GDPR

DATA PROTECTION

Steeton with Eastburn Bowling Club has a legal and moral duty to protect the data of their members. The GDPR became enforceable from 25th May 2018.  It replaces the Data Protection Act 1998 and covers the storage and use of ‘Personal Data’.

Personal data is defined as any piece of personal information that can be used to identify an individual, either directly or indirectly. GDPR covers a range of information which includes for example: an individual’s:

  • Name
  • Telephone number
  •  E‐mail address
  • Date of birth (DoB)
  • Health information
  • Location data
  • bank details
  • Online identifier e.g., IP addresses or cookies. 

However, only those things considered necessary for managing bowling in the club are relevant (Name, telephone number and Email address.) This ensures bowlers can contact each other in the course of their bowling activities. It does not allow the use of this information for any non – bowling reasons.

There is no valid reason for keeping details about an individual’s DoB or age, bank details, Online identifiers and IP addresses etc. In normal circumstances, details of medical conditions would not be held, unless the individual has a specific disability and has asked for “reasonable adjustments” and understanding to support them to bowl on an equal basis with their peers.

The GDPR states that Personal Data can be held, without the need for consent, if it is adequate / relevant/non‐excessive. This means that as long as a Club, or County Association, reasonably considers the storage of Personal Data to be relevant and non‐excessive, they can continue to hold it. Under the GDPR, an organisation can lawfully process data only if at least one of the following conditions are met:

  • The data subject has given their consent.
  • If the processing is necessary for the performance of a contract.
  • For compliance with a legal obligation. If the processing is necessary to protect the vital interests of the data subject.
  • Public interest purposes.
  • If there is a legitimate interest pursued by the data holder or a third party.

All personal data will be held in both paper form and electronically by the Management Committee of the Club and Team Captains. It will be destroyed when membership of the club ceases.