top of page

Privacy Notice

 

Introduction -

Lewis Football Fun takes your privacy very seriously. This Privacy Notice explains how we collect, use, and protect your personal information. We are the data controller responsible for processing any personal data you provide us. We take reasonable care to keep your information secure and to prevent any unauthorised access or misuse.

 

Who We Are -

Lewis’s Football Fun

46 Brockton Avenue, Farndon, Newark, Nottinghamshire, NG24 4TH

07596342976

info@lewissfootballfun.co.uk

 

What Personal Data We Collect -

Personal data means any information about an individual from which that person can be identified. We may collect, use, store, and transfer various types of personal data, including:

- Identity Data: Name, date of birth, gender.

- Contact Data: Address, email address, phone number.

- Health Data: Relevant health information for your well-being, welfare, and safeguarding (special category data).

- Emergency Contact Data: Contact details of a third party in case of emergency.

 

How We Collect Your Data -

We collect data when you:

- Register with us in person, online, or at an event.

- Fill in forms, correspond with us by phone, email, or otherwise.

 

Why We Need Your Personal Data -

We will only use your personal data for the purposes it was collected. The primary reasons include:

- Running the football club effectively.

- Ensuring health and safety and safeguarding policies are fulfilled.

 

Legal Basis for Processing -

We rely on the following legal bases for processing your personal data:

- Performance of a Contract: For processing sign-ups, medical forms, and sharing data with coaches.

- Legitimate Interests: For sharing information about activities, renewals, social events, and anonymized data with funding partners.

- Consent: For publishing images/achievements and processing health data. Explicit consent will be obtained for processing special category data.

 

Who We Share Your Data With -

We may share your personal data with:

- Wixx: Our website and child medical form service provider.

- Third Parties: To comply with legal obligations or protect the rights, property, or safety of participants, members, or others.

 

Data Security -

We have implemented appropriate security measures to prevent your personal data from being accidentally lost, used, accessed in an unauthorized way, altered, or disclosed.

 

Data Retention - 

We will retain your personal data for as long as you are a participant or member, or actively involved with the club. We will delete this data one month after you leave or end your membership, unless a longer retention period is required for legal or regulatory purposes.

 

Your Rights -

As a data subject, you have the right to:

- Access, rectify, or erase your personal data.

- Restrict or object to certain processing activities.

- Data portability.

- Lodge a complaint with the Information Commissioner’s Office (ICO).

If you choose not to provide your personal data, we may not be able to register or administer your membership.

 

Updates to This Notice -

We may update this Privacy Notice periodically and will inform you of any significant changes.

 

Contact Us -

For any questions about this Privacy Notice, please contact:

Lewis Football Fun

07596342976

info@lewissfootballfun.co.uk

 

Sign: Lewis’s Football Fun

Date: 10/01/2024​

​

Lewis’s Football Fun Data Protection Policy

 

About this Policy -

At Lewis’s Football Fun, we handle personal data about current and former players and their parents or guardians, volunteers, coaches, managers, and any other individuals we communicate with. We recognise the need to treat all personal data in an appropriate and lawful manner in accordance with the EU General Data Protection Regulation 2016/679 (GDPR).

Correct and lawful treatment of this data will maintain confidence in the organisation and protect the rights of children and any other individuals associated with us. This Policy sets out our data protection responsibilities and highlights the obligations of the organisation, which means the obligations of our volunteers, coaches, managers, and any other contractor or legal or natural individual or organisation acting for or on our behalf. You are obliged to comply with this policy when processing personal data on behalf of the organisation, and this policy will help you understand how to handle personal data.

The office manager will be responsible for ensuring compliance with this Policy. Any questions about this Policy or data protection concerns should be referred to the relevant body. We process volunteer, member, coach, manager, and third-party personal data for administrative and organisational management purposes. Our purpose for holding this personal data is to be able to contact relevant individuals on organisation business, and our legal basis for processing your personal data in this way is the contractual relationship we have with you. We will keep this data for one month after the end of your official relationship with Lewis’s Football Fun unless required otherwise by law and/or regulatory requirements. If you do not provide your personal data for this purpose, you will not be able to carry out your role or the obligations of your contract with us.

