Author: Angie Jackson
Effect: April 2018
Updated: July 2024
1. INTRODUCTION
We at the Hull Kingston Rovers Community Trust (Company number 064 202 78, Charity number. 1123345, registered office KCOM Craven Park, Preston Road, Hull, HU9 5HE) (“we”, “our” or “us”) are committed to respecting your privacy and want to make sure all the personal information we have collected about you is safe and secure.
This Policy set outs our commitments to you, in compliance with and beyond the General Data Protection Regulation (commonly known as the ‘’GDPR’’) and explains how we collect, store and use your personal information.
We are not required to appoint a Data Protection Officer; we have chosen to do so to ensure the highest level of commitment to your personal information. If you have any questions about this Policy or what we do with your personal information, their contact details are set out in section 13 below.
Collecting specific, relevant personal information is a necessary part of us providing both you and our participants with an excellent service. When we hold or use your personal information, we will provide you with details covering what information we hold, how your personal information may be used, the basis for this use and details of your rights.
Where we collect personal information from you directly, we will provide or signpost you towards this information at the time we collect the personal information from you. Where we receive your personal information indirectly, you will either receive this information at the time your personal information is collected, or when we first contact you.
2. HOW DO WE PROCESS YOUR PERSONAL INFORMATION?
In most cases we will be a data controller of your personal information. A data controller controls how personal information is processed and used. We will use your personal information as described in section 6 below.
A data processor processes and uses personal information in accordance with the instructions of a third party, i.e. the data controller. In any case where we are not a data controller, this means that you cannot exercise your rights against us directly, but you can do so against the data controller (i.e. the person who controls how we process the personal information). In these cases, we will inform you who is the data controller of your personal information so that you can direct any such requests to them.
3. PERSONAL INFORMATION WE MAY COLLECT FROM YOU
When you sign up to access services that we provide you may provide us with or we may obtain personal information about you, such as information regarding your:
- personal contact details which allow us to contact you directly, such as name, title, email addresses and telephone numbers
- date of birth,
- gender
- records of your interactions with us such as telephone conversations, emails and other correspondence and your instructions to us,
- records of your participation and/or attendance at any events or competitions hosted by us,
- images in video and/or photographic form and voice recordings,
- your marketing preferences so that we know whether and how we should contact you, and
- details of next of kin, family members, coaches and emergency contacts.
4. SPECIAL CATEGORIES OF PERSONAL INFORMATION
We may also collect, store and use the following “special categories” of more sensitive personal information regarding you:
- information about your race or ethnicity, religious beliefs and sexual orientation; and
- information about your health, including any medical condition, health and sickness records, medical records and health professional information.
It may be that we do not collect all the above types of special category personal information about you. In relation to the special category personal data that we do process we do so on the basis that
- the processing is necessary for reasons of substantial public interest, on a lawful basis,
- it is necessary for the establishment, exercise or defence of legal claims,
- it is necessary for the purposes of carrying out the obligations and exercising our or your rights in the field of employment and social security and social protection law; or
- based on your explicit consent.
In the table below, we refer to these as the “special category reasons for processing of your personal data”.
We may also collect criminal records information from you. For criminal records history, we process it based on legal obligations or based on your explicit consent.
5. WHERE WE COLLECT YOUR INFORMATION
We typically collect personal information when you sign up to access our projects or services, make a query and/or complaint or when you correspond with us by phone, e-mail or in some other way.
If you are providing us with details of referees, next of kin, beneficiaries, family members and emergency contacts they have a right to know and to be aware of how what personal information we hold about them, how we collect it and how we use and may share that information. Please share this Privacy Policy with those of them whom you feel are sufficiently mature to understand it. They also have the same rights as set out in section 10 below.
6. HOW WE USE THE INFORMATION
Below describes the main purposes for which we process your personal information, the categories of your information involved and the lawful basis for being able to do this.
Purpose | Personal Information Used | Lawful Basis |
Accessing our Projects | Name Address Telephone number Date of birth Email address Emergency contact details Medical information
| This is necessary to enable us to provide appropriate services and administer your membership with us. |
Accessing our Employability programme | Name Address Telephone number Date of birth Email address Emergency contact details Medical information Gender Ethnicity Criminal convictions Education and work history NI number
| This is necessary to enable us to provide appropriate services to you. We process special category personal data on the basis of the “special category reasons for processing of your personal data” referred to in section 4 above.
|
To answer your queries or complaints | Contact details and records of your interactions with us | We have a legitimate interest to provide complaint handling services to you in case there are any issues with your membership.
|
To conduct data analytics studies to better understand event attendance and trends within the sport
| Records of your participation and/or attendance at any events or competitions. | We have a legitimate interest in doing so to ensure that our membership is targeted and relevant. |
For the purposes of promoting the sport, our events and membership packages. | Images in video and/or photographic form. | Where you have given us your explicit consent to do so except where such is not possible (i.e. crowd photos from events, where you will be notified of such as part of your ticket purchase). |
For some of your personal information you will have a legal, contractual or other requirement or obligation for you to provide us with your personal information. If you do not provide us with the requested personal information, we may not be able to admit you as a participant or we may not be able to properly perform our contract with you or comply with legal obligations and we may have to terminate your position as a participant.
Where you have given us your consent to use your personal information in a particular manner, you have the right to withdraw this consent at any time, which you may do by contacting us as described in section 13 below.
