Dorking RFC

Dorking Rugby Football Club Privacy Notice

Summary of how we and the RFU use your data

• Dorking Rugby Football Club uses your personal data to manage and administer your membership and your involvement with its teams and club, and to keep in contact with you for these purposes. This may include:
  • News and updates mailing list
  • Hospitality bookings
  • Team Management for playing activities
  • Volunteering opportunities
  • Charitable Fundraising
• Some data is shared with the RFU, who use your data to regulate, develop and manage the game.
• Data is also shared with Mailchimp (Marketing Automation Platform for email distribution), Ticket Tailor (Ticketing platform for online hospitality bookings), and Spond (Team management App)
• Where we or the RFU rely on your consent, such as any consent we seek for email marketing, you can withdraw this consent at any time.
• Amongst the data we collect from you may be medical (including injury) information. We will hold this where you (or your parent) have given consent, so that we can ensure we are aware of your condition and can that you are supported appropriately.
• Where you work in a particular role within the game, you may be required to undergo a Disclosure & Barring Service check using the RFU’s eDBS system. The result of this check will be input into your Game Management Service (GMS) record.

What does this policy cover?

This policy describes how Dorking Rugby Football Club  (also referred to as “the Club”, “we” or “us”) will make use of the data we handle in relation to our members and players, including our use of the Game Management System (“GMS”) provided by the Rugby Football Union (“RFU”). The policy also describes the RFU’s use of data on GMS.

It also describes your data protection rights, including a right to object to some of the processing which we carry out. More information about your rights, and how to exercise them, is set out in the “What rights do I have?” section.

What information do we collect?

We collect and process personal data from you or your parent when you join and when we carry out annual renewals of your membership.  This includes:

• your name
• your gender,
• your date of birth,
• your RFU ID (as assigned in GMS)
• your home address, email address and phone number;
• your passport and NI details, where we have to check your eligibility or ability to work for us;
• your type of membership and involvement in particular teams, or any key role you may have been allocated, such as Chair, Safeguarding Lead, Membership Secretary etc.;
• your payment and/or bank account details, where you provide these to pay for membership;
• your marketing preferences, including any consents you have given us;
• your medical conditions or disability, where you provide this to us with your consent (or your parent’s consent) to ensure we are aware of any support we may need to provide to you.

Some information will be generated as part of your involvement with us, in particular data about your performance, involvement in particular matches in match reports and details of any disciplinary issues or incidents you may be involved in on and off the pitch, such as within health and safety records.

What information do we receive from third parties?

Sometimes, we receive information about you from third parties. For example, if you are a child, we may be given information about you by your parents.

We may receive information relating to your existing registrations with other clubs or rugby bodies or disciplinary history from the RFU through GMS. Additionally, for certain role holders or those working with children, we may receive information from the Disclosure and Barring Service and RFU on the status of any DBS check you have been required to take.

We may also receive information from Ticket Tailor, which is the system on which you book tickets for our lunches and social events.  The only data held, is the information that you provide at time of booking.  We do not store details pertaining to your payment methods. For any of our members who are signed up to our social media platforms, we will only market via these platforms, and data will not be transferred to our administrative systems. We also use Spond for Team management, the only data held is the information that you provide to contact you and you children with regards to team management.

How do we use this information, and what is the legal basis for this use?

We process this personal data for the following purposes:

• To fulfil a contract, or take steps linked to a contract: this is relevant where you make a payment for your membership and any merchandise or enter a competition. This includes:
  • taking payments;
  • communicating with you;
  • providing and arranging the delivery or other provision of products, prizes or services;
• As required by the Club to conduct our business and pursue our legitimate interests, in particular:
  • we will use your information to manage and administer your membership and your involvement with its teams and club, and to keep in contact with you for these purposes;
  • we will also use data to maintain records of our performances and history, including match reports, score lines and team sheets;
  • we use CCTV cameras to maintain the security of our premises, and may use this video to investigate incidents at the Club or its premises
  • we may choose to send you promotional materials and offers by email where we want to send you offers relating to similar products and services that you have already bought
  • we use data of some individuals to invite them to take part in market research;
• Where you give us consent:
  • we will send you direct marketing or promotional material by email;
  • we may handle medical or disability information you or your parent provides to us, to ensure we support you appropriately;
  • on other occasions where we ask you for consent, we will use the data for the purpose which we explain at that time.
• For purposes which are required by law:
  • we maintain records such as health and safety records and accounting records in order to meet specific legal requirements;
  • we ensure, where you will work with children, that you have undergone an appropriate DBS check – this is also carried out with your consent.
  • where you hold a role at the Club requiring us to check your right to work, we may process information to meet our statutory duties;
  •  we may respond to requests by government or law enforcement authorities conducting an investigation.

