logo-transparent B-G

Parsons Green Sports and Social Club

Broomhouse Lane, Fulham, London SW6 3DP Tel: 020 7736 1401 / Email: parsonsgreenclub@gmail.com

Data protection

THE PARSONS GREEN SPORTS AND SOCIAL CLUB LIMITED (“the Club”) DATA PROTECTION POLICY

BACKGROUND

The Club takes the privacy of the information, which it collects and holds, very seriously.This policy statement is issued for the purposes of the General Data Protection Regulation (“GDPR”).

THE CLUB

The Club is a company limited by guarantee, which owns and operates a sports and social club from its site in Fulham, London SW6 3DP. The Club is registered in accordance with GDPR.Except as set out in this policy statement, the Club acts through its board of directors (“the Board”). The individual directors are appointed, and hold office, in accordance with the Club’s Articles of Association. Currently, the Club has no employees.In accordance with the Club’s Memorandum and Articles of Association, any trading profit, which is generated by the Club, is applied for the purposes of the Club’s business and is not distributed to the Club’s members. As such, the Club is properly regarded, for the purposes of GDPR, as a “not for profit” organisation.

The Club’s email address is parsonsgreenclub@gmail.com.

INTENTION

This document describes and sets out (a) the personal data, which the Club holds in relation to its prospective new members and members; (b) how the Club acquires that personal data; (c) why the Club requires that personal data; (d) how the Club uses and disseminates that personal data; (e) how long the Club keeps the personal data for; (f) how the Club protects that personal data; and (g) the rights available to prospective new members and members in respect of the personal data held by the Club.

THIS POLICY STATEMENT

This policy statement is published on the Club’s website. This fact has been drawn to the attention of (a) all current members of the Club; and (b) all those, who contact the Club seeking future membership of the Club. Thus, this policy statement also serves as a detailed privacy statement.

This policy statement may be changed over time. The prospective new members and the members should review this statement regularly for possible changes. However, if changes made are significant, the Club will inform the prospective new members and the members.

DEFINITION

In the application of GDPR to the Club:

“personal data” means data which relates to a living individual who can be identified (a) from that data; or (b) from that data and other information, which is in the possession of, or is likely to come into the possession of, the Club. The term includes any expression of opinion about the individual and any indications about the Club’s, or any other person’s, intentions in respect of the individual.

OVERALL RESPONSIBILITY

Under the GDPR, the Club is not required to appoint a Data Protection Officer and it has not done so yet. However, the Board is responsible for ensuring that the Club complies with its obligations under GDPR. The Club, acting through the Board, is, therefore, the Data Controller for the personal data referred to below.For the purposes of GDPR, the first point of contact with the Board is through the Company Secretary (“the Secretary”).

PERSONAL DATA COLLECTED AND HELD BY THE CLUB - GENERAL

The Club collects, updates and holds personal data about (a) prospective new members of the Club, who have applied to join the Club’s membership waiting list (“the waiting list”); and (b) existing members of the Club (including junior members, who are under 18 years old).

PROSPECTIVE NEW MEMBERS OF THE CLUB

The prospective new members voluntarily provide their own personal data to the Club, in order to join the waiting list. In the case of adult prospective new members, this information consists of (a) name; (b) date of birth; (c) sex; (d) email address; (e) telephone number; and (f) the sport, if any, that the applicant wishes to play (the choices being bowls, croquet, squash and/or tennis). Prospective new junior members only ever join the waiting list as part of a family group and all their required personal data (being only their name and age) is voluntarily provided by a parent, as part of that parent’s own application to join the waiting list.

PROCESSING OF PERSONAL DATA OF PROSPECTIVE NEW MEMBERS

The Club uses the above information solely to (a) provide the prospective new members with relevant information about the Club, the membership opportunities and annual subscription levels; and (b) administer and facilitate the eventual membership application process. With regard to the prospective new members, the Club acquires only the personal data that it requires for these legitimate purposes.

RETENTION OF PERSONAL DATA OF PROSPECTIVE NEW MEMBERS

All the personal information about a prospective new member, which the Club holds and controls, is deleted when that prospective new member elects to leave the waiting list. The Secretary is responsible for the waiting list and for ensuring that this happens promptly.

