The General Data Protection Regulation (GDPR) came into force on 25th May 2018. Whilst technically it only applies to Professional or Commercial Activities, it is not certain whether it would apply to MIDDLESEX COUNTY NETBALL ASSOCIATION (MCNA). In view of the level of data MCNA receives, it is considered, as a matter of good practice, that MCNA should adopt a Data Protection Policy and Privacy Notice in accordance with the requirements of the GDPR.
The MCNA collects and retains data only for specific purposes of the administration of the MCNA, which includes but is not limited to membership, competitions, matches, forums, education and general information. The MCNA does not use the data nor pass it on to third parties for marketing purposes or to create personality or user profiles, the exception being the data provided to England Netball in respect of which we would refer you to England Netball’s own Data Protection Policy.
There are Nine Data Protection Principles which the MCNA look to comply with when processing personal data, in the course of its activities, as a Non-Profit Association. The MCNA will use reasonable endeavours to ensure the Data Protection Principles are complied with by all its committee members, personnel and suppliers.
The Data Protection Principles: The Association will look to uphold and comply with the following nine Data Protection Principles when processing personal data:
1. Fairness and Transparency: Data will be processed fairly, and individuals may be provided with information about how and why their personal data is processed on request.
2. Lawful Processing: The MCNA will only process personal data, including sensitive personal data, lawfully where it has a valid basis for such processing.
3. Purpose Limitation: The MCNA will only collect personal data for a specific, explicit and legitimate purpose.
4. Data Minimisation: The MCNA will only process personal data that is adequate, relevant and limited to what is necessary for the purpose for which it was collected.
5. Data Accuracy: The MCNA will take all reasonable steps to ensure personal data is accurate, complete and kept up to date.
6. Individual Rights: The MCNA will permit individuals to exercise their rights in relation to their personal data including their rights of access, erasure, rectification, portability and objection.
7. Storage Limitation: The MCNA will only keep personal data for as long as it is needed for the purpose for which it was collected.
8. Data Security: The MCNA will use its best endeavours to protect the personal data its holds, including where third parties are processing the personal data on its behalf.
9. Accountability: Whilst the MCNA is technically not required to comply with the GDPR, as it is neither a professional nor commercial activity, as a matter of good practice MCNA will endeavour to ensure compliance with the Data Protection Principles and Policy set out above.
Children/U18s The MCNA relies on the consent from the person with parental responsibility when collecting information and data for all minors under the age of 18 years.
Data subjects have numerous rights in relation to their personal data when held for professional or commercial purposes. For more information please visit the Information Commissioner’s Office website www.ico.org.uk
The MCNA does not have a Data Protection Officer.
For information and queries about the MCNA data protection compliance, please contact Claire Kean