Club TwitterClub Instagram
bronzeRank #535
Powered By
Pitchero
Back

Login

Don’t have an account?Register
Forgotten your password?
Login with facebook
Powered By
Pitchero
Club
Club informationLinksDocumentsSponsorsPolicies

Policies

Data policy

1. About this Policy
1.1 This Policy is to help Holwell Sports Football Club, County Football Associations and Football policies deal with data protection matters internally. This should be kept with Holwell Sports Football Club / County Football Association / Football policies and a copy should be given (or made available) to all staff members, volunteers and others who encounter personal data during the course of their involvement with the Holwell Sports Football Club / County Football Association / Football policies.
1.2 Holwell Sports Football Club handle personal data about current, former, and on occasion prospective players [and their parents or guardians], employees, volunteers, committee members, other Holwell Sports Football Club members, referees, coaches, managers, contractors, third parties, suppliers, and any other individuals that we communicate with.
1.3 In your official capacity with Holwell Sports Football Club, we may process personal data on your behalf, and we will process personal data about you. We recognise the need to treat all personal data in an appropriate and lawful manner, in accordance with the EU General Data Protection Regulation 2016/679 (GDPR).
1.4 Correct and lawful treatment of this data will maintain confidence in Holwell Sports Football Club and protect the rights of players and any other individuals associated with the Holwell Sports Football Club. This Policy sets out our data protection responsibilities and highlights the obligations of Holwell Sports Football Club, which means the obligations of our employees, committee, volunteers, members, and any other contractor or legal or natural individual or organisation acting for or on behalf of Holwell Sports Football Club.
1.5 Holwell Sports Football Club are obliged to comply with this policy when processing personal data on your behalf and this policy will help you to understand how we handle personal data.
1.6 Holwell Sports Football Club committee / board will be responsible for ensuring compliance with this Policy. Any questions about this Policy or data protection concerns should be referred to the committee.
1.7 We process employee, volunteer, member, referee, coach, manager, contractor, committee, supplier and third-party personal data for administrative and Holwell Sports Football Club management purposes. Our purpose for holding this personal data is to be able to contact relevant individuals on Holwell Sports Football Club business or administer the terms of your employment, and our legal basis for processing your personal data in this way is the contractual relationship we have with you. We will keep this data for 12 months after the end of your official relationship with Holwell Sports Football Club, unless required otherwise by law and/or regulatory requirements. If you do not provide your personal data for this purpose, you will not be able to carry out your role or the obligations of your contract with Holwell Sports Football Club.
1.8 All the key definitions under GDPR can be found here.

2. What we need from you
2.1 To assist with our compliance with GDPR we will need you to comply with the terms of this policy. We have set out the key guidance in this section but please do read the full policy carefully.
2.2 Please help us to comply with the data protection principles (set out briefly in section 3 of this policy and in further detail below):
2.2.1 Process data in accordance with our Privacy notice.
2.2.2 Only process personal data for its original purpose.
2.2.3 Don’t request additional personal data without checking with senior management.
2.2.4 Correct personal data accurately and securely.
2.2.5 Respect retention periods and securely delete outdated data.
2.2.6 Treat all personal data as confidential and protect it accordingly.
2.2.7 Check security of any new systems with senior management.
2.2.8 Get approval before sharing personal data externally.
2.2.9 Refer subject access requests immediately to senior management.
2.2.10 Report any data breach (lost data, accidental disclosure, etc.) to senior management promptly.
If you’re ever unsure - ask. That’s what senior management is there for.

3. Data protection principles
All processing must comply with these principles:
3.1.1 Lawful, fair, and transparent processing
3.1.2 Specified, explicit, and legitimate purpose
3.1.3 Data minimisation
3.1.4 Accuracy
3.1.5 Storage limitation
3.1.6 Integrity and confidentiality

We are responsible for demonstrating compliance with these principles.

4. Fair and lawful processing
4.1 Our data practices should never adversely affect individuals. 4.2 We must always process data under a lawful basis as defined by GDPR.
5. Processing for limited purposes
5.1 Holwell Sports Football Club collects and processes data from individuals and other sources. 5.2 We only process it for legitimate Holwell Sports Football Club purposes, as permitted by GDPR.

6. Consent
6.1 Sometimes we rely on consent as our lawful basis.
6.2 Consent must be freely given, informed, and clear.
6.3 Consent can be withdrawn—this must be promptly respected.
6.4 Special cases (e.g., children, sensitive data, cross-border transfers) require explicit written consent.
6.5 We keep records of how and when consent was obtained.
6.6 Our Privacy Notice sets out all lawful bases for processing personal data.