MEMBERS OF THE CLUB – MEMBERSHIP APPLICATION FORM

Immediately before they become members of the Club, future members voluntarily provide their own personal data by completing the Club’s relevant membership application form. Currently, a junior member’s application form must be counter-signed by an adult member of the Club. Invariably, this adult member is a parent or other close relative, The personal data set out on a relevant membership application form repeats all the information, which an adult would have supplied when s/he joined the waiting list, but also asks for the new member’s postal address.If, having completed an application form, a person decides not to seek membership of the Club, all the information, contained on the completed form, is securely deleted from the Club’s records.

PROCESSING OF PERSONAL DATA OF MEMBERS

After Club membership has been offered and accepted, the Club uses the information in the application form (a) in order to comply with its statutory obligations; (b) to convene general meetings of the Club; (c) to administer and facilitate the general running of the Club and membership matters; (d) to assist the Club to ensure that individual members comply with the terms of their respective memberships (e) to assist the Club in deciding whether an individual member qualifies for a particular type of membership; and/or (f) to contact the members and/or a particular group of the members, and/or an individual member, regarding relevant Club matters. With regard to the existing members, the Club acquires only the personal data that it requires for these legitimate purposes.

RETENTION OF PERSONAL DATA OF MEMBERS

When a former member ceases to be a member of the Club, all his or her personal data is securely deleted from the Club’s contact lists and from the then current membership register. The Secretary regularly reviews the membership register to ensure that this has happened. Except as specified below, all other information about the former member, which the Club and/or the independent contractor (referred to below) holds and controls, is securely deleted from the Club’s recordsPurely for administrative purposes, the Club does maintain historic membership lists, but only for a limited period and in order that (a) the Club’s statutory accounts can be properly prepared; and (b) the provisions relating to a former member’s potential liability, as set out in the Club’s Memorandum of Association, could be applied. The retained personal data is securely archived.

MEMBERS OF THE CLUB – ACQUISITION OF ADDITIONAL PERSONAL DATA

Whilst an individual is a member of the Club, the Club will acquire some additional personal data about him or her.

(A)Keycards

In order to provide the Club’s members with access to the Club’s site and the racquets pavilion, the Club operates a photo-keycard entry system. This system is intended to (a) permit the Club’s members to access the Club’s sports facilities at all permitted times, even when the temporary clubhouse is closed and/or there is no representative of the Club on site; and (b) strengthen the security of the site and help to prevent unauthorised entry. The Club does not use the photographs for any other purpose. For the above purposes, each new member has his or her photograph taken when he or she first becomes a member and is then issued with the photo-keycard. The Club does keep copies of all photographs on file, both for its own internal purposes and so that lost or damaged keycards can be quickly and easily replaced. The Chair of the Club (“the Chair”) and a designated director of the Club are the only people who have access to these photographic records. An individual’s photograph is securely removed from the Club’s records when s/he ceases to be a member of the Club.

(B)CCTV

In order to comply with its obligations under its Premises Certificate (which was granted by LBHF and which permits the sale of alcohol in the temporary clubhouse) and for its own security purposes, the Club has positioned CCTV cameras both outside and inside the temporary clubhouse. For its own security purposes, the Club also maintains CCTV cameras at the entrance to, and along the passages of, the racquets pavilion. Particularly whilst the Club is being redeveloped and has no employees, the racquets pavilion is a separate and isolated building. In addition to complying with its obligations to LBHF, the Club will use all the above CCTV cameras to (a) prevent and detect crime; (b) provide evidence in the event of theft, damage to property, personal injury and/or unauthorised entry; (c) for insurance purposes; and/or (d) to assist the police in their legitimate enquiries. The Club does not use the CCTV footage for any other purpose.The Chair and a designated director of the Club are the only people, who have authorised access to the CCTV footage. The data, which is collected by the CCTV cameras, is stored for only 30 days. At the end of that time, the system records over itself and all the previously collected data is automatically destroyed.

(C)Accident/injury record

Although it has no employees, the Club regards it as prudent to maintain a record of accidents and injuries occurring on the Club’s site. In order to maintain health and safety standards and to help to protect itself against legal claims, the Club must maintain, and monitor, a basic, factual record of all accidents and injuries on its site. By recording details of an injury suffered by a member, the Club may have put itself in possession of sensitive personal data. However, the injured party has normally provided the information voluntarily, knowing that it will be recorded. Furthermore, the Club will not then know, for certain, what caused the accident or injury, how serious it may be and/or whether hospital treatment will be required. The accident and injury records are kept entirely confidential and are used only for the purposes described above. These records are accessible only by the Chair and a designated director of the Club. Records of an individual accident or injury are kept for 3 years (this being the limitation period for civil claims) and then destroyed.

