Data Protection Policy – GDPR
The Club, like any other body, is required to deal correctly with any personal information (described as “data”) that we may hold. “Data” includes names, addresses, telephone numbers, e-mail addresses and other information relating to players, members, coaches, officials and any other individual contacts. This policy has been updated to reflect the revised requirements of the 2018 General Data Protection Regulation (GDPR) which supersedes the Data Protection Act and should be read in conjunction with the club’s ‘Privacy Notice’
EPBC will put in place measures to comply with the six data protection principles laid down by GDPR. These are that personal data must be:
Some data, known as “sensitive information”, is particularly closely regulated. This includes biometric data, ethnic origin, political opinion, religion, physical or mental health conditions or legal convictions. These details should not normally be needed, except possibly regarding an individual member’s medical condition, if relevant to their participation in club activities.
If so, and if the details are to be recorded, the explicit consent of the person will be obtained. This information may only be shared without waiting for consent if it is in the member’s own interests so to do, e.g. if urgent medical aid is needed.
Specific data protection obligations upon board members and officers of the club, who may be party to a greater level of members’ information, are covered in separate guidelines.
For all members, some implications of the regulations are:
2018 gdpr v1
All emails sent by the system contain a tracking pixel. This is used to track whether each email has been opened by the recipient, and when. This information can be viewed by those users of the system with permission to view email delivery reports. We do not display any information regarding the location of the recipient. Note that the tracking pixel is only activated if the recipient chooses to download images into their email client.