 

What We Will Do -

We will comply with the terms of this policy. We have set out the key guidance in this section, but please read the full policy carefully.

- Only process data in accordance with our transparent processing as set out in our Privacy Notice.

- Process personal data for the purposes for which we have collected it.

- Comply with our retention periods listed in our Privacy Notice and ensure that any information that falls outside of those dates is securely deleted/destroyed.

- Treat all personal data as confidential. If it is stored in electronic format, consider whether the documents themselves should be password protected, whether a personal computer is password protected, and whether access to the information can be limited to necessary personnel. Consider the security levels of any cloud storage provider as well.

- If stored in hard copy format, ensure it is locked away safely and not kept in a car overnight or disposed of in a public place.

 

Data Protection Principles -

Anyone processing personal data must comply with the enforceable principles of data protection. Personal data must be:

- Processed lawfully, fairly, and in a transparent manner.

- Collected for specified, explicit, and legitimate purposes.

- Adequate, relevant, and limited to what is necessary for the purposes for which it is processed.

- Accurate and, where necessary, kept up to date.

- Kept in a form that permits identification of individuals for no longer than is necessary for the purposes for which it is processed.

- Processed in a manner that ensures its security by appropriate technical and organisational measures to protect against unauthorised or unlawful processing and against accidental loss, destruction, or damage.

We are responsible for and must be able to demonstrate compliance with the data protection principles listed above.

 

Fair and Lawful Processing -

This Policy aims to ensure that our data processing is done fairly and without adversely affecting the rights of the individual. Lawful processing means data must be processed on one of the legal bases set out in the GDPR. When special category personal data is being processed, additional conditions must be met.

 

Processing for Limited Purposes -

Lewis’s Football Fun collects and processes personal data received directly from individuals.

 

Consent -

One of the lawful bases on which we may process data is the individual’s consent. An individual consents to us processing their personal data if they clearly indicate specific and informed agreement, either by a statement or positive action. Individuals must be able to withdraw their consent at any time, and withdrawal must be promptly honoured. Consents should be refreshed every season. Explicit consent is usually required for automated decision-making, cross-border data transfers, and processing special category personal data. For children, consent must be in writing from a parent/guardian. Where consent is our legal basis for processing, we will keep records of when and how this consent was captured. Our Privacy Notice sets out the lawful bases on which we process data of our players and members.

 

Notifying Individuals -

Where we collect personal data directly from individuals, we will inform them about:

- The purpose(s) for which we intend to process that personal data.

- The legal basis on which we are processing that personal data.

- Where the legal basis is a legitimate interest, what that legitimate interest is.

- Where the legal basis is statutory or contractual, any possible consequences of failing to provide that personal data.

- The types of third parties, if any, with which we will share that personal data, including any international data transfers.

- Their rights as data subjects and how they can limit our use of their personal data.

- The period for which data will be stored and how that period is determined.

- Any automated decision-making processing of that data and whether the data may be used for any further processing and what that further processing is.

If we receive personal data about an individual from other sources, we will provide the above information as soon as possible and let them know the source we received their personal data from. We will also inform those whose personal data we process that we are the data controller regarding that data and which individual(s) in the organisation are responsible for data protection.

 

Adequate, Relevant, and Non-Excessive Processing -

We will only collect personal data that is required for the specific purpose notified to the individual. You may only process personal data if required to do so in your official capacity with Lewis’s Football Fun. You cannot process personal data for any reason unrelated to your duties. We must ensure that when personal data is no longer needed for specified purposes, it is deleted.

​

Accurate Data -

We will ensure that personal data we hold is accurate and kept up to date. We will check the accuracy of any personal data at the point of collection and at the start of each season. We will take all reasonable steps to destroy or amend inaccurate or out-of-date data.