SHARING OF INFORMATION BY THE CLUB

(A)Members’ directory

Other than by complying with its statutory obligations, the Club does not maintain a directory of members, which any member of the Club may access and use to contact another member of the Club. Individual members can, of course, voluntarily (and independently of the Club) join together to create their own, informal register containing the contact details of other members.

(B)Independent contractor

Purely for administrative purposes and whilst it has no employees, the Club has engaged an independent contractor, inter alia, to maintain and administer its statutory membership register. The Club provides the independent contractor with the necessary information in order that he may do this. The independent contractor has agreed that he will abide by and adhere to the provisions of this policy and that, except as required by law, he will not disclose any of the content of the membership register to anybody other than the Chair and/or the Secretary.Notwithstanding the involvement of the independent contractor, the Secretary remains responsible for the maintenance of the membership register. With regard to this register, the independent contractor is the data processor only. The Club has provided the independent contractor with all the personal data, which he then holds.

(C)Sports committees

On the basis, and in the manner, described below, the Club will also share information with the sports committees of the Club.

PERSONAL DATA COLLECTED AND HELD BY SPORTS COMMITTEES

(A)Background

On a day-to-day basis and in accordance with the Club’s Memorandum and Articles of Association, a separate committee manages each sports section of the Club. The members of each such committee are either elected by the members of that sports section or appointed in a manner previously approved by that sports section.(B)Personal data held by the sports committeesIn order that a sports committee may participate in the recruitment of new members from the waiting list, the Club will provide that sports committee with information about the relevant prospective new members. (as provided by each of them when they joined the waiting list).Each sports committee holds the names, addresses and telephone numbers for each of the relevant members. To the extent that a member does not provide this data to the relevant sports committee, the Club will provide it to that sports committee.(C)Processing of personal data by sports committeesEach sports committee uses the above personal data solely to (a) contact relevant prospective new members and facilitate the process whereby they can become members of the Club; (b) convene meetings of the relevant members; (c) administer and facilitate the general running of its sports section; and/or (d) contact the relevant members and/or a section of the relevant members and/or an individual relevant member in connection with matters pertinent to that sports section.Each sports committee acquires only the personal data that it requires for the above legitimate purposes.

SHARING OF INFORMATION BY SPORTS COMMITTEES

(A)Leagues, tournaments and competitions

A sports committee may periodically organise leagues, tournaments and/or similar competitions for the relevant members. No member is obliged to enter such a league, tournament and/or other competition, but, if s/he does so, s/he must obviously be contactable by other competitors, in order that matches can be arranged. Thus, all members, who enter a league, tournament and/or other competition, voluntarily agree that their personal data may be disclosed to other members of the Club solely for the purposes described above.

(B)Club teams

The Club is normally required to register the names of Club team members with the organising authority, so that central records can be kept of matches played. The organising authority stores these match records on a computer and they are password protected. For this purpose, the relevant sports committee (or the team captain) will disclose only the minimum amount of information required by the organising authority. No member of the Club is obliged to participate as a member of a Club team. Thus, each team member voluntarily agrees that the required data may be disclosed to the relevant organising authority.

(C)Squash and tennis court booking system

It is essential that the Club has, and encourages the use of, a system whereby the relevant members can book squash or tennis courts in advance. When reviewing membership strategies, the Club must know the extent to which its facilities are being used. When organising a game and/or coming to the Club’s site, a member must know whether a court will be available.

Thus, the Club has contracted, with an independent third party, to be provided with an online squash and tennis court booking system. For the purposes of this policy statement, the system is identical for both squash and tennis courts.

The essential features of the booking system are (a) when a new squash or tennis member joins the Club, his or her name and email address are disclosed to the owner of the system; (b) without that submission, that new member cannot use the system; (c) the system contacts that new member directly and provides him or her with a user name and a password; (d) subject to one exception, neither the Club nor the relevant sports committee knows what the relevant user name and password are; (e) the new member can only access the system by using his or her user name and password; (f) unless, from within the system, the new member voluntarily agrees otherwise, his or her email address is not available to anybody else on the system; and (g) unless the new member voluntarily adds them him or herself, no other contact details are available to anybody else on the system.

