Regulations governing databases were introduced into the UK on 1st June 1998, pursuant to the 1996 European Directive. These have now been superceded by the EU GDPR Regulations which come in to force on the 25th May 2018. The regulations operate to protect rights and interests in databases. Lowlands Tennis and Social Club will apply the regulations of the GDPR with immediate effect.
What is a database?
““Data” is defined as including information that is processed and recorded in a relevant filing system or as part of an accessible record. A relevant filing system is one in which manual files have the same or similar ready accessibility as a computerised filing system.
Data is
(a) arranged in a systematic or methodical way, and
(b) individually accessible by electronic or other means”
Note that a database will therefore cover not just computer databases, but paper ones too,
The person who collects the data is a ‘controller’ and the person who processes data is a ‘processor’
For the purposes of the General Data Protection Regulation and UK data protection laws, the controller is Lowlands Tennis and Social Club (venue) of Lowlands Road, Pinner, HA5 1TU.
Data Principles
There are eight principles under which data controllers must process data. These state that personal data must be:
- Processed fairly and lawfully
- Obtained only for one or more specified and lawful purposes and shall not be further processed in any manner incompatible with that purpose or those purposes;
- Adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed;
- Accurate and, where necessary, kept up to date; and
- Processed in accordance with the rights of data subjects under this Act.
Additionally:
- Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes;
- Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data;
‘Lawfully’ is deemed to be when the subject (member or prospective member) has consented to their data being processed.
About this document
This privacy policy sets the way we process your personal data and use your data as a member of our venue.
How we collect your data
We collect your data directly from you when you fill in an application form, a renewal form or provide the data when you book social events, tennis lessons or enter a competition.
The types of information we collect.
We will collect contact and communication information including e-mail addresses, telephone numbers, date of birth and postal address. This will be held and processed by Lowlands in accordance with the EU Regulation GDPR 2018.
Use of your personal information
Lowlands will use your personal information for the following purposes:
- To perform the services you have requested such as providing you, via e-mail, with information from the club relating to tennis matters, social matters and information relating to improvements to the fabric of the club.
- To make parts of the Lowlands website easier for you to use by not making you enter your personal information more than once but simply to enter a username and password..
- To maintain a record of the names, gender, contact numbers and e-mail addresses of members of the club to inform the club of the demographic of and the numbers of members in each section.
- To administer the application and renewal processes required for people to join as a new member or renew as an existing member.
- To administer the Wimbledon Ballot
- Research and statistical analysis about who is playing at the club and who is using the club as a social member.
Sensitive personal information
Lowlands will not collect from you any of the following:
Ethnicity data, Disability data, Medical data, Injuries data, Criminal records data, Sexual orientation or sexual health data, Medical data, Political opinion data or religious data.
Consent
Consent must be an active, affirmative action by the data subject, rather than the passive acceptance under some current models that allow for pre-ticked boxes or opt-outs.
The Controllers will keep a record of how and when a member gave consent, and a member may withdraw their consent whenever they want.
By submitting your personal information to us and ticking the acceptance box on the application and renewal forms, you signify in a pro-active way, your consent to our using the information provided in the manner described above. If we amend our privacy policy, it will be published on this web site. If at any time you wish to update the information which we hold about you or if you wish to stop receiving information from the club please contact the club at [email protected].
You can at any time request to see the information held on our data base.
Your marketing preferences.
We will always respect your wishes in respect of what type of communications you wish to receive from us and how you wish to receive them. There are some communications, however, that we need to send to you regardless of your wishes in order for us to fulfil our obligations to you as a member of our venue.These include:
- membership related mailings (e-mail or post) such as your membership renewal reminder,
- notices of formal meetings,
- information about tennis matters and events,
- information about social events,
- information about venue closures and holiday opening hours.
Sharing your information with others
We do not sell or share your personal data for other organizations to use other that to our volunteers for the purpose of administrating your membership and giving you access to the membership benefits to which you are entitled
How long is your information kept for?
We keep your personal data only for as long as you are a member and for a period of six years after your last interaction with us.
Your rights
Under certain circumstances, by law you have the right to:
- Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
- Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below).
- Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal data for direct marketing purposes.
- Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it. You can also withdraw your consent, where this is the basis for our processing your data (without affecting the lawfulness of our previous processing based on consent).
- Request the transfer of your personal data to another party.
Please note that the above rights are not absolute, and we may be entitled to refuse requests where exceptions apply.
Contact and complaints
If you have any queries about this privacy policy or how we process your personal data, or if you wish to exercise any of your legal rights, you may contact [●]:
- by email: [];
- by telephone: [];
- or by post: [●].
If you are not satisfied with how we are processing your personal data, you can make a complaint to the Information Commissioner. You can find out more about your rights under applicable data protection laws from the Information Commissioner’s Office website: www.ico.org.uk.