Bristol Orienteering Klub is a Community Amateur Sports Club; registered # CASC102. From 25 May 2018, all data held by the Bristol Orienteering Klub (BOK) must conform to the General Data Protection Regulation (GDPR). We are committed to safeguarding the privacy of your personal information by storing it carefully, and by using it or disclosing it only for purposes that you know about and in accordance with your wishes. This policy sets out how we use and protect any personal information that you may give us when you become a member of BOK, participate in one of our events, or contact us. We may change this policy from time to time. A copy of this policy is/will be available on our website http://www.bristolorienteering.org.uk from 25 May 2018. “We/our/us/BOK/the club” all refer to Bristol Orienteering Klub. “You/your” refer to members of the club or participants in events or activities.
- have any questions about this policy or would like to suggest amendments, please contact the Klub secretary, Chris Johnson at email@example.com.
- wish to know what data we hold for you or wish to amend or delete any of your data, please contact the BOK Membership Secretary at firstname.lastname@example.org.
Important: If your personal details alter, please tell both British Orienteering and the BOK membership secretary, as both organisations need to alter their databases.
Membership data - what we hold
We hold (or may hold) the following data for you:
- BOF #
- Full name
- Year of Birth
- e-mail address
- Home address
- Home telephone number
- Mobile telephone number
- Which Helper Squad you are in
- Registered SI number
- Registered EMIT number
- Name of any other orienteering club that you may be a member of
- Whether you wish to receive the BOK newsletter by email or post.
The primary database for this information is held and managed by British Orienteering (BOF). When joining BOF, applicants are advised that BOF “may share your Membership Data with partners such as … clubs …”. It is not possible to join BOF without accepting that personal individual and family data is shared with a club like ours. The BOF database holds additional information, which may include details of coaching skills, courses attended and qualifications within the sport. BOK has no control over this. BOK receives the above details from BOF in respect of all those registered with BOF as BOK members. The club Membership Secretary maintains a single copy of these personal details on a secure server with password protection. We may add additional information about courses attended and the particular expertise of club members on to our database. A few people belong to BOK as a second club; if so the same data will be collected directly by the membership secretary and not through BOF. You may, if you wish, supply your banking details to the Treasurer to enable the club to make online payments to you, for instance to enable the repayment of expenses incurred on club business. Your account details are held only on a secure bank server and nowhere else. Members who make donations to the club are invited to complete a Gift Aid declaration if eligible to do so. The Treasurer maintains a list of names of those members who have completed these forms; this list does not include any other information.
Members’ Section of BOK website
The club website includes a ‘Members Only’ section. This allows club members to access areas of the website not visible to the public. Included in this section are:
- A members’ directory
- A picture gallery
- An archive of event organisers
- The BOK News archive
- Minutes of the AGM
- Notable achievements by BOK members in competitions.
This area is password protected. Members can decide upon what personal information is displayed within the members’ directory and this may include a photograph and details of any posts held within the club. You can view, edit this information, and change your password at: http://www.bristolorienteering.org.uk/user
Membership data – what we do with it
We use information held:
- to process any application for membership
- to send you any of the following in accordance with your wishes and by your preferred method:
- notices of our events or activities, AGM or other meetings for members
- invitations to social events
- newsletters or other news about us
- for the general efficient administration and management of the club, including to arrange events or activities, meetings of the committee, any subcommittees or any squad, or any social events •
- to publicise your involvement with the club in our newsletters, email, on our website or on our social media
- to apply to HMRC for Gift Aid in respect of any eligible donations you make to the club.
We may contact members or participants by post, email or telephone unless a member advises us to contact them in another way. For any of these purposes, all your data listed in bold on page 1 above is made available to any Officer or Committee member and the Permissions team. Your name, email address and telephone number may be given to any event or activity organiser, any sub-committee member or squad leader. Your data is not otherwise accessible to members or anyone else. Officers, committee members and squad leaders often compile mailing lists containing the email addresses of, for example, all those on the committee or in a particular squad. You may request to be removed from such mailing lists. Anyone using such lists is asked to verify that all the recipients are comfortable with being on the list. Such lists must not be used for purposes not listed in this section. We may also store or publish photographs and articles (whether online or on paper). This aspect of data handling is discussed within our existing photographic and safeguarding policies.
If you have provided details of your bank account, we will pay any expenses incurred on behalf of your work for the club directly to your bank account by BACS. Details of your account are held online with our bank and are only used to pay your expenses. If you change your bank and/or your account details, you must inform the club’s Treasurer; in this event details of your old bank/account will be removed from the system and no record of them will be retained.
Cessation of Membership
If you cease to be a member of BOK, we will retain your details for 18 months after the expiry of your membership. This period allows us to cope efficiently with a oneyear gap in membership should you wish to re-join. After that, your records will be removed and deleted.
