Privacy Notice for Oxford Bridge Club CIO
[This version updated: 24th May 2018]
In accordance with the General Data Protection Regulations 2018 (the GDPR), this notice gives details of how and why Oxford Bridge Club collects, stores and uses the personal data of club members and visitors, together with other relevant information listed below.
Contents List
What personal data does Oxford Bridge Club CIO collect, and what is it used for?
Who is your data shared with?
Where does this data come from?
How is your data stored?
Who is responsible for ensuring compliance with the relevant laws and regulations?
Who has access to your data?
What is the legal basis for collecting this data?
How you can check what data we have about you?
Does Oxford Bridge Club CIO collect any "special" data?
How can you ask for data to be removed, limited or corrected?
How long do we keep your data for, and why?
What happens if a member dies?
Can you download your data to use it elsewhere?
What personal data does Oxford Bridge Club CIO collect?
The data we routinely collect includes names, addresses, telephone numbers and email addresses. We collect this data directly from our members when they join the club, from visitors playing at the club for the first time, and from people booking training sessions.
For some of our members we may have additional information such as trustee roles, committee memberships, teaching qualifications, tournament director roles or others who hold a position in the club. We also keep information relating to disciplinary matters and sanctions.
We collect the scores from games you play, which are displayed on our results pages and notice boards and used in maintaining the EBU’s National Grading Scheme (NGS) and the Master Point scheme.
What is this personal data used for?
When you become a member of the club, we use your data for the administration of your membership; the communication of information, the organisation of events and other relevant activities such as maintaining host lists. We provide your data to the English Bridge Union (EBU) for their use as explained in the section below.
When you play at the club as a visitor, we ask you to fill in a visitor form. Such data as you choose to provide is used to record your results and communicate with you about activities at the club. Should you ask the club to obtain an EBU number for your use then we provide your data to the EBU as explained in the section below.
When you book to attend an Education event at the club, we use the data you supply to communicate information about the course and also to inform you of relevant activities at the club about which you may be interested.
Who is your data shared with?
Your membership data is passed on to the EBU, of which you become a member when you join Oxford Bridge Club CIO. The EBU shares data with its associated charity, English Bridge Education and Development (EBED), since it shares offices and data systems with them, and also with Oxfordshire Bridge Association or any other county that you may have nominated as your county of allegiance.
Information from your results is also passed on to the EBU for use in its master point and NGS schemes, unless you have chosen to have your NGS grade kept private, and this may also be used for stratification and handicap purposes.
Some of your data will be available for use by Pianola, Bookwhen and Bridgewebs acting as Data Processors on our behalf. They are not free to pass this on to other organisations that are not connected with Oxford Bridge Club CIO.
Your personal data is not passed on by us to organisations other than those indicated above, whether or not connected with bridge.
Where does this data come from?
Data for most of our members comes from them when they join Oxford Bridge Club CIO or when they update their information either directly using access to the club’s Pianola system or via their EBU record accessed via the MyEBU area of http://www.ebu.co.uk/.
The information held by the EBU may be updated by your club if you have given it permission to change your record. You can change this permission on My EBU by going to Account -> My Details.
If you are a direct member of the EBU, you will instead have provided your personal data directly to us when you joined Oxford Bridge Club CIO, or when you updated your record with us.
If you play at the club as a visitor you may provide data on a visitor form.
Scoring data comes directly from the results of the club games in which you play.
Data is also collected from those who book training courses via the Bookwhen booking system.
How is your data stored?
This information is mainly stored in digital form in storage areas designated by the cloud-based applications that we use. We use Pianola, Bridgewebs and Bookwhen as our data processors for this purpose. Records of the club are also stored in the cloud under the control of the Google G Suite software.
All information that is held in the cloud is stored in compliance with the General Data Protection Regulation (GDPR).
When you supply personal data in paper form, for example on a membership application form or a visitor form, then the original information is stored in a locked area at the club or in the secure custody of an officer or trustee of the club.
Who is responsible for ensuring compliance with the relevant laws and regulations?
Under the GDPR we do not have a statutory requirement to have a Data Protection Officer. The person who is responsible for ensuring that Oxford Bridge Club CIO discharges its obligations under the GDPR is the Chair of the club’s Infrastructure Committee.
Who has access to your data?
Designated Trustees, Officers, committee members, tournament directors, scorers, host coordinators, Wessex League team captains and others allocated specific responsibilities by the trustees of Oxford Bridge Club CIO have access to members’ data in order for them to carry out their legitimate tasks for the club.
Education administrators have access to your contact details when you book a training course via Bookwhen.
Members and visitors have access to the printed list of telephone numbers of members that is available on the club premises.
Scores from games that you play, and related scoring data, such as ranking lists and scoring ladders, are published on our website and are therefore publicly available.
What is the legal basis for collecting this data?
