(TO COMPLY WITH THE GENERAL DATA PROTECTION REGULATION (GDPR) – MAY 2018)
The Isle of Man Indoor Bowling Association (the “Association”) is a non-profit making, fee paying members’ association managed by a committee elected from the membership by the members of the Association. In order to communicate with its members, the Association collects, retains and processes relevant personal information from each member and is therefore required to comply with the requirements of the General Data Protection Regulation.
This policy outlines the steps taken by the Association to comply with the requirements of The General Data Protection Regulation (GDPR), which comes into force on 25th May 2018, to protect personal data collected by the Association from its members.
- DATA COLLECTION
Personal data is collected from each member by means of a “Membership Application Form” completed by the applicant prior to membership. This data is limited to: –
- Forename and Surname
- Postal address
- E-mail address
- Telephone number (mobile and/or landline)
- Age range – Junior (<18), Member (18+)
- NSC Membership Card Number (NSC bowls membership is a pre-requisite for joining the Association)
- Locker number (if appropriate)
- Subscription status
A statement on the form will indicate that the information provided will be retained and processed by the Association and used solely for communication with the applicant and for record-keeping. The information will not be disclosed to any third party other than the NSC within or outside of the Isle of Man. The applicants signature on the form will be regarded as consent for the information to be used in this manner (for a Junior member the application form will need to be countersigned by the parent or legal guardian).
- CONTROL OF DATA
The personal data harvested from the application forms is retained in a password-protected Microsoft Excel spreadsheet (Member’s List) controlled and processed by the Association’s Treasurer (Data Controller/Data Processor). Extracts from the Member’s List, in Microsoft Word or PDF formats, will be provided to other committee members (President, Secretary and Competition Secretary) as necessary to facilitate the smooth running of the Association. It is their responsibility to make appropriate arrangements to ensure the information received is retained in a secure manner. A log of what information has been provided and to whom will be recorded by the Treasurer in the Member’s List.
- DATA UPDATE
The member is requested on the application form to ensure they notify the Treasurer of any change of personal data during the year. This is reiterated on the Subscription Renewal Notice Letter sent to members on an annual basis. On receiving notification of change of data the Treasurer will update the Member’s List accordingly and re-issue extracts to other committee members as appropriate.
- MEMBER ACCESS TO DATA
A member may see their data held by the Association by sending a formal request in writing to the Treasurer by post or E-mail. In accordance with the GDPR the Treasurer will respond in writing confirming the data held within one month from the receipt of request using the same format that the original request was received in. The contact details for the treasurer are provided on the Membership Application Form, the Subscription Renewal Notice Letter and the Association’s web site.
- DATA RETENTION
Members data will be retained for the period that they remain a member of the Association. Their data will be removed from the Member’s List in the following circumstances: –
- The Association receives a written request from a member to have their details removed from the Member’s List. The Treasurer will be responsible processing the deletion within one month from receipt of the request and confirming to the requestor in writing that the deletion has been implemented. On receipt of the request the requestor will no longer be a member of the Association.
- The Association receives notification of the demise of the member.
- The member’s subscription remains in arrears for a period of twelve months at which point membership of the Association will lapse and the Treasurer will remove the member’s details from the Member’s List.
- EXEMPTION FROM NOTIFICATION
Due to the limited scope and nature of the data collected and processed by the Association under the GDPR rules it is exempt from the requirement to notify the Isle of Man Information Commissioner of their processing of personal data. The Association has submitted a Notification Exemption Form to the Information Commissioner for record purposes only.
- DATA PROTECTION OFFICER
Due to the limited scope and nature of the data collected and processed by the Association a Data Protection Officer has not been appointed by the Association. Responsibility for data protection lies with the Treasurer (Data Controller/Processor).