How does the RFU use any of my information?

The RFU provides GMS, but make its own use of the following information:

• your name;
• your gender;
• your date of birth;
• your RFU ID (as assigned in GMS);
• your home address, email address and phone number; and
• your type of membership and involvement in particular teams at the Club, or any key role you may have been allocated, such as Chair, Safeguarding Lead, Membership Secretary etc.

The RFU uses this information as follows:

• As required by the RFU to conduct its business and pursue its legitimate interests, in particular:
  • communicating with you or about you where necessary to administer Rugby in England, including responding to any questions you send to the RFU about GMS;
  • administering and ensuring the eligibility of players, match officials and others involved in English rugby – this may involve the receipt of limited amounts of sensitive data in relation to disabled players, where they are registered for a disabled league or team, or in relation to anti-doping matters;
  • maintaining records of the game as played in England, in particular maintaining details of discipline and misconduct;
  • monitoring use of GMS, and  using this to help it monitor, improve and protect its content and services  and investigate any complaints received from you or from others about GMS;
  • maintaining statistics and conducting analysis on the make-up of rugby’s  participants;
  • ensuring compliance with the current RFU Rules and Regulations including those on the affiliation of clubs, referee societies, constituent bodies and other rugby bodies, and registration of players; and
  • communicating with you to ask for your opinion on RFU initiatives.
• For purposes which are required by law:
  • The RFU will ensure, where you will work with children and where this is required, that you have undergone an appropriate DBS check – this is also carried out with your consent.
  • The RFU may respond to requests by government or law enforcement authorities conducting an investigation.

Withdrawing consent or otherwise objecting to direct marketing

Wherever we rely on your consent, you will always be able to withdraw that consent, although we may have other legal grounds for processing your data for other purposes, such as those set out above. In some cases, we are able to send you direct marketing without your consent, where we rely on our legitimate interests.  You have an absolute right to opt-out of direct marketing, or profiling we carry out for direct marketing, at any time. You can do this by following the instructions in the communication where this is an electronic message, or by contacting us using the details set out below in the “How do I get in touch with you or the RFU?” section.

Who will we share this data with, where and when?

In addition to sharing data with the RFU, we will share you data with other clubs if you (or your child) is playing in a match or tournament when fixtures are taking place.

Some limited information may be shared with other stakeholders in rugby, such as other clubs, Constituent Bodies, referee societies, league organisers, so that they can maintain appropriate records and assist us in organising matches and administering the game.

Personal data may be shared with government authorities and/or law enforcement officials if required for the purposes above, if mandated by law or if required for the legal protection of our or the RFU’s legitimate interests in compliance with applicable laws.

Personal data will also be shared with third party service providers, who will process it on our behalf for the purposes identified above.  Such third parties include the RFU as the provider of GMS and providers of website hosting and bar/servery till systems linked to our membership cards.

The only occasion when data will be transferred outside of the EEA, will pertain to other clubs if you (or your child) is playing in a match or tournament when fixtures are taking place.  You will be informed of any type of data transfer prior to it taking place.  Where information is transferred outside the EEA, and where this is to a stakeholder or vendor in a country that is not subject to an adequacy decision by the EU Commission, data is adequately protected by EU Commission approved standard contractual clauses, an appropriate Privacy Shield certification or a vendor’s Processor Binding Corporate Rules.  A copy of the relevant mechanism can be provided for your review on request.

What rights do I have?

You have the right to ask us for a copy of your personal data; to correct, delete or restrict (stop any active) processing of your personal data; and to obtain the personal data you provide to us for a contract or with your consent in a structured, machine readable format.