7. Notifying Individuals
7.1 Where we collect personal data directly from individuals, we will inform them about:
7.1.1 the purpose(s) for which we intend to process that personal data.
7.1.2 the legal basis on which we are processing that personal data.
7.1.3 where that legal basis is a legitimate interest, what that legitimate interest is.
7.1.4 where that legal basis is statutory or contractual, any possible consequences of failing to provide that personal data.
7.1.5 the types of third parties, if any, with which we will share that personal data, including any international data transfers.
7.1.6 their rights as data subjects, and how they can limit our use of their personal data.
7.1.7 the period for which data will be stored and how that period is determined.
7.1.8 any automated decision-making processing of that data and whether the data may be used for any further processing, and what that further processing is.
7.2 If we receive personal data about an individual from other sources, we will provide the above information as soon as possible and let them know the source we received their personal data from.
7.3 We will also inform those whose personal data we process that Holwell Sports Football Club are the data controller regarding that data, and which individual(s) in Holwell Sports Football Club are responsible for data protection.

8. Adequate, Relevant and Non-Excessive Processing
8.1 We will only collect personal data that is required for the specific purpose notified to the individual.
8.2 You may only process personal data if required to do so in your official capacity with Holwell Sports Football Club. You cannot process personal data for any reason unrelated to your duties.
8.3 Holwell Sports Football Club must ensure that when personal data is no longer needed for specified purposes, it is deleted or anonymised.

9. Accurate Data
We will ensure that personal data we hold is accurate and kept up to date. We will check the accuracy of any personal data at the point of collection and at the start of each season. We will take all reasonable steps to destroy or amend inaccurate or out-of-date data.

10. Timely Processing
We will not keep personal data longer than is necessary for the purpose(s) for which it was collected. We will take all reasonable steps to destroy or delete data which is no longer required, as per our Privacy Notice.

11. Processing in Line with Data Subjects’ Rights
11.1 As data subjects, all individuals have the right to:
11.1.1 be informed of what personal data is being processed.
11.1.2 request access to any data held about them by a data controller.
11.1.3 object to processing of their data for direct-marketing purposes (including profiling).
11.1.4 ask to have inaccurate or incomplete data rectified.
11.1.5 be forgotten (deletion or removal of personal data).
11.1.6 restrict processing.
11.1.7 data portability; and
11.1.8 not be subject to a decision which is based on automated processing.
11.2 Holwell Sports Football Club is aware that not all individuals’ rights are absolute, and any requests regarding the above should be immediately reported to the committee, and if applicable escalated to the FA for guidance.

12. Data Security
12.1 We will take appropriate security measures against unlawful or unauthorised processing of personal data, and against the accidental loss of, or damage to, personal data.
12.2 We have proportionate procedures and technology to maintain the security of all personal data.
12.3 Personal data will only be transferred to another party to process on our behalf (a data processor) where we have a GDPR-compliant written contract in place.
12.4 We will maintain data security by protecting the confidentiality, integrity and availability of the personal data.
12.5 Our security procedures include:

  • Entry controls.
  • Locked desks, cabinets and cupboards for personal data.
  • Shredding and physical destruction of old data storage.
  • Password protection and secure device practices.
  • Device cleansing before replacement or departure of personnel.

13. Disclosure and Sharing of Personal Information
13.1 We share personal data with the FA and applicable associations using the Whole Game System.
13.2 We may share data with suppliers for contracted services under a GDPR-compliant agreement.
13.3 We may also disclose personal data for legal obligations, contractual enforcement, or safety purposes.

14. Transferring Data Outside the EEA
We may transfer personal data to countries outside the EEA if appropriate safeguards apply.

15. Reporting a Data Breach
15.1 Breaches may require notification to the regulator and affected individuals.
15.2 Notify the committee immediately if a breach is suspected.

16. Subject Access Requests
16.1 Requests for personal data should be referred to the board/committee and escalated as necessary.
16.2 Telephone enquiries must include identity verification.

17. Accountability
17.1 Holwell Sports Football Club must implement measures to protect personal data and demonstrate GDPR compliance.
17.2 This includes:

  • Notices at data capture.
  • GDPR training.
  • Regular review of privacy measures.

18. Changes to This Policy
We reserve the right to update this policy and will notify you where appropriate.