Thus, apart from the name of the new member, no other personal data need be available to anybody else on the system. Indeed, the system permits a member to use a privacy function, which prevent even his or her name from being disclosed to others on the system.

The exception, referred to in sub-paragraph (d) above, is that the system does permit duly authorised persons to become “superusers”. One member of the relevant sports committee currently has this status.

A superuser can enter the system and access the user names (but not the passwords) of users. This ability is essential, because it enables the relevant sports committee to obtain a link and give it to a member, who has forgotten his or her password. Using this link, that member can retrieve his or her password and use the system again.

GENERAL

Under this heading (a)“the Club” includes the Board and the sports committees; and (b) “authorised people” are duly authorised directors of the Club and/or duly authorised members of a relevant sports committee.With regard to the personal data, which the Club collects, then, except as otherwise stated in this document, the following general principles apply:

(A)Security

Personal data is sometimes stored in hard copy, which is controlled by authorised people. All reasonable efforts are made to protect the security of the paper copies. Effectively, all personal data, which the Club holds, is stored on computer. Computerised information is stored on a market standard software and hosting. Access to the computers is restricted to authorised people. The computers are password protected.

(B)Website and cookies

The only personal data on the Club’s website consists of the names of team captains and the winners of past, prestigious tournaments. This information is published only with the prior approval of those to whom it relates.The Club does not currently employ cookies, or other similar technologies, on its website to collect information for the Club.

(C)Contact with prospective new members and members

Where possible, the Club will contact prospective new members and members by email. Those members, who do not have an email address, are contacted, individually, either by phone or by post.

When the Club sends emails to groups of prospective new members and/or existing members, the Club uses a “blind copy” system, which protects anonymity by preventing an individual recipient from seeing who the other individual recipients and their email addresses are. Access to the Club’s contact lists is limited to authorised people.The Club does not contact prospective new members or members via social media (such as LinkedIn, Facebook and/or Twitter).

The Club seeks to send information only to those prospective new members and/or members to whom it may apply.

(D)Accuracy of personal data

The Club makes all reasonable efforts to ensure that the personal data, which it holds, remains accurate and up-to-date.In the main, the Club must rely on the prospective new member or current member, who originally supplied that information, to advise the Club if personal data needs to be updated. If the accuracy of the information is to be maintained, the Club must be able to rely on this happening. It is the obligation of each member to ensure that the Club is advised of any changes to that member’s contact details.

(E)Financial information

Except (a) for negative assurances given in the membership application form; (b) the creation of a record to show when a member has paid his or her annual subscription; and (c) basic bank details, which the Club obtains, as required, solely in order to refund an over-payment by a member, none of the personal data, which the Club holds, is financial information. Having made the necessary refund to a member, the Club does not store or retain the bank details provided to it.

None of the personal data, which is held by the Club, includes any expression of opinion, except that, solely for the purpose of organising social play, a sports committee may keep a record of the standards of play of some, or all, of the relevant members. Standards of play are either (a) assessed in broad categories; or (b) reflective of official handicaps for the relevant sport. (G)Provision of personal dataThe person, to whom that data relates, has voluntarily provided the Club with all the personal data, relating to him or her, which the Club holds.(H)Processing of personal dataThe Club uses the personal data, which it holds, solely for the purposes specified in this document. Except as specified above and/or in in permitted circumstances, the Club does not publish this information or make it available to anybody, who is not one of the authorised people.The permitted circumstances, referred to above, include (a) compliance with legal requirements; (b) the prevention and/or detection of crime; (c) the capture or prosecution of offenders; (d) obtaining legal advice; (e) in respect of legal proceedings or prospective legal proceedings; and/or (f) the establishment, exercise and/or defence of legal rights.The Club does not use any personal data, which it holds, in any way that has an unjustified adverse effect on the individuals concerned. The Club does not make any decisions by automated means.(I)Retention of personal dataThe Club retains personal data only for so long as the Club requires it for its legitimate purposes. When personal data is removed from the Club’s systems (a) hard copy information is destroyed; and (b) information, which is stored on a computer, is securely deleted.(J)Third partiesThe Club does not share personal data with third parties. The Club does not sell personal data to anybody.(K)Transfer of personal dataExcept where (a) the recipient of an email from the Club is abroad; and/or (b) a person accesses the Club’s website from abroad, the Club does not transfer personal data outside the United Kingdom.RIGHTS OF THOSE TO WHOM PERSONAL DATA RELATES(A)GeneralSubject to The Equality Act 2010, notices, served on the Club, must be in writing, but can be sent by email. (B)Receipt of communication Prospective new members and members should inform the Club, by notice, if they wish to minimise the amount of communication that they receive from the Club. They will then only receive communications, which (a) the Club is legally obliged to send them; and/or (b) it is in their legitimate interest to receive (i.e. matters relating to membership of the Club and/or the availability of Club facilities).(C)Provision of informationAny prospective new member and/or member of the Club may, by notice, ask the Club to (a) provide information about the personal data, applicable to him or herself, which the Club holds; (b) explain why the data is being processed; (c) confirm whether and, if so, how the data will be given to any third party; and/or (d) provide a copy of the information comprising the data. Without prejudice to any rights, which it may have under the GDPR and/or other relevant legislation, the Club will comply with such a request as soon as may be reasonably practicable, but, in any event, within 40 days. The Club may charge a legitimate fee for the provision of the above information. (D)Additional rights Prospective new members and members should be aware that they may have additional rights under the Data Protection legislation.QUESTIONS AND COMPLAINTSIf a prospective new member or a member has any questions about this policy or complaints about the way it operates, s/he should contact either the Chair or the Secretary at the email address given above.The Board22 May 2018