Oxford Bridge Club CIO collects personal data that is necessary for the purposes of its legitimate interests as a membership organisation and participant in an internationally recognised and regulated, competitive mind sport.
We maintain records related to trustees and members to comply with Charity Law.
For some data, such as that relating to financial matters, the basis for its collection and retention is to comply with our legal obligations.
Similarly, data on personnel is kept in compliance with our legal obligations.
How you can check what data we have about you?
Your membership record is available for you to review or update by logging in to the Club’s Pianola system. If you are not able to do this or require help to see the basic membership data we hold about you, you should contact the Membership Secretary memsec@oxfordbridgeclub.com.
You can contact us with a "Subject Access Request" if you want to ask us to provide you with any other information we hold about you. If you are interested in any particular aspects, specifying them will help us to provide you with what you need quickly and efficiently. We are required to provide this to you within one month.
There is not usually a fee for this, though we can charge a reasonable fee based on the administrative cost of providing the information if a request is manifestly unfounded or excessive, or for requests for further copies of the same information.
Does Oxford Bridge Club CIO collect any "special" data?
The GDPR refers to sensitive personal data as "special categories of personal data".
We keep records of accidents and health-related incidents occurring on the club premises. We may also keep records of the medical requirements of children and vulnerable adults under our Safeguarding Policy. We maintain a list of members who have explicitly requested that they be given a stationary position in bridge sessions.
If you would like us to delete any of this data relating to you, please contact the Secretary sec@oxfordbridgeclub.com.
How can you ask for data to be removed, limited or corrected?
There are various ways in which you can limit how your data is used.
- If you wish you could become an "anonymous" member of the EBU. This would involve you having a pseudonym with an EBU number under which you would play. If you do this you would not be able to access any EBU membership benefits such as the magazine or playing in EBU tournaments.
- You could maintain your club membership with your correct name but with limited contact details. However, we do need to have at least one method of contacting you. You could for example simply maintain an up-to-date email address, but this would limit what we and the EBU are able to provide you with in the way of written information, so you would not be able to get English Bridge in printed form or any other benefits that require a mailing address.
- You do not need to provide us with your date of birth unless you wish to enter age-limited (junior or seniors) events or gain concessions based on age.
- If you do not want your NGS grade to be public, you may choose for it to be kept private. You can change this option as often as you wish.
- You may choose not to appear in master point promotions lists.
- You may choose not to share your contact details and results details with other club members using Pianola.
- You may choose not to receive information emails from Oxford Bridge Club CIO (we do not send any out on behalf of other organisations, apart from the EBU and OBA).
- You may choose not to be included on the printed telephone list that is available on the club premises.
- These options can be implemented for your club membership by logging into Pianola, going to My Account, and changing your Personal Details, Communication Preferences and Privacy profile. If you need any help with this you may contact the Membership Secretary memsec@oxfordbridgeclub.com.
- These options can be implemented for your EBU membership by logging on to My EBU, going to Account -> My Details and editing your record there, either to correct erroneous data or to delete information you do not wish the EBU to have. If you need any assistance with this you may contact the Office Manager membership@ebu.co.uk
How long do we keep your data for, and why?
We normally keep members’ data after they resign or their membership lapses in case they later wish to re-join. However, we will delete any former member’s contact details entirely on request.
Similarly, we normally keep data about visitors and about those who participate in education events. We will delete any of this information on request.
Since underlying statistical data, like scores from bridge games, continues to be necessary in relation to the purpose for which it was originally collected and processed, results from events used for the NGS are not deleted by Oxford Bridge Club CIO or the EBU although they will no longer be attributed to a player who does not want their data to be kept.
Historical ranking lists and prize lists are required for archiving purposes and names cannot be removed from them. This includes names on honours boards and names engraved on trophies.
Other data, such as that relating to accounting or personnel matters, is kept for the legally required period.
We store records of accidents that take place at our premises as part of our health and safety policy. We keep these records for use in informing a regular review of health and safety at the club.
We store records required under our safeguarding policy. Such records are kept until the information is no longer relevant.
We store records relating to disciplinary penalties recorded by tournament directors for a period of 12 months.
Under the complaints system of the club the Conduct Committee keeps records of the processing of complaints for a period of up to two years. The record of any decisions which involve a formal caution are kept for a period of three years. Details of any decisions of the Disciplinary Committee form part of the permanent record of the club.
What happens if a member dies?
We normally keep members’ information after they die. If requested by their next-of-kin to delete such information we will do so on the same basis as when requested to remove data by a former member.
Can you download your data to use it elsewhere?
Your session data that is held by the EBU can be downloaded as a csv spreadsheet. You can do this by logging on to My EBU and in your Sessions list, clicking on "Download as CSV". To access data held by Oxford Bridge Club CIO you may use your login credentials to the OBC Pianola system or you can contact memsec@oxfordbridgeclub.com.