosure request from a third party it will take reasonable steps to verify the identity of the third party before making any disclosure.
9.1 Bathgate Thistle CFC will take reasonable steps to ensure that Committee members will only have access to personal data relating to its members or third-parties where it is necessary for them to do so.
9.2 All Committee members will be made aware of this policy and their duties under the Data Protection Act. Bathgate Thistle CFC will ensure that all personal information is held securely and is not accessible to unauthorised persons.
9.3 Bathgate Thistle CFC and its Executive Committee shall:
9.3.1 Review the length of time they keep personal data.
9.3.2 Consider the purpose or purposes they hold the information for in deciding whether (and for how long) to retain it.
9.3.3 Securely delete information that is no longer needed for this purpose or these purposes.
9.3.4 Update, archive or securely delete information if it goes out of date.
Bathgate Thistle Community Football Club