The Guernsey Sports Commission holds data on both members of its staff and members of the public. The Guernsey Sports Commission is registered as a “Data Controller” under Guernsey’s 2001 Data Protection Law, which requires our staff to behave professionally when handling data. The Guernsey Sports Commission could face legal action if the Law is breached and staff should be aware that breaches may lead to disciplinary action being taken against them.
When does the Law apply?
It applies when personal data is stored on a computer or in a manual filing system which enables an individual’s record to be found by a search. It applies not only to databases, but to anything carried in an email or a memo typed on a word processor. It would not apply to a hand-written note unless that note was then put into a file indexed with that person’s name or some other personal identifier (e.g. a membership number). Remember that even “deleted” computer files can often be retrieved and almost any document can be searched for a name. Art, journalism, research and statistics are amongst a small number of special cases where the law does not always apply. Information which is already published (i.e. in the phone book) can also be exempt.
What is Personal Data?
Personal data is any information about a person who can be identified from the data, for example name, address or their photograph. So an anonymous survey is not covered by the Law, but a CCTV camera image is. Anything we do with that data is “processing” it.
What is Sensitive Personal Data?
Sensitive personal data relates to the racial or ethnic origin, political opinions, religious beliefs, trade union membership, physical or mental health, sex life, the commission of offences etc. This can only be recorded by the Guernsey Sports Commission where for instance the subject has given specific consent or if there is any legal obligation to do so.
The Eight Principles of Data Protection and how we comply
1. Data must be processed fairly and lawfully.
People must know, or be able to assume, that we are processing information about them (i.e. if they fill in a form or send us a letter or email). We should not collect information by underhand means or use it for unlawful purposes.
2. Personal data must be obtained only for one or more specified purposes
We can only use data for the purposes we set out when we collected it. So, if we collect address lists to allow us to send newsletters we cannot automatically pass these on to third parties etc.
3. Data must be adequate, relevant and not excessive.
We should record only what we need to record. If we do not need to know a person’s date of birth, then we must not record it. It may be however that we need to make some records of sensitive personal data in order to do our jobs properly – for example a participant’s medical information.
4. Data must be accurate and up to date.
Inaccurate data wastes our time and the time of the public we serve. It can cause offence – for example continuing to write to someone who is deceased or invoicing someone who has already paid. Errors can open the way to identity theft and fraud. So, we need to keep data up to date and purge old, redundant information.
5. Data must be retained for no longer than necessary.
Data files must be reviewed periodically and data not needed should not be kept. Retention for six years is a useful rule of thumb unless the records are of long-term value, but some records should be deleted immediately, for example someone resigning from a mailing list or the CV sent with a speculative job enquiry. Specific details on Guernsey Sports Commission timeframes for retaining information can be found in the section below entitled “Guernsey Sports Commission Retention and Sharing of Data Policy”.
6. Data must be processed in accordance with the rights of data subjects.
The rights of our data subjects include having access to their personal data (see below). We should also avoid causing damage or distress – for example by publishing names without that person’s consent. We must take care with any direct marketing, as this can be construed as junk mail or email spam.
7. Data must be kept secure.
This does not just mean keeping files under lock and key, but also that data is protected against being destroyed or corrupted, that there are back-ups, that passers-by cannot read computer screens, that passwords are changed periodically, that discarded data is disposed of appropriately, and that only properly authorised people see or use the data. The “leaking” of information to any person outside the Guernsey Sports Commission may be taken as breaking this principle. You should take great care when sending data as email attachments and when forwarding emails with large “cc” lists giving away other people’s email addresses. All paper which includes personal data should be shredded. Care should be taken when carrying data on laptop computers, data disks or pen drives; at the end of their useful lives these items should be disposed of by IT, which will ensure they are properly erased.
8. Data must not be transferred outside the Bailiwick, without adequate protection.
If any transfer is proposed the legal requirements should be studied in detail.
People have the right to request access to personal data held about them, subject to a few specified limitations. This means we must be careful about putting anything on file, on computer or into an email which you would not want the subject to read. We may be required to explain any flags, codes or abbreviations used in the records.
If we receive such a request in writing; (known as a “subject access request”) we refer to line management who will advise on procedure. We do not withhold the request (as we have only 60 days to respond). We do not destroy, alter or delete any records after receiving the request, as this would breach the Law. We do not inadvertently compromise other people’s rights in responding to such a request (i.e. if a record contains data relating to more than one person).
People have the right to be told what the data is being used for and to object to this if they don’t like it. They can also object to receiving unsolicited marketing material.
Data Protection Statements
Any form, web page etc that we design to collect personal data should include a Data Protection Statement. This will set out who we are, what we intend doing with the data the public are providing and who we will share it with. It may include “opt out” or “opt in” boxes to tick, for example if people do not wish to receive marketing information.
The Rights of Staff
Staff members have rights under the Law to see files relating to them held by the Guernsey Sports Commission. There are certain exceptions to the kind of documents which must be released.
Data on Paper
The following should be kept for 6 years and then destroyed:
“On Your Marks” or other one off programme paper application/consent forms.
Accident/Incident paper Report Forms.
Completed paper Risk Assessments.
Completed paper Registers
Street Sports Consent forms – to be kept for 6 years after last date of attendance, then destroyed.
Street Sports Register – names will be removed if no attendance in one year.
Any other similar forms for Guernsey Sports Commission run programmes.
Any computer files containing personal information will be password protected.
Personal information on computer files will be kept for the year of the programme/initiative and then another full calendar year. After this time the files will be destroyed or de-personalised if needed to be kept for statistics. e.g. On Your Marks Easter 2017 files will be deleted or de-personalised January 2019.
