Privacy Policy

Introduction

Swansea Bay Orienteering Club (SBOC) is a constituent of the British Orienteering Federation (“BOF”) in the Welsh Orienteering Association and abides by the rules laid down by the International Orienteering Federation and BOF. From 25 May 2018, all data held by SBOC must conform to the General Data Protection Regulation (GDPR). SBOC is the data controller under data protection legislation. We are committed to safeguarding the privacy of your personal information by storing it carefully, and by using it or disclosing it only for purposes that you know about and in accordance with your wishes. This policy sets out how we use and protect any personal information that you may give us when you become a member of SBOC, participate in one of our events, or contact us. We may change this policy from time to time. A copy of this policy is available on our website http://www.sboc.org.uk.

“We/our/us/SBOC/the club” all refer to. “You/your” refer to members of the club or participants in events or activities.

Contact Us

If you:

have any questions about this policy or would like to suggest amendments, please contact the club secretary, at secretary@sboc.org.uk.
wish to know what data we hold for you or wish to amend or delete any of your data, please contact the club secretary, at secretary@sboc.org.uk.

Important: If your personal details alter, please tell both British Orienteering and the SBOC club secretary, as both organisations need to alter their databases.

Membership data

In becoming a member of SBOC, SBOC will collect certain information about you. We hold (or may hold) the following Membership Data for you:

BOF #
Full name
Gender
Year of Birth
E-mail address
Home address
Home telephone number
Mobile telephone number
Registered SI number
Registered EMIT number
Name of any other orienteering club that you may be a member of
Whether you wish to receive the SBOC newsletter by email or post.

The primary database for this information is held and managed by British Orienteering (BOF). When joining BOF, applicants are advised that BOF “may share your Membership Data with partners such as other clubs”. It is not possible to join BOF without accepting that personal individual and family data is shared with a club like ours. The BOF database holds additional information, which may include details of coaching skills, courses attended, and qualifications within the sport. SBOC has no control over this. SBOC receives the above details from BOF in respect of all those registered with BOF as SBOC members. The club Membership Secretary maintains a single copy of these personal details on a secure server with password protection. We may add additional information about courses attended and the particular expertise of club members onto our database. A few people belong to SBOC as a second club; if so, the same data will be collected directly by the membership secretary and not through BOF.

You may, if you wish, supply your banking details to the Treasurer to enable the club to make online payments to you, for instance, to enable the repayment of expenses incurred on club business. Your account details are held only on a secure bank server and nowhere else.

We will collect and process your Membership Data for the purposes of registering you as a member of SBOC, administering your involvement in the sport and producing results for events organized by SBOC and in which you are a competitor. We will process it on the basis of legitimate interests. The legitimate interests are the interests of registering you as a member of the club, administering the sport and producing results. We use information held:

to process any application for membership
to send you any of the following in accordance with your wishes and by your preferred method:

notices of our events or activities, AGM or other meetings for members
invitations to social events
newsletters or other news about us

for the general efficient administration and management of the club, including to arrange events or activities, meetings of the committee, any subcommittees or any squad, or any social events
to publicize your involvement with the club in our newsletters, email, on our website or on our social media

We may contact members or participants by post, email, or telephone unless a member advises us to contact them in another way. For any of these purposes, all your data listed on page 1 above is made available to any Officer or Committee member. Your name, email address, and telephone number may be given to any event or activity organizer or team leader. Your data is not otherwise accessible to members or anyone else. Officers, committee members, and team leaders often compile mailing lists containing the email addresses of, for example, all those on the committee or in a particular team. You may request to be removed from such mailing lists. Anyone using such lists is asked to verify that all the recipients are comfortable with being on the list. Such lists must not be used for purposes not listed in this section. We may also store or publish photographs and articles (whether online or on paper). This aspect of data handling is discussed within our existing photographic and safeguarding policies.

Bank details

If you have provided details of your bank account, we will pay any expenses incurred on behalf of your work for the club directly to your bank account by BACS. Details of your account are held online with our bank and are only used to pay your expenses. If you change your bank and/or your account details, you must inform the club’s Treasurer; in this event details of your old bank/account will be removed from the system and no record of them will be retained.

Cessation of Membership

If you cease to be a member of SBOC, we will retain your details for 18 months after the expiry of your membership. This period allows us to cope efficiently with a one-year gap in membership should you wish to re-join. After that, your records will be removed and deleted.

Lawful basis for processing membership information

GDPR offers six different reasons why an organisation may seek to process data. In the case of membership information, we believe that you have provided us with this information voluntarily to enable us to run the club efficiently for your benefit.

Event Data

The club regularly organises orienteering ‘races’ that are widely advertised and open to all. In addition, it organises ‘activities’ such as training runs and ‘social activities’. All these constitute ‘events’.

