Scope of Policy
This policy provides details of how East Grinstead Target Shooting Club (EGTSC) obtains and handles personal data in accordance with the General Data Protection Regulation (GDPR).
Data Protection Officer
The Data Protection Officer (DPO) function for EGTSC has been assigned to the Secretary. The DPO is the initial point of contact for personal data processing matters.
The personal data provided by individuals will be held by East Grinstead TSC as a data controller.
There are various ways in which EGTSC obtains personal data. These can be summarised as:
- Membership application form
- Competition application form
- eShop / Web form
- Social Media
The information requested on the first four items above is geared towards obtaining only that information which is necessary to enable EGTSC to organise and operate the club, competitions, events, and courses. Some items of data are only required in specific instances. For example, date of birth is required for age related competitions (juniors and veterans), to assess membership / levy fees, and to fulfil our duties under GDPR as we have to identify an individual’s 16th birthday in order to obtain a fresh opt-in from them.
Emails and social media tend to be the source of personal data from a prospective member or competition applicant. As such it will feed directly into the first two bullet points noted above and be dealt with accordingly.
Use of Personal Data
This personal data will be used by the Club for purposes of organising and operating the club; promoting the activities of the club, maintaining its list of contacts, organising open shoots, competitions, events, and courses. Reports and results, including names, images, and videos may also be published on the Club website and other media.
The activities of EGTSC can be summarized as:
- running/operating the club
- maintaining membership records
- banking and treasury services
- dealing with suppliers
- organizing and promoting the activities of the club to members and non-members
- Activity reports
- Competition reports
- Competition results
- Social Media (Facebook etc)
- Maintaining contacts list
- Emailing entry forms
- Open Shoots
- Meridian League
- EGTSC Coaching / training courses
- NSRA training courses
- Club Events – Christmas Shoot etc
In general, an individual’s personal data will be retained for as long as it remains pertinent and current.
We will review personal data on a regular basis to decide if we are still entitled to process it. If we decide that we are no longer entitled to do so we will stop processing it.
Member data. This data will be retained for as long as the individual is a member of the club. When an individual ceases to be a member of the club it will be necessary to retain a minimal amount of membership data to reflect the fact the individual was a member of the club. Activity reports and competition results which contain an individual’s personal data will be retained as a record of the history of the club.
Competitor Data. As there are sometimes significant gaps in an individual’s shooting activities this data will be retained for a period of six years after the last time the competitor entered an open shoot or attended an event. At this point the individual will be contacted to see if they wish to be retained as a contact. Activity reports and competition results which contain an individual’s personal data will be retained as part of the club’s history.
General Contacts. These are contacts for clubs, regional, county and national organisations, suppliers etc. These will be retained until:
- an updated point of contact is provided by the organisation, or
- they are shown to be out of date, or
- a specific request is made by the individual to the DPO to be removed as a contact for the organisation
Banking Details. Cheque details required to bank cheques. These are retained on encrypted media until cheques have been cleared on the account and been reconciled on bank statements.
Images. Images and videos may be published on the Club website and other media as part of the history of the club.
Video. Images specifically downloaded from the CCTV system to an alternative medium will be retained for as long as necessary to resolve the issue that required the data to be saved separately.
Vital Interest. This information would generally be considered sensitive personal data and will be deleted / destroyed as soon as it is no longer relevant. (eg If we are advised by a competitor that they are on specific type of medication this will be deleted on completion of the competition during the data update process).
Disclosure of Personal Data
The personal data collected by EGTSC will be used by EGTSC as noted. EGTSC do not sell data to third parties. The only disclosure of data will be that which is considered necessary to run the club, organise open shoots, events, competitions, coordinate with county regional and national organising bodies, or is legally necessary.
The appropriate lawful basis upon which EGTSC rely on for the processing of personal data are:
- Legal obligation
- Legitimate Interest
- Vital Interest
Contract. This applies where there is a contract (written or implied) between the club and an individual. Membership, competition, event, and course data will be processed on this basis.
Legal Obligation. This applies for processing personal data that is disclosed to the police or other legal requests (eg if an incident is recorded on CCTV and is reported to the police.)
Legitimate Interest. This covers the general need for information that the club requires to organise, and promote the activities of the club, maintain its list of contacts, produce activity reports and results which are published on the Club website and other media.
Vital Interest. This covers matters relating to an individual’s health and life or death situations. We do not normally collect this type of information. However, if we are provided with this information by an individual we will disclose it to those we consider it as necessary to do so (eg duty officer, range officer, paramedics).
Consent. This is provided for use of other personal data on an ad hoc basis. In each case the consent of the individual will be recorded.
Personal Data Security
We will not transfer your personal data outside the EEA and Switzerland.
We have implemented appropriate technology and operational security in order to protect personal data from loss, misuse, unauthorised alteration, or unauthorised destruction.
For electronic payments that we take from you we will use a recognised secure online payment service.
We will notify you promptly in the event of any breach of your personal data which might expose you to serious risk.
The GDPR provides you with the following rights:
- To access your personal data
- To be provided with information about how your personal data is processed
- To have your personal data corrected.
- To have your personal data erased in certain circumstances.
- To object to or restrict how your personal data is processed.
- To have your personal data transferred to yourself or to another business in certain circumstances.
Please address any questions, comments and requests regarding our data processing practices to our DPO.
If an individual perceives that there is a problem with our use of their personal data they should raise the matter with the EGTSC Data Protection Officer.
You have the right to take any complaint about how EGTSC processes your personal data to the Information Commissioner:
0303 123 1113
Information Commissioners Office