Lawful basis for processing membership information
GDPR offers six different reasons why an organisation may seek to process data. In the case of membership information, we believe that you have provided us with this information voluntarily to enable us to run the club efficiently for your benefit.
The club regularly organises orienteering ‘races’ that are widely advertised and open to all. In addition it organises ‘activities’ such as training runs and ‘closed’ events where participation is limited to certain sub-groups such as juniors or newcomers. We also arrange and advertise ‘training courses’ and ‘social activities’. All these constitute ‘events’.
Event Data – what we hold
- Telephone number(s)
- email address
- Year of Birth
- SI Dibber #
- BOF Number (if applicable)
- Name and telephone # of emergency contact
Some events do not have online pre-entry. For those that do, some participants may choose to enter ‘on the day’. All ‘on the day’ entries require data to be provided on a paper form. Some data so collected is entered onto computer. Once data is entered, it is managed in the same way as for those who entered online. If entering on the day, you must supply:
- Name • BOF or ASO #
- SI Dibber #
- Gender/Age Class
- Club or School
- Name and telephone # of emergency contact
- Vehicle Registration #
- Any medical condition(s) First Aid need to know (supplied voluntarily)
Event Data – what we do with it
Data collected for events is used to:
- process event entries and results
- contribute towards National, Regional or Local Leagues managed by BOF, SWOA or BOK
- assist in any search for missing participants
- make First Aiders, emergency or medical services aware of any pre-existing medical conditions only when dealing with any casualty
- recover any hired SI dibbers not returned at the end of the event.
Some of the data provided on paper forms on the day is transferred to computer, namely: Name, BOF or ASO #, SI Dibber#, Gender/Age Class. The other data, is not stored electronically. The paper forms are securely stored for five years. For insurance purposes, we are required to retain records of who participated or helped at our events, including their contact details, for five years. BOF or SWOA may publish league positions and national rankings. Name, gender, age class and league positions are published. BOK is not responsible for these; you may wish to refer to BOF’s or SWOA’s privacy policies.
Some data provided to enter events is required for essential safety purposes. All entrants must provide an emergency contact name and telephone number. This is a condition of entry (whether online in advance or on the day). Anyone declining to do so is not allowed to run. Competitors may separately supply health information to the first-aid team. This could facilitate an appropriate response in the event of an incident. The information may be supplied to any emergency services attending or to a hospital if a casualty is transferred there. GDPR regards such information as ‘sensitive’ and it must be handled with particular care. If an individual volunteers this information, it is written down on paper (with the option for this to be held in a sealed envelope only to be opened if needed) and given to the first aid team, with this information being destroyed immediately following the event. Car Registration numbers are collected to enable late or missing runners to be matched with cars in the car park to improve the search process. We may telephone or email anyone late or missing to establish their whereabouts and/or search for them, or to retrieve missing hired SI Dibbers.
Lawful basis for processing event information
When you enter an event you voluntarily supply information to us. Subsequent processing of event results, the production of league tables and retention of information for public interest or insurance purposes falls into the category of ‘Legitimate Interest’.
Committee and Officers’ Details
Names of those who are Officers, Committee members or Squad Leaders (and their role) are published:
- on our website
- in our newsletters and
- in our Annual Report & Accounts
Photographs of Committee members are published In the members’ area of our website. We usually announce changes of Officers, Committee members or Squad Leaders in newsletters and on our website together with some details and/or photographs.
If any fraud is detected in the club’s transactions, we are required to pass details to fraud prevention agencies. Law enforcement agencies may then access and use this information.
Your data will not be used for any other purpose nor shared with anyone else without your specific prior approval. We will not transfer, disclose, sell, distribute or lease your personal information to any third parties (other than HMRC to claim Gift Aid) unless required to do so by law or for fraud prevention purposes. You may request details of what data we hold about you at any time. You have a legal right to this information. You are also entitled to request that any information be amended or deleted. Deletion of some data may not be possible if you wish to remain a member of the club or to participate in events. If you would like a copy of the information held about you or wish us to amend or delete any of it, please contact the Membership Secretary as above. We will correct or update any information as soon as possible, and always in less than one month.
We are committed to ensuring that your information is secure. Data is held on Officers’ computers and on paper files. To prevent unauthorised access or disclosure we have suitable procedures to safeguard and secure the information we retain. We discourage transfer of data by email and where this is sent to us we recommend that it is only sent by encrypted email in a password protected file. On receipt of any emails containing personal data, we extract the data and delete the email. We cannot guarantee the security of any data you disclose by email or online. You should be aware of the inherent security risks of providing information online. We are not responsible for any breach of security unless this is due to our negligence or wilful default.
A cookie is a small piece of text sent to your browser by a website that you visit. It helps the website to remember information about your visit, like your preferred language and other settings. That can make your next visit easier and the site more useful to you. Cookies play an important role. Without them, using the web would be a much more frustrating experience.
© Bristol Orienteering Klub Version 21 May 2018. Written by Simon St Leger Harris & Chris Johnson