The West Midlands Police Sports & Wellbeing Association Privacy Policy

The West Midlands Police Sports & Wellbeing Association, Tally Ho Sport & Wellbeing Association, Pershore Road, Edgbaston, Birmingham, B5 7RN (the “Club”) is a private members’ club offering leisure facilities.

The privacy of your personal data is very important to us. The collection and processing of personal data by the Club is governed by “Data Protection Legislation” including the Data Protection Act 2018, the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019 (the “Data Protection Regulations”) and the General Data Protection Regulation (EU) 2016/679, the UK GDPR as defined in the Data Protection Regulations (as applicable) and any other applicable laws relating to the protection of personal data and the privacy of individuals (all as amended, updated or re-enacted from time to time).

The Club complies with its obligations by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access, and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.

This privacy policy explains:

  • What constitutes ‘personal data’
  • Who we collect ‘personal data from
  • How we process personal data
  • Who we share your data with
  • What measures we take to keep your data private and secure
  • Your rights
  • Who to contact if you have any queries or concerns about any personal data, we may store about you.

YOUR PERSONAL DATA

Personal data is any information which identifies you as an individual. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession.

This may include but not limited to name, address, phone numbers, email addresses, date of birth, gender, employment status, demographic information, personal descriptions, photographs, CCTV images, Membership numbers, usernames, and passwords.

We will only collect personal data that we need to fulfil our legal obligations, deliver services to you, and enable us to tailor and enhance your experience of the Club.

WHO WE COLLECT PERSONAL DATA FROM

We collect personal data from:

  • Members
  • Juniors
  • Prospective Members
  • Visitors to the Club
  • Visitors to our website
  • People who make enquiries via telephone, email or our website
  • Employees
  • Self-employed coaches and trainers
  • Suppliers
  • Contractors
  • Partners

We never sell personal data. We will only share it with organisations, when necessary, in order to fulfil our service to you and where the privacy and security of your data is assured.

HOW DO WE PROCESS YOUR PERSONAL DATA

We will only process your ‘personal data’ for legitimate purposes, as set out in the General Data Protection Regulation (from 25 May 2018) and the UK Data Protection Act.

All ‘personal data’ supplied to us will be processed for the purpose outlined in a specific privacy notice at the time of collection and in accordance with any consent and preferences you express.

If asked by the police, or any other regulatory or government authority investigating suspected illegal activities, we may be obliged to provide them with your personal data.

Below are the main uses of personal data, dependent on your relationship with us and how you interact with various services and technology.

Members

When a new Member joins the Club, we collect the following but not limited to information:

  • Personal details (name, address, email address, telephone number, employment details)
  • Financial information (credit or debit card)

This personal data is used to administer the new member joining process; maintain a record of your membership, process your membership subscription, enable you to use the Club, contact you regarding your membership renewal and the Annual General Meeting.

We undertake research and analysis on all the data we collect to tailor our services and communication with you.

Juniors

Children under the age of 18 are considered Juniors and are linked to an adult parent/guardian who must be a member. We hold the name, address, and date of birth on our system. Juniors are not permitted access to our website/ benefits platform due to age restricted benefits.

Prospective Members

We ask permission to collect the following but not limited to information from people who make enquiries about Membership:

  • Name and contact details so we can follow up enquiries
  • Reasons for joining so that we can tailor any tour to your interests
  • How you found out about us to improve our marketing
  • Reasons why you do not wish to join so that we can improve our services

We may also use automated communications with you dependent on your interests and consent.

Visitors to the Club

We collect the name, address, and contact details from Members’ guests who wish to come and enjoy our facilities.

Visitors to the Website

If you visit and interact with our website and Members’ area of the website, we may collect information about you using cookies. Cookies are small text files stored on your device when you visit certain websites. Cookies will not give us access to your device, cannot harm your computer and cannot provide us with any personal data about you, other than the data you choose to share with us by completing forms on our website.

Non-personally identifiable information may include: the type of browser and operating system you are using, your IP address, your device identifiers, your Internet or wireless service provider, and location-based information, specific web pages, length of time spent, pages accessed, and search terms used to find the website.

We use cookies to:

  • Personalise your experience of using the website, for example by remembering what stage you are at in completing a form or survey
  • Measure the performance of our website and marketing activity. We use Google Analytics, Microsoft Clarity, and other similar software to gather aggregate statistical information about the site to improve the user experience. We are not able to identify individual users with these cookies.
  • Ensure we deliver limited, relevant advertisements to prospective Members based on you visits to our website and your interests as expressed by your internet and social network use.

When you first visit our website, you will be asked whether you wish to accept our cookies. You can choose to accept or decline cookies and you can usually modify your browser setting to decline cookies if you prefer. However, this may prevent you from taking full advantage of the website.

You may find links to third party websites on our website. These websites should have their own privacy policies which you should check. We do not accept any responsibility or liability for their policies whatsoever as we have no control over them.

Marketing Activities

Members may opt in to receive emails, letters, text messages or phone calls about member related benefits or activities that we think may interest.

Communications are only sent to those who have consented to receive such information and is governed under the General Data Protection Regulation.

If you wish to alter or opt out of communications from us, please update your marketing preferences on our website.