Street Sports Evaluation Forms and registers will be shared with those agencies and professionals who are present on the relevant evenings and with those agencies we work with where sharing is of benefit to all parties. A paragraph denoting this practice is included on the Street Sports consent form. Personal information is not recorded on either of these forms.
Any information shared is done in accordance with the Guernsey Sports Commission Safeguarding and Protecting Children and Vulnerable Adults policy.
Photographs will be stored securely.
Photographs will only be used and kept where consent has been gained, and for the purposes given.
Photographs are taken and stored in line with the Guernsey Sports Commission Safeguarding and Protecting Children and Vulnerable Adults policy.
Photographs on personal devices should be immediately/as soon as possible downloaded to a Guernsey Sports Commission PC/Device and permanently deleted from the personal device.
Photographs may be kept for historical records and review purposes, however there will be no references to individuals or personal information. Such photographs will be securely stored.
The policy sets out the different areas where user privacy is concerned and outlines the obligations & requirements of the users, the website and website owners. Furthermore the way this website processes, stores and protects user data and information will also be detailed within this policy.
This website and its owners take a proactive approach to user privacy and ensure the necessary steps are taken to protect the privacy of its users throughout their visiting experience. This website complies to all UK national laws and requirements for user privacy.
Cookies are small files saved to the user’s computers hard drive that track, save and store information about the user’s interactions and usage of the website. This allows the website, through its server to provide the users with a tailored experience within this website. Users are advised that if they wish to deny the use and saving of cookies from this website on to their computers hard drive they should take necessary steps within their web browsers security settings to block all cookies from this website and its external serving vendors.
Other cookies may be stored to your computers hard drive by external vendors when this website uses referral programs, sponsored links or adverts. Such cookies are used for conversion and referral tracking and typically expire after 30 days, though some may take longer. No personal information is stored, saved or collected.
Users contacting this website and/or its owners do so at their own discretion and provide any such personal details requested at their own risk. Your personal information is kept private and stored securely until a time it is no longer required or has no use, as detailed in the Data Protection Act 1998. Every effort has been made to ensure a safe and secure form to email submission process but advise users using such form to email processes that they do so at their own risk.
This website and its owners use any information submitted to provide you with further information about the products / services they offer or to assist you in answering any questions or queries you may have submitted. This includes using your details to subscribe you to any email newsletter program the website operates but only if this was made clear to you and your express permission was granted when submitting any form to email process. Or whereby you the consumer have previously purchased from or enquired about purchasing from the company a product or service that the email newsletter relates to. This is by no means an entire list of your user rights in regard to receiving email marketing material. Your details are not passed on to any third parties.
This website operates an email newsletter program, used to inform subscribers about products and services supplied by this website. Users can subscribe through an online automated process should they wish to do so but do so at their own discretion. Some subscriptions may be manually processed through prior written agreement with the user.
Subscriptions are taken in compliance with UK Spam Laws detailed in the Privacy and Electronic Communications Regulations 2003. All personal details relating to subscriptions are held securely and in accordance with the Data Protection Act 1998. No personal details are passed on to third parties nor shared with companies / people outside of the company that operates this website. Under the Data Protection Act 1998 you may request a copy of personal information held about you by this website’s email newsletter program. A small fee will be payable. If you would like a copy of the information held on you please write to the business address at the bottom of this policy.
Email marketing campaigns published by this website or its owners may contain tracking facilities within the actual email. Subscriber activity is tracked and stored in a database for future analysis and evaluation. Such tracked activity may include; the opening of emails, forwarding of emails, the clicking of links within the email content, times, dates and frequency of activity [this is by no far a comprehensive list]. This information is used to refine future email campaigns and supply the user with more relevant content based around their activity.
In compliance with UK Spam Laws and the Privacy and Electronic Communications Regulations 2003 subscribers are given the opportunity to un-subscribe at any time through an automated system. This process is detailed at the footer of each email campaign. If an automated un-subscription system is unavailable clear instructions on how to un-subscribe will by detailed instead.
Although this website only looks to include quality, safe and relevant external links, users are advised adopt a policy of caution before clicking any external web links mentioned throughout this website.
The owners of this website cannot guarantee or verify the contents of any externally linked website despite their best efforts. Users should therefore note they click on external links at their own risk and this website and its owners cannot be held liable for any damages or implications caused by visiting any external links mentioned.
This website may contain sponsored links and adverts. These will typically be served through our advertising partners, to whom may have detailed privacy policies relating directly to the adverts they serve.
Communication, engagement and actions taken through external social media platforms that this website and its owners participate on are custom to the terms and conditions as well as the privacy policies held with each social media platform respectively.
Users are advised to use social media platforms wisely and communicate / engage upon them with due care and caution in regard to their own privacy and personal details. This website nor its owners will ever ask for personal or sensitive information through social media platforms and encourage users wishing to discuss sensitive details to contact them through primary communication channels such as by telephone or email.
This website may use social sharing buttons which help share web content directly from web pages to the social media platform in question. Users are advised before using such social sharing buttons that they do so at their own discretion and note that the social media platform may track and save your request to share a web page respectively through your social media platform account.
This website and its owners through their social media platform accounts may share web links to relevant web pages. By default some social media platforms shorten lengthy urls [web addresses] (this is an example: http://bit.ly/zyVUBo).
Users are advised to take caution and good judgement before clicking any shortened urls published on social media platforms by this website and its owners. Despite the best efforts to ensure only genuine urls are published many social media platforms are prone to spam and hacking and therefore this website and its owners cannot be held liable for any damages or implications caused by visiting any shortened links.