In addition, you can object to the processing of your personal data in some circumstances (in particular, where we don’t have to process the data to meet a contractual or other legal requirement, or where we are using the data for direct marketing).

These rights may be limited, for example if fulfilling your request would reveal personal data about another person, or if you ask us to delete information which we are required by law to keep or have compelling legitimate interests in keeping.

You have the same rights for data held by the RFU for its own purposes on GMS.

To exercise any of these rights, you can get in touch with us– or, as appropriate, the RFU or its data protection officer – using the details set out below. If you have unresolved concerns, you have the right to complain to the Information Commissioner’s Office.

Much of the information listed above must be provided on a mandatory basis so that we can make the appropriate legal checks and register you as required by RFU Rules and Regulations. We will inform you which information is mandatory when it is collected. Some information is optional, particularly information such as your medical information. If this is not provided, we may not be able to provide you with appropriate assistance, services or support.

How do I get in touch with you or the RFU?

We hope that we can satisfy queries you may have about the way we process your data. If you have any concerns about how we process your data, [or would like to opt out of direct marketing], you can get in touch at membership@dorkingrfc.com or by writing to The Pavilion, The Big Field, Brockham, Surrey, RH3 7LZ

If you have any concerns about how the RFU process your data, you can get in touch at legal@rfu.com or by writing to The Data Protection Officer, Rugby Football Union, Twickenham Stadium, 200 Whitton Road, Twickenham TW2 7BA.

How long will you retain my data?

We process the majority of your data for as long as you are an active member and for five years after this.

Where we process personal data for marketing purposes or with your consent, we process the data for [x] unless you ask us to stop, when we will only process the data for a short period after this (to allow us to implement your requests). We also keep a record of the fact that you have asked us not to send you direct marketing or to process your data indefinitely so that we can respect your request in future.

Where we process personal data in connection with performing a contract or for a competition, we keep the data for 6 years from your last interaction with us.

We will retain information held to maintain statutory records in line with appropriate statutory requirements or guidance.

The RFU will maintain records of individuals who have registered on GMS, records of DBS checks and the resulting outcomes and other disciplinary matters for such period as is set out in the RFU’s privacy notice to be set out on www.englandrugby.com.

This Policy applies as between you, the User of this Website and this RFU Club the owner and provider of this Website.  This Policy applies to our use of any and all Data collected by us in relation to your use of the Website.

1. Definitions and Interpretation

In this Policy the following terms shall have the following meanings: 

2. Scope of this Policy

This Policy applies only to the actions of RFU Club and Users with respect to this Website.  It does not extend to any websites that can be accessed from this Website including, but not limited to, any links we may provide to social media websites.

3. Data Collected

Without limitation, any of the following Data may be collected by this Website from time to time:

• name;
• date of birth;
• gender;
• job title;
• profession;
• contact information such as email addresses and telephone numbers;
• demographic information such as post code, preferences and interests;
• financial information such as bank account or credit / debit card numbers;
• IP address (automatically collected);
• web browser type and version (automatically collected);
• operating system (automatically collected);
• a list of URLs starting with a referring site, your activity on this Website, and the site you exit to (automatically collected);

4. Our Use of Data
   • Any personal Data you submit may be retained by the RFU Club.
   • Unless we are obliged or permitted by law to do so, and subject to Clause 5, your Data will not be disclosed to third parties. This does not include our affiliates including the RFU and First Sports International Ltd.
   • All personal Data is stored securely in accordance with the principles of the Data Protection Act 1998. For more details on security see Clause 9 below.
   • Any or all of the above Data may be required by us from time to time in order to provide you with the best possible service and experience when using our Website. Specifically, Data may be used by us for the following reasons:
     • internal record keeping;
     • improvement of our products / services;
     • transmission by email of promotional materials that may be of interest to you;

5. Third Party Websites and Services
   • RFU Clubs may, from time to time, employ the services of other parties for dealing with matters that may include, but are not limited to, payment processing, delivery of purchased items, search engine facilities, advertising and marketing. The providers of such services have access to certain personal Data provided by Users of this Website.
   • Any Data used by such parties is used only to the extent required by them to perform the services that RFU Clubs requests. Any use for other purposes is strictly prohibited.  Furthermore, any Data that is processed by third parties shall be processed within the terms of this Policy and in accordance with the Data Protection Act 1998.
   • We will utilise a third party credit card payment processing company to collect payment information, including your credit card number, billing address and phone number. The security of your information is important to us. When you enter sensitive information (such as a credit card number) as part of our service, we encrypt the transmission of that information using industry-standard encryption.