Employees

To comply with our contractual, legal, and management obligations and responsibilities as a responsible employer, we process personal data, including ‘sensitive’ personal data, from job applicants and employees. This includes:

  • Data processed to meet our contractual responsibilities: payroll, bank account, postal address, sick pay; leave, maternity pay, pension, and emergency contacts.
  • Data processed to meet our legal responsibilities: tax, national insurance, statutory sick pay, statutory maternity pays, family leave, work permits, identification (passport) DBS checks, equal opportunities monitoring.
  • Data processed to meet our performance management responsibilities: recruitment and induction processes, training and development records, absence, and disciplinary records

The Act defines ‘sensitive personal data’ as information about racial or ethnic origin, political opinions, religious beliefs or other similar beliefs, trade union membership, physical or mental health, sexual life, and criminal allegations, proceedings, or convictions.

We will process data about an employee’s health where it is necessary, for example, to: • record absence from work due to sickness

  • to pay statutory sick pay
  • to make appropriate referrals to the Occupational Health Service.
  • to make any necessary arrangements or adjustments to the workplace in the case of disability.

This processing will not normally happen without the employee’s knowledge and, where necessary, consent.

Data about an employee’s criminal convictions will be held as necessary.

We may process data about, but not limited to, an employee’s racial and ethnic origin, their sexual orientation, or their religious beliefs only where they have volunteered such data and only for the purpose of monitoring and upholding our equal opportunities policies and related provisions.

Suppliers, contractors, and stakeholders

We will hold the following data about our suppliers, contractors, and stakeholders

  • Personal details (Name, address, email address, telephone number) of the lead contact
  • Details of any contracts or agreements
  • Financial information where necessary to process and pay invoices.

CCTV

The Club uses CCTV equipment to provide a safer, more secure environment for members and staff and to prevent bullying, vandalism, and theft. Essentially it is used for:

  • The prevention, investigation, and detection of crime.
  • The apprehension and prosecution of offenders (including use of images as evidence in criminal proceedings).
  • Safeguarding public, members, and staff safety.
  • Monitoring the security of the site.

The Club does not use the CCTV system for covert monitoring.

Access to the CCTV recorded footage is limited to designated staff and other authorised personnel (including police) with a legitimate reason to view and/or otherwise use the captured footage, including the provision of evidence in support of prosecution of criminal or illegal behaviour. Authorisation to review any footage will be given to relevant parties on a case-by-case basis which will be determined at the discretion of the Chief Executive in accordance with applicable data protection legislation.

Live footage recording is automatically erased after four weeks.

Further details governing the use of CCTV may be found in our CCTV Policy.

SHARING YOUR PERSONAL DATA

Your personal data will be treated as strictly confidential. We do not share your personal data to any third parties for commercial purposes. We only share your data with third parties to administer membership and provide services.

When we do share data with third parties, we take measures to ensure they are compliant with GDPR and there are appropriate measures and controls in place to keep your data secure.

 

Employees

To carry out our contractual and management responsibilities, we may, from time to time, need to share an employee’s personal data with one or more third parties:

  • A payroll & pension provider
  • HM Revenue & Customs
  • Disclosure and Barring Service

We never share ‘personal data’ to any other third party for commercial reasons and would only do so if we obtained your consent.

KEEPING YOUR DATA SAFE AND SECURE

We undertake the following measures to ensure the personal data we hold is kept safe and secure:

  • Minimise the risk of cyber-attacks by undertaking regularly assessing our IT and security systems.
  • All new staff receive mandatory training on the importance of data protection at their induction and regularly thereafter to reinforce their responsibilities.
  • We only use and retain your information for as long as it is required for the purpose it was collected for and to comply with statutory requirements. Our retention periods are set out in the Information Asset Register.
  • Once we no longer require your personal data, it will be deleted in accordance with the timeframes set out in the Club’s Data Retention, Archiving and Deletion Policy.

YOUR RIGHTS AND YOUR PERSONAL DATA

Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data:

  • The right to request a copy of your personal data which the Club holds about you.
  • The right to request that the Club corrects any personal data if it is found to be inaccurate or out of date.
  • The right to request your personal data is erased where it is no longer necessary for the Club to retain such data.
  • The right to withdraw your consent to processing at any time
  • The right to request that the data controller provide the data subject with his/her personal data and where possible, to transmit that data directly to another data controller, (known as the right to data portability),
  • The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing.
  • The right to object to the processing of personal data, (where applicable)
  • The right to lodge a complaint with the Information Commissioner’s Office.

SUBJECT ACCESS REQUESTS

If you would like to view the personal data the Club holds about you, you will be asked to complete a Subject Access Request Form to provide us with:

  • The personal information you wish to access
  • Where it is likely to be held
  • The date range of the information you wish to access
  • Information to confirm your identity

If we hold your personal data, we will give you a copy of the information together with an explanation of why we hold and use it. Once we have all the information necessary to respond to your request, we’ll provide your information to you within one month. This timeframe may be extended by up to two months if your request is particularly complex.

WHAT TO DO IF YOU’RE NOT HAPPY

In the first instance, please talk to us directly so we can try to resolve your issues. You also have the right to contact the Information Commissions Office (ICO) if you have any questions about Data Protection. You can contact them using their help line 0303 123 113, by post at Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF or at www.ico.org.uk

UPDATING THIS POLICY

If we wish to use your personal data for a new purpose, not covered by this Privacy Policy or any specific privacy statement issues to you when collecting and obtaining consent to hold your data, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.