GDPR Policy

Haddenham Social and Sports Club GDPR Policy

1. Introduction

Haddenham Social Club (the “Club”) is committed to protecting the privacy and security of the personal data of its members, guests, staff, and any other individuals with whom we interact. This General Data Protection Regulation (GDPR) Policy outlines our practices and procedures for collecting, processing, storing, and disposing of personal data in compliance with the GDPR and other applicable data protection laws.

2. Scope

This policy applies to all personal data processed by Haddenham Social Club, including data related to members, guests, staff, suppliers, contractors, and any other individuals. It covers data held in electronic formats, paper records, and any other medium.

3. Data Protection Principles

Haddenham Social Club is committed to processing personal data by the following principles:

  • Lawfulness, Fairness, and Transparency: Personal data will be processed lawfully, fairly, and in a transparent manner.
  • Purpose Limitation: Personal data will be collected for specified, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes.
  • Data Minimization: Personal data collected will be adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed.
  • Accuracy: Personal data will be accurate and, where necessary, kept up to date.
  • Storage Limitation: Personal data will be kept in a form that permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.
  • Integrity and Confidentiality: Personal data will be processed in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage.

4. Legal Bases for Processing

Haddenham Social Club processes personal data under the following legal bases:

  • Consent: Where necessary, we will obtain explicit consent from data subjects for the collection and processing of their personal data.
  • Contract: Processing may be necessary for the performance of a contract to which the data subject is a party or to take steps at the request of the data subject prior to entering into a contract.
  • Legal Obligation: Processing may be necessary for compliance with a legal obligation to which the Club is subject.
  • Legitimate Interests: Processing may be necessary for the legitimate interests pursued by the Club, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.

5. Types of Data Collected

Haddenham Social Club may collect and process the following types of personal data:

  • Member Information: Name, address, email address, phone number, date of birth, membership details, payment information.
  • Guest Information: Name, contact details, visit records.
  • Staff Information: Name, contact details, employment records, payroll information, emergency contact details.
  • Supplier and Contractor Information: Name, contact details, contract details, payment information.
  • Event Participants: Name, contact details, dietary requirements, attendance records.

6. Data Collection Methods

Personal data may be collected through the following methods:

  • Membership forms, event registration forms, and surveys
  • Communication via email, phone, or in person
  • CCTV footage for security purposes
  • Website cookies and online forms
  • Payment transactions and records

7. Data Subject Rights

Under the GDPR, individuals have the following rights in relation to their personal data:

  • Right to Access: Data subjects have the right to request access to their personal data held by the Club.
  • Right to Rectification: Data subjects have the right to request the correction of inaccurate or incomplete personal data.
  • Right to Erasure: Data subjects have the right to request the deletion of their personal data, subject to certain conditions.
  • Right to Restrict Processing: Data subjects have the right to request the restriction of processing of their personal data in certain circumstances.
  • Right to Data Portability: Data subjects have the right to receive their personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.
  • Right to Object: Data subjects have the right to object to the processing of their personal data on grounds relating to their particular situation.
  • Right to Withdraw Consent: Data subjects have the right to withdraw their consent to the processing of their personal data at any time.

Requests to exercise any of these rights should be directed to the Club’s Data Protection Officer at haddenhamsocialclub@hotmail.com.

8. Data Security

Haddenham Social Club implements appropriate technical and organizational measures to protect personal data against unauthorized or unlawful processing, accidental loss, destruction, or damage. These measures include:

  • Access Controls: Limiting access to personal data to authorized individuals only.
  • Data Encryption: Using encryption to protect sensitive data.
  • Regular Audits: Conducting regular audits of data processing activities and security measures.
  • Staff Training: Ensuring that all staff members are trained on data protection and security practices.

9. Data Retention

Personal data will be retained only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. When personal data is no longer needed, it will be securely deleted or anonymized.

10. Data Breaches

In the event of a data breach that is likely to result in a risk to the rights and freedoms of individuals, Haddenham Social Club will notify the relevant supervisory authority without undue delay and, where required, the affected data subjects.

11. Third-Party Data Sharing

Haddenham Social Club will not share personal data with third parties unless:

  • We have obtained the data subject’s consent;
  • The sharing is necessary for the performance of a contract;
  • The sharing is required by law;
  • The sharing is necessary to protect the vital interests of the data subject or another person.

Where third-party service providers are engaged to process personal data on behalf of the Club, they will be required to adhere to the same data protection standards as set out in this policy.

12. Data Protection Officer

Haddenham Social Club has appointed a Data Protection Officer (DPO) to oversee GDPR compliance. The DPO is responsible for monitoring data protection practices, providing guidance, and serving as the point of contact for data protection inquiries.

Contact Details:
Email: haddenhamsocialclub@hotmail.com
Phone: [Insert Phone Number]

13. Policy Review

This GDPR Policy will be reviewed annually or whenever there are significant changes in data protection laws or Club operations. Any updates to this policy will be communicated to members, staff, and other relevant parties.

14. Contact Information

If you have any questions or concerns regarding this GDPR Policy or the handling of your personal data, please contact the Data Protection Officer at haddenhamsocialclub@hotmail.com.

Approved by:
Ian Cameron
Date: 25th September 2024

Facebook