England Netball Data Protection Policy
Your personal information is important and you should treat it as you would any other valuable item. Personal data is information that identifies you, it can be anything from your name, address or telephone number to where you went to school or things you buy.
The Data Protection Act, 1998 governs how we collect, store, process and share your data.
Any person or organisation that uses personal information is known as a data controller. A data controller must comply with the eight principles of the data protection act. These ensure that personal information is:
- fairly and lawfully processed
- processed for limited purposes
- adequate, relevant and not excessive
- accurate and up to date
- not kept for longer than is necessary
- processed in line with your rights
- not transferred to other countries without adequate protection
England Netball’s data protection policy outlines England Netball’s commitment to the data protection principles and how we deal with personal information.
The Information Commissioner’s Office (ICO) oversees compliance with the data protection act. We have to tell the ICO about what we do with the personal information that we hold and this information is held on a register of data protectors. We have one entry on this register. This register is available for public inspection online (ico.org.uk).
The data protection act also gives you the rights to a copy of the information held about you. This is known as a subject access request.
Data collection Statement
England Netball often needs to use information about you in order to provide many of our services. In some cases this data may be so-called sensitive personal data relating to you. England Netball may process this sensitive personal data in the following ways:
- Ethnicity data – this data is collected on a voluntary basis from you, it may be used to identify and keep under review equality of opportunity at England Netball and within the game. It will also be anonymously used for statistical and reporting purposes.
- Disability data – this data is collected on a voluntary basis from you, it may be used to identify and keep under review equality of opportunity at England Netball and within the game. It will also be anonymously used for statistical and reporting purposes.
- Injury data – this may be collected by England Netball directly from you or via your club for use in your Personal Accident Claim. It may be used (anonymously) for statistical and reporting purposes and may be used in connection with any subsequent legal claims.
- Criminal records data – England Netball uses a third party to assist it in ensuring that those who take up appointments (voluntary or paid) do not pose a risk to the children in its care. EN may therefore process criminal records data disclosed by the CRB. This will be processed in accordance with the CRB’s Code of Practice for Registered Persons.
- Anti-doping data – This data may be collected from you by England Netball, if you are within England Netball’s National Excel Pathway. It will be used for the purpose of administering EN’s anti-doping programme and may be used by England Netball (or any other organisations involved in doping control) for the purposes of any disciplinary proceedings brought against you for anti-doping rule violation. Your data (including medical data) may be passed to IFNA, WADA, UK Sport and other organisations or individuals involved in the administration of the doping control process or concerned with the results of that process.
Data Protection Policy
England Netball’s data protection policy sets out our commitment to protecting personal data and how we implement that commitment with regards to the collection and use of personal data.
England Netball is committed to:
- ensuring that we comply with the eight data protection principles, as listed below
- meeting our legal obligations as laid down by the Data Protection Act 1998
- ensuring that data is collected and used fairly and lawfully
- processing personal data only in order to meet our operational needs or fulfil legal requirements
- taking steps to ensure that personal data is up to date and accurate
- establishing appropriate retention periods for personal data
- ensuring that data subjects’ rights can be appropriately exercised
- providing adequate security measures to protect personal data
- ensuring that a senior member of staff (Company Secretary) is responsible for data protection compliance and provides a point of contact for all data protection issues
- ensuring that all staff are made aware of good practice in data protection
- providing adequate training for all staff responsible for personal data
- ensuring that everyone handling personal data knows where to find further guidance
- ensuring that queries about data protection, internal and external to the organisation, is dealt with effectively and promptly
- regularly reviewing data protection procedures and guidelines within the organisation
Data protection principles
- Personal data shall be processed fairly and lawfully
- Personal data shall be obtained for one or more specified and lawful purposes and shall not be further processed in any manner incompatible with that purpose or those purposes
- Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed
- Personal data shall be accurate and where necessary, kept up to date
- Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
- Personal data shall be processed in accordance with the rights of data subjects under the Data Protection Act, 1998
- Appropriate technical and organisational measures shall be taken against unauthorised and unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
- Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.
Subject Access Request
Under the data protection act you have a right to a copy of the information we hold about you. Requesting this information is known as making a subject access request.
Subject access requests need to be made in writing. There is a fee of £10 payable for subject access requests which should be sent along with the request. The information in the request should include:
- Whether you are the Data Subject and if not, what is your relationship to the Data Subject and a copy of the authority to act on behalf of the Data Subject
- Applicant’s name and address and Data Subject’s name and address where different.
- What information are you looking for, are you making the request in relation to a specific area or is it a generic request covering all data held.
- We will also need to check your identity before we can process your request. Please provide proof of your identity when making a request (passport, drivers licence etc).
The request will be passed to the data protection officer (Company Secretary) who will send you a copy of information we hold about you within 40 days. These subject access requests will not remain confidential to the data protection officer; they may be shared with other England Netball relevant staff and volunteers.
If you would like to discuss making a subject access request then please contact the data protection officer (Company Secretary).