Please note however that the withdrawal of your consent will not affect any use of the data made before you withdrew your consent and we may still be entitled to hold and process the relevant personal information to the extent that we are entitled to do so, on bases other than your consent.
Withdrawing consent may also have the same effects as not providing the information in the first place, for example we may no longer be able to provide certain projects to you.
7. DISCLOSURE OF YOUR PERSONAL INFORMATION
Generally, we share information where we need to do so in order to run our organisation. In such circumstances, we will put in place arrangements to protect your personal information. Outside of that we do not disclose your personal information unless we are required to do so by law.
We share personal information with the following parties:
- Any party approved by you or notified to you at the point of data collection,
- To any governing bodies, leagues or clubs to allow them to properly administer Rugby League on a local, regional and national level,
- The Government or our regulators: where we are required to do so by law or to assist with their investigations or initiatives,
- Police, law enforcement and security services: to assist with the investigation and prevention of crime and the protection of national security.
We do not disclose personal information to anyone else except as set out above.
8. TRANSFERRING YOUR PERSONAL INFORMATION INTERNATIONALLY
The personal information we collect may be transferred to and stored in countries outside of the UK and the European Union. Some of these jurisdictions require different levels of protection in respect of personal information and, in certain instances, the laws in those countries may be less protective than the jurisdiction you are typically resident in.
We will take all reasonable steps to ensure that your personal information is only used in accordance with this Privacy Policy and applicable data protection laws and is respected and kept secure and where a third party processes your data on our behalf, we will put in place appropriate safeguards as required under data protection laws. For further details please contact us by using the details set out in section 13 below.
9. HOW LONG DO WE KEEP PERSONAL INFORMATION FOR?
We will only hold your information for as long as is necessary. Where you ask us to delete records, we may delete it earlier, subject to any retention requirements.
The duration for which we retain your personal information will differ depending on the type of information and the reason why we collected it from you. However, in some cases personal information may be retained on a long-term basis: for example, personal information that we need to retain for legal purposes will normally be retained in accordance with usual commercial practice and regulatory requirements. Generally, where there is no legal requirement, we retain all physical and electronic records for a period of 6 years after your last contact with us.
Exceptions to this rule are:
- Information that may be relevant to personal injury claims, or discrimination claims may be retained until the limitation period for those types of claims has expired. For personal injury or discrimination claims this can be an extended period as the limitation period might not start to run until a long time after you have worked with us,
- Where we have specific internal policies relating to the retention of data for compliance matters,
- Where we have specific internal policies relating to the retention of medical data.
It is important to ensure that the personal information we hold about you is accurate and up-to-date, and you should let us know if anything changes, for example if you change your phone number or email address.
You will be able to update some of the personal information we hold about you through the Floc App. Alternatively, you can contact us by using the details set out in section 13 below.
10. YOUR RIGHTS IN RELATION TO PERSONAL INFORMATION
You are entitled by law to ask for a copy of your personal information at any time. You are also entitled to ask us to correct, delete or update your personal information, to send your personal information to you or another organisation and to object to automated decision making. Where you have given us your consent to use your personal information in a particular manner, you also have the right to withdraw this consent at any time.
To exercise any of your rights, or if you have any questions relating to your rights, please contact us by using the details set out in section 15 below.
You have the following rights in relation to your personal information.
- the right to access the personal information we hold about you,
- the right to be informed about how your personal information is being used,
- the right to request the correction of inaccurate personal information we hold about you,
- the right to request the erasure of your personal information in certain limited circumstances,
- the right to restrict processing of your personal information where certain requirements are met,
- the right to object to the processing of your personal information,
- the right to request that we transfer elements of your data either to you or another service provider; and,
- the right to object to certain automated decision-making processes using your personal information.
You should note that some of these rights, for example the right to require us to transfer your data to another service provider or the right to object to automated decision making, may not apply as they have specific requirements and exemptions which apply to them, and they may not apply to personal information recorded and stored by us. For example, we do not use automated decision making in relation to your personal data. However, some have no conditions attached, so your right to withdraw consent or object to processing for direct marketing are absolute rights.
Whilst this Privacy Policy sets out a general summary of your legal rights in respect of personal information, this is a very complex area of law. More information about your legal rights can be found on the Information Commissioner’s website at https://ico.org.uk/for-the-public/.
If you are unhappy with the way we are using your personal information, we are here to help and would encourage you to contact us to resolve your complaint by using the contact details set out in section 15 below.
11. SECURITY
We employ a variety of technical and organisational measures to keep your personal information safe and to prevent unauthorised access to, or use, or disclosure of it. Unfortunately, no information transmission over the Internet is guaranteed 100% secure nor is any storage of information always 100% secure, but we do take all appropriate steps to protect the security of your personal information.
Our server has strict file permissions, data encryption, AV and built in firewall. Anti-virus software is installed on the server which is also monitored by our monitoring software for updates etc. The server backup in based at Microsoft in their UK South data centre.
12. CHANGES TO THIS POLICY
You are encouraged to check back regularly for updates to our Privacy Policy, as we may make changes at any time. When we change this Policy in a material way, we will update the version date at the bottom of this page. Please check back frequently to see any updates or changes to this Policy and should you object to any alteration, please contact us as set out in section 13 below.
13. CONTACT
In the event of any query or complaint in connection with the information we hold about you, our Data Protection Officer can be contacted by email on DPO@hullkr.co.uk or in writing to Data Protection Officer, Hull Kingston Rovers Community Trust, KCOM Craven Park, Preston Road, Hull, HU9 5HE.