Privacy Policy

OLDHAM ROCHDALE BADMINTON LEAGUE (ORBL) PRIVACY NOTICE

1. Introduction

This Privacy Notice explains in detail the types of personal data we may collect about you when you interact with us. It also explains how we will store and handle that data, and keep it safe.

There is a lot of information here but we want you to be fully informed about your rights, and how ORBL uses your data.

We hope the following sections will answer any questions you have but if not, please do get in touch with us.

It is likely that we will need to update this Privacy Notice from time to time. You are welcome to check our website whenever you wish.

For ease throughout this Notice, ‘we’ and ‘us means ORBL

2. What is ORBL?

We are an informal non registered or affiliated voluntary organisation, established purely for the organisation of a badminton league and associated activities and supported by individual clubs wishing to play badminton within the league.

3. Explaining the legal bases we rely on

The law on data protection sets out a number of different reasons for which a company may collect and process your personal data, including:

Performance of a contract

If you are a member of the league, entered into one of our competitions or have provided information for the league web site, we have to collect and process your data in order to perform our contract with you.

Consent

In specific situations, we can collect and process your data with your consent.

Legal compliance

If the law requires us to, we may need to collect and process your data.  

For example, we can pass on details of people involved in fraud or other criminal activity affecting ORBL to law enforcement.

Legitimate interest

In specific situations, we require your data to pursue our legitimate interests in running and promoting badminton in Oldham, Rochdale and surrounding areas and which does not materially impact your rights, freedom or interests.

For example, we will use your data to send you information relating to your membership of ORBL.

4. When do we collect your personal data?

• When you register your teams and members with us
• When you enter a competition
• When you choose to complete any surveys we send you

5. What sort of personal data do we collect?

• The names of individuals, e-mail addresses and phone numbers

6. How and why do we use your personal data?

We need to use the personal data on our web site in order that teams can contact each other for the purpose of managing matches within the league.  We also need from time to time to communicate with all clubs details of events or changes and to issue formal notifications for example the AGM.

7. Combining your data for personalised direct communication

ORBL will not combine personal data

8. How we protect your personal data

ORBL will not share any contact details with any other organisations for any purpose unless consented by the individuals concerned.  All information provided for the web site is freely provided by the individuals concerned who acknowledge it is an open web site.

9. How long will we keep your personal data?

Whenever we collect or process your personal data, we will only keep it for as long as is necessary for the purpose for which it was collected.

10. Who do we share your personal data with?

We do not share your personal data with any other person or organisation.

11. What are your rights over your personal data?

You have the right to request:

• Access to the personal data we hold about you, free of charge (unless charges apply to us in fulfilling your request)
• The correction of your personal data when incorrect, out of date or incomplete.
• That we stop using your personal data for direct marketing (either through specific channels, or all channels).
• That we stop any consent-based processing of your personal data after you withdraw that consent.
• That you be “forgotten” or have your data erased, in certain situations.
• To have your data ported (that is, transmitted) directly to another organisaiton

You can contact us to request to exercise these rights at any time as follows: 

To ask for your information please contact The Secretary of ORBL who’s details are on the ORBL web site.

12. Your right to withdraw consent

Whenever you have given us your consent to use your personal data, you have the right to change your mind at any time and withdraw that consent.

13. Where we rely on our legitimate interest

In cases where we are processing your personal data on the basis of our legitimate interest, you can ask us to stop for reasons connected to your individual situation. 

We must then do so unless we believe we have a legitimate overriding reason to continue processing your personal data.

14. Direct marketing

You have the right to stop the use of your personal data for direct marketing activity through all channels, or selected channels. We must always comply with your request.

15. Contacting the Regulator

If you feel that your data has not been handled correctly, or you are unhappy with our response to any requests you have made to us regarding the use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office.

You can contact them by calling 0303 123 1113.

Or go online to www.ico.org.uk/concerns (opens in a new window; please note we can’t be responsible for the content of external websites)

If you are based outside the UK, you have the right to lodge your complaint with the relevant data protection regulator in your country of residence.

16. Any Questions?

We hope this Privacy Notice has been helpful in setting out the way we handle your personal data and your rights to control it.

If you have any questions that haven’t been covered, please contact the ORBL Secretary who will be pleased to help.