Event Data – what we hold

Some of our events provide the option for online entry. We use commercial companies such as Fabian4 to collect and process information. We are not responsible for the protection and privacy of any information held by Fabian4. Please ensure you understand and accept the Fabian 4 Privacy Policy when providing your data to them. Credit or Debit card details collected by Fabian4 are not divulged to us. When entering an event online, you must supply this information:

Name
Address
Telephone number(s)
Email address
Gender
Year of Birth
SI Dibber number
BOF Number (if applicable)
Name and telephone number of emergency contact

Some events do not have online pre-entry. For those that do, some participants may choose to enter ‘on the day’. All ‘on the day’ entries require data to be provided on a paper form. Some data so collected is entered onto the computer. Once data is entered, it is managed in the same way as for those who entered online. If entering on the day, you must supply:

Name
BOF number
SI Dibber number
Gender/Age Class
Club or School
Name and telephone number of emergency contact
Vehicle Registration number
Any medical condition(s) First Aid need to know (supplied voluntarily)

Event Data – what we do with it

Data collected for events is used to:

process event entries and results
contribute towards National, Regional, or Local Leagues managed by BOF, WOA, or SBOC
assist in any search for missing participants
make First Aiders, emergency or medical services aware of any pre-existing medical conditions only when dealing with any casualty
recover any hired SI dibbers not returned at the end of the event.

Some of the data provided on paper forms on the day is transferred to the computer, namely: Name, BOF number, SI Dibber number, Gender/Age Class. The other data is not stored electronically. The paper forms are securely stored for five years. For insurance purposes, we are required to retain records of who participated or helped at our events, including their contact details, for five years. BOF or WOA may publish league positions and national rankings. Name, gender, age class, and league positions are published. SBOC is not responsible for these; you may wish to refer to BOF’s or WOA’s privacy policies.

Sensitive data

Some data provided to enter events is required for essential safety purposes. All entrants must provide an emergency contact name and telephone number. This is a condition of entry (whether online in advance or on the day). Anyone declining to do so is not allowed to run. Competitors may separately supply health information to the first-aid team. This could facilitate an appropriate response in the event of an incident. The information may be supplied to any emergency services attending or to a hospital if a casualty is transferred there. GDPR regards such information as ‘sensitive’ and it must be handled with particular care. If an individual volunteers this information, it is written down on paper (with the option for this to be held in a sealed envelope only to be opened if needed) and given to the first aid team, with this information being destroyed immediately following the event. Car Registration numbers are collected to enable late or missing runners to be matched with cars in the car park to improve the search process. We may telephone or email anyone late or missing to establish their whereabouts and/or search for them, or to retrieve missing hired SI Dibbers.

Lawful basis for processing event information

When you enter an event you voluntarily supply information to us. Subsequent processing of event results, the production of league tables and retention of information for public interest or insurance purposes falls into the category of ‘Legitimate Interest’.

Committee and Officers’ Details

Names of those who are Officers or Committee members (and their role) are published:

on our website
in our newsletters and
in our Committee Meeting and AGM Minutes and Accounts

Fraud

If any fraud is detected in the club’s transactions, we are required to pass details to fraud prevention agencies. Law enforcement agencies may then access and use this information.

Privacy Statement

Your data will not be used for any other purpose nor shared with anyone else without your specific prior approval. We will not transfer, disclose, sell, distribute, or lease your personal information to any third parties unless required to do so by law or for fraud prevention purposes. You may request details of what data we hold about you at any time. You have a legal right to this information. You are also entitled to request that any information be amended or deleted. Deletion of some data may not be possible if you wish to remain a member of the club or to participate in events. If you would like a copy of the information held about you or wish us to amend or delete any of it, please contact the Secretary as above. We will correct or update any information as soon as possible, and always in less than one month.

Security

We are committed to ensuring that your information is secure. Data is held on Officers’ computers and on paper files. To prevent unauthorized access or disclosure we have suitable procedures to safeguard and secure the information we retain. We discourage transfer of data by email and where this is sent to us we recommend that it is only sent by encrypted email in a password protected file. On receipt of any emails containing personal data, we extract the data and delete the email. We cannot guarantee the security of any data you disclose by email or online. You should be aware of the inherent security risks of providing information online. We are not responsible for any breach of security unless this is due to our negligence or willful default.

Our website

You can view our website http://www.sboc.org.uk/ without giving us any information. We do use cookies on our website. It is not currently possible to apply for membership of the club via our website. There are links on our website to other websites which are not within our control. Once you have left our website, we are not responsible for the protection and privacy of any information which you provide. You should exercise caution and check the privacy policy applicable to the website in question.