(F)Expressions of opinion

None of the personal data, which is held by the Club, includes any expression of opinion, except that, solely for the purpose of organising social play, a sports committee may keep a record of the standards of play of some, or all, of the relevant members. Standards of play are either (a) assessed in broad categories; or (b) reflective of official handicaps for the relevant sport.

(G)Provision of personal data

The person, to whom that data relates, has voluntarily provided the Club with all the personal data, relating to him or her, which the Club holds.

(H)Processing of personal data

The Club uses the personal data, which it holds, solely for the purposes specified in this document. Exceptn as specified above and/or in in permitted circumstances, the Club does not publish this information or make it available to anybody, who is not one of the authorised people.The permitted circumstances, referred to above, include (a) compliance with legal requirements; (b) the prevention and/or detection of crime; (c) the capture or prosecution of offenders; (d) obtaining legal advice; (e) in respect of legal proceedings or prospective legal proceedings; and/or (f) the establishment, exercise and/or defence of legal rights.The Club does not use any personal data, which it holds, in any way that has an unjustified adverse effect on the individuals concerned. The Club does not make any decisions by automated means.

(I)Retention of personal data

The Club retains personal data only for so long as the Club requires it for its legitimate purposes. When personal data is removed from the Club’s systems (a) hard copy information is destroyed; and (b) information, which is stored on a computer, is securely deleted.

(J)Third parties

The Club does not share personal data with third parties. The Club does not sell personal data to anybody.

(K)Transfer of personal dataExcept where (a) the recipient of an email from the Club is abroad; and/or (b) a person accesses the Club’s website from abroad, the Club does not transfer personal data outside the United Kingdom.

RIGHTS OF THOSE TO WHOM PERSONAL DATA RELATES

(A)General

Subject to The Equality Act 2010, notices, served on the Club, must be in writing, but can be sent by email.

(B)Receipt of communication

Prospective new members and members should inform the Club, by notice, if they wish to minimise the amount of communication that they receive from the Club. They will then only receive communications, which (a) the Club is legally obliged to send them; and/or (b) it is in their legitimate interest to receive (i.e. matters relating to membership of the Club and/or the availability of Club facilities).

(C)Provision of information

Any prospective new member and/or member of the Club may, by notice, ask the Club to (a) provide information about the personal data, applicable to him or herself, which the Club holds; (b) explain why the data is being processed; (c) confirm whether and, if so, how the data will be given to any third party; and/or (d) provide a copy of the information comprising the data. Without prejudice to any rights, which it may have under the GDPR and/or other relevant legislation, the Club will comply with such a request as soon as may be reasonably practicable, but, in any event, within 40 days. The Club may charge a legitimate fee for the provision of the above information.

(D)Additional rights

Prospective new members and members should be aware that they may have additional rights under the Data Protection legislation.

QUESTIONS AND COMPLAINTS

If a prospective new member or a member has any questions about this policy or complaints about the way it operates, s/he should contact either the Chair or the Secretary at the email address given above.

The Board 22 May 2018