OLDHAM ROCHDALE BADMINTON LEAGUE (ORBL) DATA PROTECTION POLICY

1. Introduction
   • ORBL (“we“, “our” and “us“) is a voluntary umbrella member organisation for the sport of badminton in Oldham and Rochdale. In order to provide our services, we are required to collect, process, use and retain certain personal data for a variety of business purposes.
   • All of the personal data we process relates to our members of the league.
   • This data protection policy (“Policy“) applies to all of our volunteers whose work involves processing personal data. They must read, understand and comply with this Policy when processing personal data on members behalf. They must protect the data handled in accordance with this Policy and any applicable data security procedures at all times.
   • This Policy sets out what is expect from volunteers in order for us to comply with applicable Data Protection Laws (as defined below). Compliance with this Policy and all related policies and guidelines is mandatory. Any breach of this Policy may result in actions by the general committee.
2. About the Policy
   • This Policy describes how personal data must be collected, handled and stored to meet the leagues data protection standards and to comply with all applicable laws and regulations relating to processing of personal data and privacy, including without limitation the General Data Protection Regulation (“GDPR“) and any other data protection legislation in force from time to time (as applicable) and including where applicable the guidance and codes of practice issued by the Information Commissioner or any other relevant regulator (“Data Protection Laws“).
   • This Policy and any other documents referred to in it sets out the basis on which we will process any personal data we collect from data subjects, or that is provided to us by data subjects or other sources.
   • The league comittee is responsible for ensuring compliance with applicable Data Protection Laws and with this Policy. Any questions about the operation of this Policy or any concerns that the Policy has not been followed should be referred in the first instance to league secretary or any member of the league committee.
3. Definitions of Data Protection Terms

“data controller” means the organisations that determines the purposes and means of the processing of personal data. We are the data controller of all personal data used in our league for the purposes of managing the league.

“data breach” or “breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.

“data processor” means an organisation or individual which processes personal data on behalf of the league.

“data subjects” for the purpose of this Policy means all living individuals about whom ORBL holds personal data. A data subject need not be a UK national or resident. All data subjects have legal rights in relation to their personal data.

“personal data” means any information relating to an identified or identifiable natural person; an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number (NI number), location data, online identifier (IP address) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person.

“processing” means any operation or set of operations performed upon personal data or sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.             

“sensitive personal data” are personal data, revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership; data concerning health or sex life and sexual orientation; genetic data or biometric data (e.g. DNA, finger prints etc.).

“the consent of the data subject” means any freely given, specific, informed and unambiguous indication of his or her wishes by which the data subject, either by a statement or by a clear affirmative action, signifies agreement to personal data relating to them being processed.

4. Scope and Objectives of Policy
   • The Policy applies to personal data in all its forms whether on paper or stored electronically. It applies throughout the lifecycle of the information from creation through storage and utilisation to disposal. Appropriate protection is required for all forms of information to ensure business continuity and to avoid breaches of applicable Data Protection Laws or our contractual obligations.
   • The Policy will ensure that ORBL:
     • Complies with applicable Data Protection Laws and follows good practice;
     • Protects the rights of its members;
     • Is transparent about how it stores and processes personal data; and
     • Protects itself from the risks of a data breach or other unlawful processing of personal data.

5. Data Protection Laws
   • The Data Protection Laws describe how we must collect, handle and store personal data and these rules apply regardless of whether data is stored electronically or in paper format.
   • Anyone processing personal data must comply with the enforceable principles of good practice. These include, but are not limited to, that personal data must:
     • Be processed fairly and lawfully (lawfulness, fairness and transparency);
     • Be collected only for specific and lawful purposes and not processed in a manner that is incompatible with those purposes (purpose limitation);
     • Be adequate, relevant and limited to what is necessary for the purposes it is collected (data minimisation);
     • Be accurate and kept up to date (accuracy);
     • Not be held for longer than is necessary for the purposes it is collected (storage limitation);
     • Be processed in accordance with the data subject’s rights;
     • Be processed in a manner that ensures appropriate security (integrity and confidentiality); and
     • Not be transferred to a country or a territory outside the European Economic Area (“EEA“) unless that country or territory ensures an adequate level of protection.
   • Where we process personal data we are responsible for demonstrating compliance (accountability) with the principles set out in section 5.2 above.
6. Responsibilities
   • Whilst the League Committee is ultimately responsible for ensuring that ORBL meets its legal obligations under applicable Data Protection Laws, individual volunteers are responsible for compliance with applicable Data Protection Laws.
   • Harry Buckley is responsible for ensuring the security and integrity of our web site.
   • All ORBL officers are responsible for:
     • Keeping all personal as well as business critical and potentially sensitive data secure by taking sensible precautions and following the guidelines in this Policy;
     • Compliance with the Data Breach Policy;
     • Requesting guidance from the Data Protection Officer if unsure of any aspect of data protection;
     • Keeping updated about data protection risks and issues;
     • Reviewing and updating all data protection procedures and related policies, in line with legal requirements;
     • Referring requests received from data subjects exercising their rights under applicable Data Protection Laws (see section 11 ‘Processing in line with Data Subject’s Rights’ below) to the Data Protection Officer immediately;

