The A&C Health & Safety policy can be found here or downloaded directly (175kb PDF).
This policy describes how Amersham & Chiltern RFC (also referred to as “the Club”, “we” or “us”) will make use of the data we handle in relation to our members and players, including our use of the following facilities:
Summary of how we use your data
What does this policy cover?
It describes your data protection rights, including a right to object to some of the processing which we carry out. More information about your rights, and how to exercise them, is set out in the “What rights do I have?” section.
What information do we collect?
We collect and process personal data from you or your parent when you join and when we carry out annual renewals of your membership. This includes:
Some information will be generated as part of your involvement with us, in particular data about your performance, involvement in particular matches in match reports and details of any disciplinary issues or incidents you may be involved in on and off the pitch, such as within health and safety records.
What information do we receive from third parties?
Sometimes, we receive information about you from third parties. For example, if you are a child, we may be given information about you by your parents.
We may receive information relating to your existing registrations with other clubs or rugby bodies or disciplinary history from the RFU through GMS. Additionally, for certain role holders or those working with children, we may receive information from the Disclosure and Barring Service and RFU on the status of any DBS check you have been required to take.
How do we use this information, and what is the legal basis for this use?
We process this personal data for the following purposes:
To fulfil a contract, or take steps linked to a contract: this is relevant where you make a payment for your membership and any merchandise, or enter a competition. This includes:
As required by the Club to conduct our business and pursue our legitimate interests, in particular:
Where you give us consent:
For purposes which are required by law:
How does the RFU use any of my information?
The RFU provides GMS, but make its own use of the following information:
The RFU uses this information as follows:
As required by the RFU to conduct its business and pursue its legitimate interests, in particular:
For purposes which are required by law:
Withdrawing consent or otherwise objecting to direct marketing
Wherever we rely on your consent, you will always be able to withdraw that consent, although we may have other legal grounds for processing your data for other purposes, such as those set out above. In some cases, we are able to send you direct marketing without your consent, where we rely on our legitimate interests.
You have an absolute right to opt-out of direct marketing, or profiling we carry out for direct marketing, at any time. You can do this by following the instructions in the communication where this is an electronic message, by contacting us using the details set out below in the “How do I get in touch with you or the RFU?” section or by using the following specific links:
Who will we share this data with, where and when?
Some limited information may be shared with other stakeholders in rugby, such as other clubs, Constituent Bodies, referee societies, league organisers, so that they can maintain appropriate records and assist us in organising matches and administering the game.
Personal data may be shared with government authorities and/or law enforcement officials if required for the purposes above, if mandated by law or if required for the legal protection of our or the RFU’s legitimate interests in compliance with applicable laws.
Personal data will also be shared with third party service providers, who will process it on our behalf for the purposes identified above. Such third parties include:
Where information is transferred outside the EEA, and where this is to a stakeholder or vendor in a country that is not subject to an adequacy decision by the EU Commission, data is adequately protected by EU Commission approved standard contractual clauses, an appropriate Privacy Shield certification or a vendor's Processor Binding Corporate Rules. A copy of the relevant mechanism can be provided for your review on request.
What rights do I have?
You have the right to ask us for a copy of your personal data; to correct, delete or restrict (stop any active) processing of your personal data; and to obtain the personal data you provide to us for a contract or with your consent in a structured, machine readable format.
In addition, you can object to the processing of your personal data in some circumstances (in particular, where we don’t have to process the data to meet a contractual or other legal requirement, or where we are using the data for direct marketing).
These rights may be limited, for example if fulfilling your request would reveal personal data about another person, or if you ask us to delete information which we are required by law to keep or have compelling legitimate interests in keeping.
You have the same rights for data held by the RFU for its own purposes on GMS.
To exercise any of these rights, you can get in touch with us – or, as appropriate, the RFU or its data protection officer – using the details set out below. If you have unresolved concerns, you have the right to complain to the Information Commissioner’s Office.
Much of the information listed above must be provided on a mandatory basis so that we can make the appropriate legal checks and register you as required by RFU Rules and Regulations. We will inform you which information is mandatory when it is collected. Some information is optional, particularly information such as your medical information. If this is not provided, we may not be able to provide you with appropriate assistance, services or support.
How do I get in touch with you or the RFU?
We hope that we can satisfy queries you may have about the way we process your data. If you have any concerns about how we process your data, or would like to opt out of direct marketing, you can get in touch at membership@chilternrugby.com or by writing to:
Data Processing Team, Amersham & Chiltern RFC Ash Grove, Weedon Lane, Amersham, Bucks HP6 5QU
If you have any concerns about how the RFU process your data, you can get in touch at legal@rfu.com or by writing to:
The Data Protection Officer, Rugby Football Union, Twickenham Stadium, 200 Whitton Road, Twickenham TW2 7BA.
How long will you retain my data?
We process the majority of your data for as long as you are an active member and for 5 years after this.
Where we process personal data for marketing purposes or with your consent, we process the data for as long as you are a Member unless you ask us to stop, when we will only process the data for a short period after this (to allow us to implement your requests). We also keep a record of the fact that you have asked us not to send you direct marketing or to process your data indefinitely so that we can respect your request in future.
Where we process personal data in connection with performing a contract or for a competition, we keep the data for 6 years from your last interaction with us.
We will retain information held to maintain statutory records in line with appropriate statutory requirements or guidance.
The RFU will maintain records of individuals who have registered on GMS, records of DBS checks and the resulting outcomes and other disciplinary matters for such period as is set out in the RFU’s privacy notice set out at http://www.englandrugby.com/about-the-rfu/privacy-policy/.
Records of your involvement in a particular match, on team sheets, on results pages or in match reports may be held indefinitely both by us and the RFU in order to maintain a record of the game.