THE GENERAL DATA PROTECTION Regulation (25 May 2018) governs how and why data (information) about individuals can be collected, stored and used.
BDSFA is committed to ensuring the responsible, safe and legitimate collection, retention and usage of information about individuals in order to protect their privacy whilst providing controlled access to that information by those with a legitimate and permitted interest. This policy will be reviewed annually.
This section of the policy outlines the arrangements for collecting, using, storing, retaining and sharing personal information. BDSFA shall:
- Identify an accountable data controller;
- Identify the lawful basis/legitimate interest for collecting each data set held;
- Ensure that personal information is processed fairly, lawfully and in a transparent manner;
- Only collect and use that information for specified, explicit and legitimate purposes, or for purposes which are compatible with the stated purpose;
- Process only information which is adequate and relevant to the purpose, and which is limited to what is necessary for that purpose;
- Strive to maintain accurate, up to date information and make any notified changes within one month;
- Not retain personal information for longer than is absolutely necessary to fulfil its stated purpose;
- Keep all personal information safe and secure and protected from unauthorised access, accidental loss or destruction/damage;
- Share with data providers the rationale for seeking their data and explain how it will be processed, including how data subjects must consent to the use of their data, and how that consent can be withdrawn;
- Cease to process any data on request of the data subject;
- Where appropriate train BDSFA volunteers in data protection;
- Share data with relevant third parties either for statutory purposes or for other legislative purposes (e.g. criminal investigation);
- Share information with other third parties only when data sharing protocols or contracts, in line with this policy, have been approved by the BDSFA committee, ensuring individuals have actively consented to that sharing;
- Provide any individual with copies of all personal data held about them as soon as possible, and in any event no later than one month from the request date, unless the request is unduly complex and requires an extended period of two further months to complete, unless that information relates to criminal proceedings, matters of national security, tax matters or appointments to the judiciary;
- Provide information held at no cost to the applicant, unless the request is manifestly unfounded or excessive, in which case an appropriate fee to cover the cost of administration may be levied.
- Give due regard to the additional sensitivity in handling data about any criminal record and about individuals’ protected characteristics as defined by the Equality Act.
Retention of Data
BDSFA shall only retain:
- data for the period for which it is needed. This period shall be defined first by regulation/statute/law, where applicable, and thereafter by internal policy;
- personal bank and financial details, where they are necessarily held for the purposes of making or receiving payments under our responsibilities as an Association;
- details of any disciplinary action for the duration specified by The FA’s regulations (5 years);
- safeguarding case files in line with The FA’s regulations.
At the end of each season, the BDSFA shall conduct a “data purge” to ensure that the conditions laid down in this policy are upheld.
References to support the Policy
- Privacy notices and consent documents;
- ESFA handbooks and website;
- BDSFA Policies published on its website: bdsfa.bdscs.org.uk
Last Reviewed: November 2019