The Old Wilsonians Association (“OWA”, “us” or “we”) is a sport club association who moved to Hayes in 1959 with the acquisition of the Hayes Hill Sports Ground. This was achieved by the sterling efforts of the OW Association Management Committee of that time, led by its President A.W. (Bert) Bourner. The OW Sports Club comprises of the:
The data protection law changed from the Data Protection Act (1998) on 25th May 2018 to the EU General Data Protection Regulation (GDPR), so we want to ensure complete transparency on how your personal information is held and processed and what your rights as an individual are under the GDPR.
We take your privacy very seriously and will only use your personal information for the purposes laid out below. When you provide us your information we are holding it on the legal grounds of consent or legitimate interest as a member of the Old Wilsonians Association and your subsidiary club and will keep it safe and secure
As part of you joining we collect and use personal data about individuals to manage your day to day membership with respect to competitions and administration internally. We are aware of our responsibilities to handle your personal data with care, to keep it secure and comply with applicable privacy and data
This privacy notice tells you what to expect when we collect personal information. It applies to information we collect about:
You should be aware that although we will be principally responsible for controlling and looking after your personal data, we may pass your details to other members within the Association when required as you are part of the Old Wilsonians Association (OWA). Your data will comply with the standards set out in this policy and when we pass it on to an external third party for processing, we will not do so without your knowledge and consent. We will also stipulate how they must process your data, ensure it is held securely and they are transparent with any data breaches of your data and they do not pass your data on to any other 3rd parties without your consent.
As the owner of your data, GDPR is the toolset that allows you to ensure your data protection rights as an individual to:
This policy shows you how we manage your data to ensure these rights.
When we collect your personal information, we ensure it is managed properly and securely. If we collect “sensitive information”, which relates to physical or mental health; racial or ethnic origin; political opinions; trade union membership; religious beliefs; sexual life; commission or alleged commission of an offence and the sentence of any court, we will ask specifically to collect it and ensure there is extra security around its management and storage.
Below are illustrations of where and how we collect personal data:
When someone visits http://www.oldwilsonians.com the Old Wilsonians Sports Club, Hayes Hill, Bromley, BR2 7HN governs the privacy of its users who choose to use it. It explains how we comply with the GDPR and the PECR (Privacy and Electronic Communications Regulations), which will be superseded by the ePrivacy Regulation later in 2018 and will work alongside the GDPR.
This policy will explain areas of this website that may affect your privacy and personal details, how we process, collect, manage and store those details and how your rights under the GDPR & PECR are adhere to. Our contact information is provided if you have any questions.
We use a third-party service, FifteenTen, to help maintain the security and performance of our website. To deliver this service it processes the IP addresses of visitors to the website.
This privacy notice does not cover the links within this site linking to other websites. We encourage you to read the privacy statements on the other websites you visit.
Cookies are small files saved to the user's computer’s hard drive that track, save and store information about the user's interactions and usage of the website. This allows the website, through its server to provide the users with a tailored experience within this website.
Users are advised that if they wish to deny the use and saving of cookies from this website on to their computers hard drive they should take necessary steps within their web browsers security settings to block all cookies from this website and its external serving vendors or use the cookie control system if available upon their first visit.
This website may choose to use tracking software to monitor its visitors to better understand how they use it. The software will save a cookie to your computer’s hard drive in order to track and monitor your engagement and usage of the website, but will not store, save or collect personal information.
This website may contain sponsored links and adverts. These will typically be served through our advertising partners, to whom may have detailed privacy policies relating directly to the adverts they serve.
Any downloadable documents, files or media made available on this website are provided to users at their own risk. While all precautions have been undertaken to ensure only genuine downloads are available users are advised to verify their authenticity using third party anti-virus software or similar applications.
We accept no responsibility for third party downloads and downloads provided by external third party websites and advise users to verify their authenticity using third party anti-virus software or similar applications.
Users contacting us through this website or via email do so at their own discretion and provide any such personal details requested at their own risk. Your personal information is kept private and stored securely until a time it is no longer required or has no use.
We use social media, such as Facebook, Twitter and Instagram, to communicate with our members. If you send us a private or direct message via social media, such as your CV, we may keep it for up to 6 months. We do not pass on to external parties without your consent.
Any email sent to us, including any attachments, may be monitored and used by us for reasons of security and for monitoring compliance with this policy. Please be aware that you have a responsibility to ensure that any email you send to us is within the bounds of the law.
We try to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading, inappropriate or data has been unfairly shared, lost or held inappropriately. We would also welcome any suggestions for improving our procedures.
This privacy notice was drafted with brevity and clarity in mind. It does not provide exhaustive detail of all aspects of our collection and use of personal information. However, we are happy to provide any additional information or explanation needed. Any requests for this should be sent to our Data Protection Officer (DPO) contact at the email address: firstname.lastname@example.org
If you are unhappy with our response you have the right to escalate this to the Information Commissioner’s Office (ICO) @ https://ico.org.uk/concerns/
We try to be as open as it can be in terms of giving people access to their personal information. Individuals can find out if we hold any personal information by making a ‘subject access request’, without any cost to the individual and in a machine readable format. If we do hold information about you we will:
To make a request to the OWA for any personal information we may hold you need to put the request in writing, addressing it to our DPO @ email@example.com, we will ensure a response to you in a machine readable format is provided within one calendar month.
If we do not hold information about you due to it being erased in accordance with our stated data retention periods or through a previous request for erasure, we will inform you. Any further question can be submitted to our DPO and should you feel the response not be adequate you have the opportunity to escalate to the ICO.
Within GDPR every individual has the right for their data to be forgotten or erased, unless there are legal grounds which do not allow the erasure, such as:
Should you request to be forgotten, or give authority to a 3rd party, such as your solicitor, we will confirm the identity and then proceed to remove your personally identifiable data from our records and send you an audit. We will keep the minimum data to identify you as a living person, in case of an audit by the ICO or a second request should come in, so as to prove we have acted in accordance with the GDPR.
Again, should you not be happy with the process we have gone through you have the right to complain to our DPO and in turn if you consider the response is not adequate you retain the right to escalate this to the ICO
When we receive a complaint from a person we log the details of the complaint and validate them against our records. This normally contains the identity of the complainant and any other individuals involved in the complaint. We will only use the personal information we collect to process the complaint.
We usually have to disclose the complainant’s identity to whoever the complaint is about. This is inevitable where, for example, the accuracy of a person’s record is in dispute. If a complainant doesn’t want information identifying him or her to be disclosed, we will try to respect that. However, it may not be possible to handle a complaint on an anonymous basis.
We will keep personal information contained in complaint files in line with our retention policy. This means that information relating to a complaint will be retained for 6 years from closure. It will be retained in a secure environment and access to it will be restricted according to the ‘need to know’ principle.
Similarly, where enquiries are submitted to us we will only use the information supplied to us to deal with the enquiry and any subsequent issues.
We will ensure your data is retained only for the agreed retention period and deleted thereafter. We will also ensure your data is comprehensively deleted. Our normal data retention periods are as follows:
Any additional data outside the scope of these can be requested via our DPO.
We ensure all your data is held securely and our staff are trained to understand the many different types of breaches, such as:
Any data breaches will be detected, reported to the ICO within 72 hours and we will let the individuals know who have been affected while we carry out our investigations.
We keep our privacy notice under regular review. This privacy notice was last updated on May 2018.
GDPR Data Protection Officer
Old Wilsonians Sports Club