Sarsfields GAA Data Protection and Retention Policy
1. Maintainance of club records:
All electronic data shall only be stored (either on a memory stick or computer) in an encrypted format. All media storage systems shall have the correct and up to date anti-viral software. Electronic records shall only be maintained for the appropriate period. All hard copies of data will be stored in the locked office in the club house. Hard copy records shall only be maintained for the appropriate period. See addendum 1 for types of data that will be stored.
2. Retention Period for Data:
Minutes of Club Meetings:
Garda Vetting Clearance:
3. Contacting Members
Member’s data shall not be given to outside agencies or individuals at any time. All members shall agree to contact from the club via e-mail regarding general meetings of the club and club functions including matches and training (when signing the annual membership form). Members shall not be contacted by the club regarding other issues unless they have specifically agreed to this type of contact and an “opt in “ option is offered.
Individual Privacy Rights
The Club, County, Province and Central Council of the GAA process personal data to administer and conduct GAA related activities. This includes membership and player registrations, team sheets, disciplinary processes, communications and notifications of GAA events, club fundraising activities, coaching activities and compliance related requirements (i.e. vetting and insurance). We will never share your information with third parties for any purpose without your consent.
The General Data Protection Regulation (‘GDPR’) is applicable from 25th May 2018 and is designed to give individuals more control over their personal data.
The key principles under the GDPR are:
- Lawfulness, fairness and transparency;
- Purpose Limitation;
- Data minimisation;
- Storage Limitation;
- Integrity and confidentiality;
In furtherance with the above principles, the following rights are enshrined within the General Data
Protection Regulation (GDPR) and are available to every individual in relation to their own personal data.
1) The Right to be Informed
You have the right to receive information relating to the processing of your personal data and this should be provided to you at the point your personal data is collected.
2) The Right to Access
You have the right to receive a) Confirmation of whether or not personal data concerning you is being processed; b) Where personal data concerning you is being processed, a copy of your personal information; c) Where personal data concerning you is being processed, other additional information as follows: the purpose(s) of the processing; the categories of personal data; any recipient(s) of the personal data to whom the personal data has or will be disclosed; the retention period or, if that is not possible, the criteria used to determine the retention period; the existence of your rights.
3) The Right to Rectification
If your personal data is inaccurate, you have the right to have the data rectified, by the controller, without undue delay. If your personal data is incomplete, you have the right to have data completed, including by means of providing supplementary information.
4) The Right to Erasure
This is also known as the ‘right to be forgotten’. You have the right to have your data erased, without undue delay, by the data controller under certain circumstances.
5) The Right to Data Portability
In some circumstances, you may be entitled to obtain your personal data from a data controller in a format that makes it easier to reuse your information in another context, and to transmit this data to another data controller of your choosing without hindrance. This is referred to as the right to data portability.
6) The Right to Object to Processing
You have the right to object to certain types of processing of your personal data. You have a stronger right to object to processing of your personal data where the processing relates to direct marketing.
7) The Right of Restriction
You have a limited right of restriction of processing of your personal data by a data controller. Where processing of your data is restricted, it can be stored by the data controller, but most other processing actions, such as deletion, will require your permission.
8) Rights in relation to Automated Decision Making
You have the right to not to be subject to a decision based solely on automated processing. Processing is “automated” where it is carried out without human intervention and where it produces legal effects or significantly affects you.
If you wish to exercise any of the above rights, you can contact your Club, County, Province or the GAA Data Protection Officer on 01 8658600 or email@example.com.
Further information regarding your rights can be obtained through the Office of the Data Protection Commissioner, Canal House, Station Road, Portarlington, Co. Laois, or on the website www.dataprotection.ie
How do I make a complaint or report a breach?
Should you wish to make a complaint or report a breach under in relation to your Personal Data, you can do so by emailing the Office of the Data Protection Commissioner using the following email address: firstname.lastname@example.org