7. Fair and Lawful Processing
   • Data Protection Laws are not intended to prevent the processing of personal data, but to ensure that it is done fairly and without adversely affecting the rights of the data subject.
   • For personal data to be processed lawfully, they must be processed on the basis of one of the legal grounds set out under applicable Data Protection Laws. These include, among other things, the data subject’s consent to the processing, or that the processing is necessary for the performance of a contract with the data subject, for the compliance with a legal obligation to which the data controller is subject, or for the legitimate interest of the data controller or the party to whom the data is disclosed. When sensitive personal data is being processed, additional conditions must be met.
   • We only process personal data during the course of our business on the basis that the processing is necessary for the efficient operation of the badminton league.
   • Our privacy notices explain the legal basis on which we process personal data. A version of our privacy notice is available on our website.
8. Processing for Limited Purposes
   • We will only process personal data for specified, explicit and legitimate purposes, or for any other purposes specifically permitted by applicable Data Protection Laws. We will not undertake further processing in any manner incompatible with those purposes, and will not use it for new, different or incompatible purposes from that disclosed when it was first obtained, unless you have informed the data subject of the new purposes, and they have consented (if necessary).
   • We will notify those purposes to the data subject when we first collect the data or as soon as possible thereafter, and such purposes may include (amongst others):
     • Ensuring only registered players take part in league matches
     • Ensuring that team score cards comply with the league rules in relation to registered players and teams
     • Providing contact details on the ORBL web site to enable teams to efficiently communicate with each other
     • Efficiently communicating by e-mail to members of the league
     • Compliance with our legal, regulatory and corporate governance obligations and good practice;

9. Providing information
   • In the course of our business, we may collect and process personal data. This may include data we receive directly from a data subject (for example, when a team or individual becomes a registered player.)
   • If we collect personal data directly from data subjects, we shall ensure that data subjects are aware that their data is being processed, and that they understand the purposes and lawful basis for which it is processed, the legitimate interests of ORBL, any recipients or transfers of their data, the retention periods for their data and the existence of each of their rights in respect of such data.
   • If we collect personal data from a third party about a data subject, we will provide the data subject with the above information as soon as possible, and provide any additional information as prescribed by applicable Data Protection Laws.
   • To assist with our compliance of the above requirements, we have privacy statements setting out how we use personal data relating to data subjects (see section 7.4 above).
10. Adequate, Relevant and Non-Excessive Processing

We will only collect personal data to the extent that it is required for the specific purpose notified to the data subject. As such, we will not process personal data obtained for one purpose for any unconnected purpose unless the data subject concerned has agreed to this or would otherwise reasonably expect this.

11. Data Accuracy
    • If we receive a request to update or correct any personal data we hold, and provided we have authenticated the identity of the data subject in question, we will take all reasonable steps to ensure that personal data we hold is accurate and kept up to date. We will take all reasonable steps to destroy or amend inaccurate or out-of-date data.
    • We will take reasonable steps to ensure that personal data is kept as accurate and up to date as possible and personal data should be updated as inaccuracies are discovered. For example, if an e-mail address is no longer in service, it should be removed from the database.
    • Data subjects may ask that we correct inaccurate personal data relating to them. If you believe that information is inaccurate you should record the fact that the accuracy of the information is disputed and inform the league secretary promptly.
12. Processing in line with Data Subject’s Rights
    • We will process all personal data in line with data subjects’ rights to and in connection with their personal data in accordance with the Data Protection Laws.
    • If a data subject makes a request (written or otherwise) to exercise any right (or purported right) in respect of their personal data, you should immediately forward it to the league secretary. Committee members should not in any circumstances be bullied into disclosing personal information.
    • The league secretary will handle the response to the request and ensure that the identity of anyone making a request has been adequately verified before handing over any information.
    • Any complaints received from a data subject should be escalated to the league secretary immediately.
13. Data Retention

We will not keep personal data longer than is necessary for the purpose or purposes for which they were collected, and all personal data will be held in accordance with our data retention policy.

14. Data Security
    • We will take appropriate security measures against unlawful or unauthorised processing of personal data, and against the accidental loss of, or damage to, personal data. We have put in place procedures and technologies appropriate to our size, scope and business, our available resources and the amount of personal data that we process. These measures will maintain the security of all personal data from the point of collection to the point of destruction.
15. Sharing personal data
    • If we share personal data with third parties, we will do so in line with applicable Data Protection Laws.
16. Data Storage
    • Personal data should be stored electronically whenever possible and the recording of personal data in paper format should be kept to a minimum. In circumstances where personal data is recorded in paper format eg scorecards and registration forms, it will be kept in a secure place to prevent unauthorised access to such personal data by unauthorised persons.
17. Changes to this Policy

We reserve the right to change this Policy at any time. Where appropriate, we will notify you of those changes by mail or email.

18. Questions

Please refer questions to the league secretary