Privacy Policy
SAMA SOUTHEAST DATA PROTECTION POLICY
D4.1 At SAMA Southeast we respect the privacy of all our members; adults and children and the privacy of their parents or carers, as well as the privacy of our staff. Our aim is to ensure that all those using and working at SAMA Southeast can do so with confidence that their personal data is being kept secure.
D4.2 Any information that you provide is kept secure. Data that is no longer required* is erased after you / your child has ceased attending our Club.
D4.3 We will use the contact details you give us to contact you via phone, email, social media and post so that we can send you information about the club and or your child, our Club and other relevant news, and also so that we can communicate with you regarding payment of our fees.
D4.4 Our lead person for data protection is George Asargiotakis. The lead person ensures that the Club meets the requirements of the GDPR, liaises with statutory bodies when necessary, and responds to any subject access requests.
- D4.5 Confidentiality. Within the Club we respect confidentiality in the following ways:D4.5.1 We will only ever share information which is deemed not protected and only after discussing the request with you. We will never share personal information with a third party.D4.5.2 Information given by adults or parents to Club staff about their child will not be passed on to third parties without permission unless there is a safeguarding issue (as covered in our Safeguarding Policy).
D4.5.3 Concerns or evidence relating to a child’s safety, will be kept in a confidential file and will not be shared within the Club, except with the designated Child Protection Officer and the manager.
D4.5.4 Staff are made aware of the importance of confidentiality during their induction process.
D4.5.5 Issues relating to the employment of staff, whether paid or voluntary, will remain confidential to those making personnel decisions.
D4.5.6 All personal data is stored securely in a lockable file on a password protected computer and passcode-locked phone/tablet.
- D4.6 Information we Retain. The items of personal data that we keep about individuals are
documented and securely kept. Adults / Parents will attain control over their own personal or child’s data on line that is protected with password. The personal data is reviewed
28
Appendix 4 to Annex D To SAMA SE QMS
annually to ensure that any new data types are included. SAMA Southeast are committed to protecting and respecting the privacy of all personal information / data. For any personal the data provide for the purposes of membership, SAMA Southeast is the Data Controller and is responsible for storing and otherwise processing that data in a fair, lawful, secure and transparent way.
D4.6.1Adults: We hold only the information necessary to provide a childcare service for each child. This includes child registration information, medical information, parent contact information, attendance records, incident and accident records and so forth. Once a child leaves our care, we retain only the data required by statutory legislation and industry best practice, and for the prescribed periods of time. Electronic data that is no longer required is deleted and paper records are disposed securely.
D4.6.2 Children and parents: We hold only the information necessary to conduct our activity. This includes child registration information, medical information, parent contact information, incident and accident records and so forth. Once a child leaves our club, we retain only the data required by statutory legislation and industry best practice, and for the prescribed periods of time. Electronic data that is no longer required is deleted and paper records are disposed securely.
D4.6.3 Staff: We keep information about employees in order to meet HMRC requirements, and to comply with all other areas of employment legislation. We retain the information after a member of staff has left our employment for the recommended period of time, then it is deleted or destroyed as necessary.
D4.8 The Retention of Data. The reason SAMA Southeast collate and retain Data is to be able to administer our memberships and provide the membership services to all our customers. The lawful basis for processing personal data is that we have a contractual obligation to our members to provide the services they are registering for. For membership training and club management:
D4.8.1 Sharing personal data with club coaches or officials to administer training sessions including amendments and cancellations.
D4.8.2 Processing of membership forms and payments, including membership renewals.
D4.8.3 To ensure sufficient medical information is retained in order to manage the risk to the individual.
D4.8.4 To retain specific information as mandated und the differing legislation; including MSAW 1974, GDPR.
D4.9 Sharing information with third parties. We will only share child information with outside agencies on a need-to-know basis and with consent from the specific member be it an adult on in the case of a child the parent, except in cases relating to safeguarding children, criminal activity, or if required by legally authorised bodies (eg Police, HMRC, etc). If we
29
decide to share information without consent, we will record this in the members file, clearly stating our reasons.
D4.10 We will only share relevant information that is accurate and up to date. Our primary commitment is to the security of the individual members personal information / data, where there is a defined requirement as outlined above we will follow the directions and guidance as outlined in the GDPR 2016. Some limited personal information is disclosed to authorised third parties we have engaged to process it, as part of the normal running of our business, for example in order to take online bookings, and to manage our payroll and accounts. Any such third parties comply with the strict data protection regulations of the GDPR. for your setting.
D4.11 Subject access requests. SAMA Southeast will action all SARs as follows:
D4.11.1 Club member can ask to see information and records relating to themselves.
D4.11.2 Parents/carers can ask to see the information and records relating to their child, and/or any information that we keep about themselves.
D4.11.3 Staff and contractors can ask to see any information that we keep about them.
D4.11.4 We will make the requested information available as soon as practicable and will respond to the request within one month at the latest.
D4.11.5 If our information is found to be incorrect or out of date, we will update it promptly.
D4.11.6 If any individual about whom we hold data has a complaint about how we have kept their information secure, or how we have responded to a subject access request, they may complain to the Information Commissioner’s Office (ICO).
D4.12 Contact&CommunicationWithSAMASoutheast.Userscontactingthisusthroughthis website do so at their own discretion and provide any such personal details requested at their own risk. Your personal information is kept private and stored securely until a time it is no longer required or has no use. Where we have clearly stated and made you aware of the fact, and where you have given your express permission, we may use your details to send you products/services information through a mailing list system. This is done in accordance with the regulations named in ‘The policy’.
D4.13 Email Mailing List & Marketing Messages. We operate an email mailing list program, used to inform members about products, services and/or news we supply/publish. Members can subscribe through an online automated process or when you become a member filling the form. where they have given their explicit permission. Members personal details are collected, processed, managed and stored in accordance with the regulations named in ‘The policy’ above. Subscribers can unsubscribe at any time through an automated online service, detailed in the footer of sent marketing messages.
30
D4.14 Emailmarketingmessagesmaycontaintrackingbeacons/trackedclickablelinksor similar server technologies in order to track subscriber activity within email marketing messages. Where used, such marketing messages may record a range of subscriber data relating to engagement, geographic, demographics and already stored subscriber data.
D4.15 GDPR. We comply with the requirements of the General Data Protection Regulation (GDPR 2016), regarding obtaining, storing and using personal data.
D4.16 Records Retention. SAMA Southeast will hold personal data on file for as long as the individual remains a member. Individuals data is updated every year on annual membership forms. Any personal data held will be securely destroyed after four years of inactivity on that member’s account, data is not processed for any further purposes other than those detailed in this policy.
This policy was adopted by: Southeast martial arts ltd t/a Sama Southeast
Date: 29th September 2021
About SAMA Southeast
Karate, Kickboxing and more for people of all ages.