6. Links to Other Websites

This Website may, from time to time, provide links to other websites.  RFU Clubs has no control over such websites and is in no way responsible for the content thereof.  This Policy does not extend to your use of such websites.  Users are advised to read the privacy policy or statement of other websites prior to using them.

7. Your Right to Withhold Information
   • You may access certain areas of the Website without providing any Data at all. However, to use all features and functions available on the Website you may be required to submit certain Data.
   • You may restrict your internet browser’s use of Cookies. For more information see Clause 10.

8. Accessing your own Data

You have the right to ask for a copy of any of your personal Data held by RFU Clubs (where such data is held) you should contact the RFU Club as a small fee may be payable.

9. Security
   • Data security is of great importance to RFU Clubs and to protect your Data we have put in place suitable physical, electronic and managerial procedures to safeguard and secure Data collected via this Website.

10. Cookies
    • This Website may place and access certain first party Cookies on your computer. First party cookies are those placed directly by RFU Clubs via this Website and are used only by RFU Clubs.  RFU Clubs uses Cookies to improve your experience of using the Website and to improve our range of products and services.  RFU Clubs has carefully chosen these Cookies and has taken steps to ensure that your privacy is protected and respected at all times.
    • By using this Website you may receive certain third party Cookies on your computer. Third party cookies are those placed by websites and/or parties other than RFU Clubs.  Third party cookies are used on this Website for analytical reporting purposes and are detailed in below.  These cookies are not integral to the services provided by the Website.
    • All Cookies used by this Website are used in accordance with current UK and EU Cookie Law.
    • Before Cookies are placed on your computer, subject to sub-Clause 10.5 and sub-Clause 10.8, you will be prompted to request your consent to set those Cookies. By giving your consent to the placing of Cookies you are enabling RFU Clubs to provide the best possible experience and service to you.  You may, if you wish, deny consent to the placing of Cookies; however certain features of the Website may not function fully or as intended. You will be given the opportunity to allow only first party Cookies and block third party Cookies.
    • Certain features of the Website depend upon Cookies to function. UK and EU Cookie Law deems these Cookies to be “strictly necessary”.  Your consent will not be sought to place these Cookies.  You may still block these cookies by changing your internet browser’s settings as detailed below.
    • This Website uses analytics services provided by Google analytics. Website analytics refers to a set of tools used to collect and analyse usage statistics, enabling us to better understand how Users use the Website.  This, in turn, enables us to improve the Website and the products and services offered through it.  You do not have to allow us to use these Cookies, as detailed below, however whilst our use of them does not pose any risk to your privacy or your safe use of the Website, it does enable us to continually improve our Websites.
    • The analytics services used by this Website use Cookies to gather the required information. Certain of these Cookies may be placed immediately when you decide to visit the Website and it may not be possible to obtain your prior consent.  You may remove these Cookies and prevent future use of them by following the steps set out below.
    • The analytics services used by this Website uses, but is not limited to, the following Cookies:

• You can choose to enable or disable Cookies in your internet browser. Most internet browsers also enable you to choose whether you wish to disable all cookies or only third party cookies.  By default, most internet browsers accept Cookies but this can be changed.  For further details, please consult the help menu in your internet browser.
• You can choose to delete Cookies at any time however you may lose any information that enables you to access the Website more quickly and efficiently including, but not limited to, personalisation settings.
• It is recommended that you ensure that your internet browser is up-to-date and that you consult the help and guidance provided by the developer of your internet browser if you are unsure about adjusting your privacy settings.

11. Changes to this Policy

RFU Clubs reserves the right to change this Policy as we may deem necessary from time to time or as may be required by law.  Any changes will be immediately posted on the Website and you are deemed to have accepted the terms of the Policy on your first use of the Website following the alterations.