Facebook Twitter Instagram
Log in

Club Policies

GDPR

To achieve GDPR (General Data Protection Regulation) compliance we have the processes documented below. A record of the steps taken to ensure GDPR compliance has maintainted by the webmaster ("The GDPR spreadsheet").

Responsibilities of Coaches and Volunteers

Coaches and volunteers should respect the access they have to member data and only use it as necessary for the administration of the club. In particular sensitive data such as health data should only be accessed when necessary. If they become aware of any daa breaches, they should follow the breach notification process below.

Subject Access Request Process

If anyone wishes to view or amend their personal data they should do so themselves (if they are a member). Regent's Park 10K entrants should contact the Race Organizer. Otherwise for a formal subject access request they should contact the web master stating that this is a subject access request. The webmaster should then fulfill the request, recording the data in the SAR register in the GDPR spreadsheet he/she maintains. The individual making the subject access request will be asked to verify their identity, for example by a telephone conversation where they must provide personal data matching the data we have on record for them or by semding a photocopy of their passport and driving licence.

Breach Notification Process

If a data breach occurs the web master should be informed immediately. The webmaster will then add the record to the Breach Register in our GDPR spreadsheet and will notify the information commisioner of the breach within 72 hours of the breach occuring.

Privacy Policy

Our use of data is documented in our privacy policy and additionally in the GDPR spreadsheet. If any changes are made to how we use member data the privacy policy and spreadsheet must be updated. Members and beginners should be informed of relevant changes by email or in the newsletter and the date of communications should be recorded in the GDPR spreadsheet. Race participants should be informed by email and the date of communications should be recorded in the GDPR spreadsheet.