Potten End Bowling Club

The General Data Protection Regulation (GDPR) came into force on 25th May 2018, replacing the old Data Protection Act.  Potten End Bowls Club conforms with the new regulations. Only basic member information is stored for members who give their consent via the membership application and membership renewal forms.

Your information is not shared with anyone else, it’s not used for marketing purposes, and you won’t see any pesky cookie notifications on the website, as none are used.

Sensitive Information
For the purpose of compliance, the club includes personal details such as name, address, telephone, email, date of birth, previous clubs/experience as ‘sensitive information’. Details relating to medical conditions, ethnicity, family, employment or other data do not form part of the club’s information or application process as we do nor collect or hold that information.

Data Protection Officer
We are not large enough or handle sufficient sensitive data to warrant such a position. The web administrator and club’s secretary will ensure that the club follows its policy guidelines and GDPR regulations are complied with.  If any member has concern about the use or storage of personal data, they are entitled, in the first instance, to make representation to the club’s secretary, who will escalate the matter to a higher authority, if a resolution cannot be achieved.

Photographs
Members may from time to time submit photographs for inclusion in the club website or some other publication, or be included in submissions by other members.  By virtue of joining the Club, members agree to images of themselves, in a Bowls context,  being freely published in appropriate locations.   Should any member request the removal of any image of themselves, this will be complied with.  The exception to this is ‘general view’ type images which include numbers of people who are unidentifiable as part of an overall scene. Should, however, any person included in such an image request that it be removed, then the picture will be edited or taken off completely. No pictures of children will be published in any form without correct parental or guardian permission. Members have the option of including a photo as part of their profile.

Members’ responsibilities

Ensure you keep your username and your password safe.
Confirm your agreement to be included within the member directory.
Ensure that any documents you create, such as minutes, reports, etc. and which include sensitive information are correctly protected.
If you believe there has been a security breach or the club has not conformed to GDPR regulations, report it to the secretary or web administrator.

General security

Passwords (for both the website and the admin interface) are stored in a database using one-way hashing algorithms, so they are not (at any stage) visible in plain text. Both the website and admin interface run over SSL, so traffic between your web browser and the server is encrypted.

Peter Colbourne (the creator of BowlsManager) is registered with the Information Commissioner's Office as a data controller and data processor.

The club website, together with its associated data, is hosted within a secure environment, behind firewalls, designed to prevent unauthorised access. The UK-based hosting servers are replicated to ensure continuity of operation and remove the risk of data loss. Offline files are stored on personal computers, which require protected logon to use. Reasonable care is taken with the storage of paper documentation, to ensure it is not accessible by unauthorised personnel.

Collecting and storing of information
In line with Article 6 of the UK GDPR Act, the lawful basis on which the club complies with the act is that members have given consent for specific personal data to be collected and used for bona-fide club management purposes.  All personal information about members has been freely provided by the members and not obtained through online or mass mailing, collection techniques. Each member has the right to determine what information is held or available to other members. Member contact information is held in files by the Club Secretary, Membership Secretary, Treasurer and Web Administrator. All such files are password protected to open and separately protected for editing. Information within the online member directory is only available to active members, who have to log on with a unique user name and password. All members will be asked to proactively confirm that they agree to their inclusion in membership database documents and files as well as the member directory. Any member has the right to request that their inclusion or ‘profile’ be removed completely. New applicants who complete a paper or online form will confirm their agreement to be included as above and the data they provide will be protected in the same way as existing member data. Any member leaving the club will be removed from the active directory and will no longer have access to the restricted areas of the website.