 

Timely Processing -

We will not keep personal data longer than is necessary for the purposes for which it was collected. We will take all reasonable steps to destroy or delete data that is no longer required as per our Privacy Notice.

Processing in Line with Data Subjects’ Rights As data subjects, all individuals have the right to:

- Be informed of what personal data is being processed.

- Request access to any data held about them by a data controller.

- Object to the processing of their data for direct marketing purposes (including profiling).

- Ask to have inaccurate or incomplete data rectified.

- Be forgotten (deletion or removal of personal data).

- Restrict processing.

- Data portability.

- Not be subject to a decision based solely on automated processing.

The organisation is aware that not all individuals’ rights are absolute, and any requests regarding the above should be immediately reported to the committee and, if applicable, escalated to the relevant governing body for guidance.

 

Data Security -

We will take appropriate security measures against unlawful or unauthorised processing of personal data and against accidental loss or damage to personal data. We have proportionate procedures and technology to maintain the security of all personal data.

Personal data will only be transferred to another party to process on our behalf (a data processor) where we have a GDPR-compliant written contract in place with that data processor. We will maintain data security by protecting the confidentiality, integrity, and availability of personal data. Our security procedures include:

- Entry Controls: Any stranger seen in entry-controlled areas should be reported.

- Secure Desks, Cabinets, and Cupboards: Desks and cupboards should be locked if they hold personal data.

- Methods of Disposal: Paper documents should be shredded. Digital storage devices should be physically destroyed.

- Equipment: Screens and monitors must not show personal data to passers-by and should be locked when unattended. Excel spreadsheets will be password protected.

- Personal Devices: Anyone accessing or processing the organization’s personal data on their own device must have and operate password-only access or similar lock function and have appropriate anti-virus protection. These devices must have the Lewis’s Football Fun personal data removed before being replaced by a new device or before such individuals cease to work with or support the organisation.

 

Disclosure and Sharing of Personal Information -

We share personal data with our website service provider. We may share personal data with third parties or suppliers for the services they provide and instruct them to process our personal data on our behalf as data processors. Where we share data with third parties, we will ensure we have a compliant written contract in place incorporating the minimum data processor terms as set out in the GDPR, which may be in the form of a supplier’s terms of service. We may share personal data we hold if we are under a duty to disclose or share an individual’s personal data to comply with any legal obligation or to enforce or apply any contract with the individual or other agreements; or to protect our rights, property, or safety of our employees, players, other individuals associated with the organization, or others.

 

Transferring Personal Data to a Country Outside the EEA -

We may transfer any personal data we hold to a country outside the European Economic Area (EEA) provided that one of the appropriate safeguards applies.

 

Reporting a Personal Data Breach -

In the case of a breach of personal data, we may need to notify the applicable regulatory body and the individual. If you know or suspect that a personal data breach has occurred, inform a member of the committee immediately, who may need to escalate to the relevant governing body as appropriate. You should preserve all evidence relating to a potential personal data breach.

 

Dealing with Subject Access Requests -

Individuals may make a formal request for information we hold about them. Nobody should feel bullied or pressured into disclosing personal information. When receiving telephone inquiries, we will only disclose personal data if we have checked the caller's identity to ensure they are entitled to it.

 

Accountability -

Lewis’s Football Fun must implement appropriate technical and organisational measures to look after personal data and is responsible for and must be able to demonstrate compliance with the data protection principles. We must have adequate resources and controls in place to ensure and document GDPR compliance, such as:

- Providing fair processing notices to individuals at all points of data capture.

- Training committee members and volunteers on the GDPR and this Data Protection Policy.

- Reviewing the privacy measures implemented by the Club.

 

Changes to this Policy -

We reserve the right to change this policy at any time. Where appropriate, we will notify you by email.

 

Sign: Lewis’s Football Fun

Date 10/01/2024

© 2023 by Lewis's Football Fun

bottom of page