Data Use and Protection Policy for UCD Marian Basketball Club (the Club)

About this policy
This policy explains when and why we UCD Marian basketball Club collect personal information about our members and how we use it; keep it secure and club member’s rights in relation to it. This includes probationary members, visitors and guests. We will collect, use and store personal data, as described in this Data Protection Policy when people engage in activities at the club. Normally this will be through some level of membership.

We reserve the right to amend this Data Protection Policy from time to time without prior notice. You are advised to check our Club notice board and or website www.ucdmarian.com regularly for any amendments. We will only share your personal data with any third parties as outlined below.

We will always comply with the General Data Protection Regulation (GDPR) when dealing with your personal data. Further details on the GDPR can be found at the website for the Data Protection Commissioner (https://www.dataprotection.ie/en/individuals).

Responsible person
For the purposes of the GDPR, the Club will be the “controller” of all personal data we hold about club members and others. The Club Executive is responsible for making sure the club complies with the General Data Protection Regulation (GDPR) which applies from 25 May 2018. We will review personal data every year to establish whether we are still entitled to process it or not.

Member’s rights
You have rights under the GDPR:

  • To access your personal data
  • To be provided with information about how your personal data is processed
  • To have your personal data corrected
  • To have your personal data erased in certain circumstances
  • To object to or restrict how your personal data is processed in certain circumstances.

For more details, please address any questions, comments and requests regarding our data processing practices to the ucdmarianbasketball@gmail.com.

1 Definitions
Personal data means data relating to a living individual who is or can be identified either from the data or from the data in conjunction with other information that is in, or is likely to come into, the possession of the data controller.

Data Controllers are those who, either alone or with others, control the collection, contents and use of personal data collected by the Club. In this case Basketball Ireland (BI), Dublin Men’s Basketball Board (DMBB) and tournament organisers. Separate registration for BI and DMBB and any other tournament will be required independent of annual membership of the Club.

Data Processors are those who process the data on behalf of the data controller. The data processor is usually a third party external to the company. The Club has engaged Clubforce to manage its registration process see www.cubforce.com

The Data Protection Acts of 1988 and 2003 and the GDPR convey several responsibilities on Data Controllers and Data Processors in relation to the personal data collected about individuals by the Club and stored electronically or in a structured manual file. These may be summarised as follows:

1.1 Obtain and process information fairly.
All members are required to complete a registration annually using the Club’s online registration system. No information from any other source is used by the Club and the member or their parent/guardian as appropriate has access to the information online.

1.2 The data must be kept for a specified, lawful purpose.
We use this information to administer the Club, to provide you with the services that you and your child/children receive at the Club, to meet the purposes of performing the Club’s obligations to you, for risk assessment, health and safety responsibilities of the Club, and to fulfil the registration requirements of Basketball Ireland and Dublin Men’s Basketball Board.

2 Co-controllers
The data required to be collected by the Club is determined by the Club, BI and DMBB. For example, Member’s date of birth is collected as it is required by these governing bodies to determine eligibility, for under-age play. This makes BI and DMBB co-controllers rather than processors of the data.

2.1 Basketball Ireland
The Club is affiliated to Basketball Ireland, which is the National Governing Body for the sport in Ireland. Basketball Ireland operates a database and allocates each individual member of every affiliated club a unique personal identifier.
In completing a registration to join The Club, you agree that the Club may provide your name, gender, date of birth, and contact details to Basketball Ireland for the purposes of marinating the BI database during their day to day administration of basketball in Ireland.
Basketball Ireland publishes its data protection policy at http://www.basketballireland.ie/legal

2.2 DMBB
The Club is a member of the DMBB and its teams play in league competitions organized by DMBB. For registration of players in these league competitions, DMBB requires the Club to send players’ personal data to DMBB. In completing a registration to join the Club, you agree that the Club may provide your name, gender, date of birth, and contact details to DMBB for the purposes of “the administration of the DMBB leagues only. This information will not be forwarded to any third parties.”

2.3 The HSE
In completing a registration to join the Club, you agree that the Club may provide your name and contact details to the HSE for the purposes of COVID-19 contact tracing only. More information on HSE contact tracing is available at https://www2.hse.ie/conditions/coronavirus/testing/contacttracing.html.

3 The data must be used and disclosed only for the specified purpose.
We may disclose your data to coaches and/or managers operating at the Club on a need-to knowbasis for inclusion on score sheets at games (Names date of birth and BI PINs only) and for health and safety reasons. Your personal data may also be disclosed to the Child Welfare Officers if requested for child welfare reasons.

In addition, adult members’ phone contact and/or email details will be shared with some members as required for the purposes of arranging transport to/from events and for coordinators to contact members to get assistance when organizing club events.

4 The data must be kept safe and secure.
The data collected is no longer held on hard copy application. The data is held only online in electronic database application that is password protected and accessible to The Chairperson, the Registrar, the Treasurer and the Secretary only.
The data must be up to date, accurate and complete.
You agree to keep the Club informed of any changes to the personal data that you provide to the Club.

5 The data must be relevant, adequate but not excessive.
The Club will only request data necessary to provide you with the services that you and your child/children receive at the Club, to meet the purposes of performing the Club’s obligations to you, and for administration, risk assessment, health and safety responsibilities of the Club and to fulfil the registration requirements of Basketball Ireland and Dublin Men’s Basketball Board.
The data will be held until the end of September in the year following registration. In addition, the Club maintains a database of past members who agree to be contacted for Club ceremonies and functions. If you wish, upon leaving the Club, to have personal information about you deleted/securely destroyed, you may contact the Club at  ucdmarianbasketball@gmail.com.
6 A copy of the data must be made available to the data subject, on request.
You are entitled to write to the Club at ucdmarianbasketball@gmail.com to request a copy of your personal data which the Club holds. Should inaccuracies exist in your personal data held by the Club, you are entitled to request that the Club amend or erase it.

7 General Consent
Where you have provided information about another person (e.g. a minor), you confirm that they have appointed you to act for them or that you are legally entitled to act for them, to consent to the processing of their personal data, and to receive, on their behalf, any data protection notices from the Club or Basketball Ireland.

8 Data Processors
The Club uses a cloud-based sports club management system, Clubforce® for member registration, messaging members and recording attendance. The Clubforce® data privacy statement is available at https://clubforce.com/privacy-policy/

GDPR: General Data Protection Regulations

New data protection rules known as GDPR (General Data Protection Regulations) came into effect on 25th May 2018, to give European citizens greater control over their personal data. We value your privacy and are committed to handling your personal data honestly, ethically, with integrity and in accordance with applicable laws.

We are careful to work in conjunction with data protection guidelines, and will continue to do so. You can be assured that your personal information is stored securely, and that all third-party contracts, where/if applicable, also adhere to the GDPR regulations.

The UCD Marian Basketball Club Data Use and Protection policy is available here.