Home Epsom Park Bowling Club

Privacy Policy

Data Protection Policy – GDPR

The Club, like any other body, is required to deal correctly with any personal information (described as “data”) that we may hold. “Data” includes names, addresses, telephone numbers, e-mail addresses and other information relating to players, members, coaches, officials and any other individual contacts. This policy has been updated to reflect the revised requirements of the 2018 General Data Protection Regulation (GDPR) which supersedes the Data Protection Act and should be read in conjunction with the club’s ‘Privacy Notice’

EPBC will put in place measures to comply with the six data protection principles laid down by GDPR. These are that personal data must be:

  • Processed lawfully, fairly and in a transparent manner
  • Collected for specified, explicit and legitimate purposes
  • Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed
  • Accurate and kept up to date
  • Deleted when no longer required
  • Held securely

Some data, known as “sensitive information”, is particularly closely regulated. This includes biometric data, ethnic origin, political opinion, religion, physical or mental health conditions or legal convictions. These details should not normally be needed, except possibly regarding an individual member’s medical condition, if relevant to their participation in club activities.

If so, and if the details are to be recorded, the explicit consent of the person will be obtained. This information may only be shared without waiting for consent if it is in the member’s own interests so to do, e.g. if urgent medical aid is needed.

Specific data protection obligations upon board members and officers of the club, who may be party to a greater level of members’ information, are covered in separate guidelines.

For all members, some implications of the regulations are:

  • Personal data must only be held if the legitimate purposes for which it is used are defined.
  • Such information may only be passed to others within the Club, as defined by the club privacy notice or to affiliated organizations or others, such as the local council, who have legitimate need of it and for which members’ consent has been given.
  • Non-members must not have access to members’ personal information; i.e computers & files should be password protected where practicable and hard copies stored securely.
  • Out of date files must be securely deleted & old paper records shredded when superseded by updates, when the data is no longer required or on cessation of club membership.
  • Before disposal of computers or other devices, personal data must be properly wiped.
  • Members will need to complete a detailed ‘disclosure permission’ form which will be included with membership application and renewal papers.
  • The club ‘Privacy Notice’ provided with the former (or to all members when revised) which explains in some detail the requirements and consequences of GDPR should be read.
  • Reference is to be made to the club secretary or membership secretary to confirm that express consent has been given before making any contact data public, e.g. in handbooks, social media or websites. Otherwise express permission for any such action is to be sought and documented.
  • Personal details must under no circumstances be passed to other organisations for commercial purposes.

2018 gdpr v1


Use of Email Tracking Pixels

All emails sent by the system contain a tracking pixel. This is used to track whether each email has been opened by the recipient, and when. This information can be viewed by those users of the system with permission to view email delivery reports. We do not display any information regarding the location of the recipient. Note that the tracking pixel is only activated if the recipient chooses to download images into their email client.

Data Processor

We, Epsom Park Bowling Club, make use of the myClubhouse software supplied by Simmetrics Ltd to process personal data we include on our myClubhouse website in accordance with our privacy policy set out above. Simmetrics Ltd processes your personal data on our behalf and they can only do so in accordance with our written instructions. You can find the details of our data processor’s privacy policy here: http://www.myclubhouse.co.uk/Home/PrivacyPolicy.