GDPR Policy - MAAS Martial Arts Ltd
Martial Arts All Styles
Main menu:
WHAT DOES GDPR MEAN FOR MAAS?
For the purposes of this document “MAAS” refers to MAAS Martial Arts Ltd,
associated membership clubs and umbrella organisations that are under
the wing of MAAS Martial Arts Ltd. (For example Spirit Combat
International, British Kick Boxing Union, etc.)
What does the EU General Data Protection Regulation (GDPR) mean for
clubs and associations?
The GDPR applies to anybody who collects or processes personal data. If you
collect any personal data in running your club in any form, paper records, index
files or computer records then the GDPR will apply to you.
Key changes in the legislation
The new legislation is based on individual’s rights and individual empowerment for
the protection of their data, significantly higher standards of consent are required
than before. The individual must provide clear, freely given, specific, informed and
unambiguous consent for the organisation to process their personal data.
The consent document should be laid out in clear simple terms. MAAS obtains
these consent/s via our various application forms.
The definition of personal data has been significantly expanded. Please note that
Parental/Guardian consent is required for the processing of personal data of
children under age 16.
Processes must be built on the principle of privacy by design, with the principles
of protection of data built it from day one.
Data retention
Retention policies need to be clear. You can’t keep data for longer than is necessary
for the purpose for which it was collected. You also need to inform people how long
you will keep their personal data and you can’t keep it indefinitely.
Breaches
You will only have 72 hours from being aware of a breach to report it to the ICO.
You need to make sure that personal data is held securely, i.e. that electronic
documents are encrypted and/or password protected and that they are backed
up on a regular basis. You also need to make sure that you and your assistants if
any, can identify when a breach has happened and that they know what they
should do and who they should talk to.
Data transfer
One of the principles of the Data Protection Act 1998 (and the GDPR), is that you
can only process data for the purpose for which it is collected. This means that if
you collect a name and contact details of an individual, so that they can become
a member of your club, you can’t simply use that information to allow your
affiliates to contact them for marketing purposes. You also need to tell people
when they join your club if you are going to transfer their data, for example to an
umbrella organisation.
Privacy or data capture statements.
When individuals provide you with their details, make sure you are clear and
transparent about why you have it and what you will do with their information.
This means you need to make sure that you have the right data capture
statements to present to individuals when they give you their personal details.
MAAS GDPR POLICY.
We respect the privacy of all members who join us.
We may use the details you supply to us to contact you via telephone, email,
social media platforms or post so that we can send you information regarding
your membership, club and other relevant news.
Confidentiality.
MAAS respect confidentiality in the following ways:
We will only ever share information with a parent about their own child.
Information given by parents to MAAS about their child will not be passed on to
third parties other than MAAS insurers without permission unless there is a
safeguarding issue.
Issues relating to instructors or staff, whether paid or voluntary, will remain
confidential to those making personnel decisions.
Any personal data is stored securely in a lockable file. Any digital information is
encrypted or password protected.
What personal data we hold on you.
You may give us information about you or your family member by filling in
application forms at the club or online, or by corresponding with us by phone, email
or otherwise. This includes information that you provide when you fill out an
application form, or subscribe to any online service on our website. The
information you give us may include for example your name, date of birth,
address, e-mail address, phone number and any emergency contact details.
We may also ask for sensitive personal data such as any relevant health
information and any criminal convictions which may have a bearing on any
safeguarding issue as detailed in our Safeguarding Policy.
Why we need your personal data.
The reason we need your data is to be able to administer your membership and
insurance requirements. Our lawful basis for processing your personal is that we
have a contractual obligation to you as a member to provide the services you are
applying for.
Sharing of personal data.
There are reasons why we may need to share personal data both internally within
MAAS and externally.
Processing of application forms for insurance purposes with our approved
insurance supplier/s.
To manage training sessions, special events or competitions.
To provide information about club activities, membership renewals or invitations
to events.
Newsletters promoting club activities and competitions.
Publishing of competition results.
Marketing and communications (where separate consent is provided.)
Providing information about promotions and offers.
Providing information about selling/purchasing of merchandise and equipment.
Any sensitive personal data that we may hold on you is only processed for D.B.S.
(Disclosure and Barring Service) or Safeguarding checks. Medical data for insurance
purposes, which may also be shared with registered instructors or emergency
services to allow the safe running of any training sessions/competitions. We process
this data on the lawful basis of consent. Therefore, we will also need your explicit
consent to process this data, which we will ask for at the point of collecting it.
MAAS may have an official presence on social media platforms/internet (For
example Facebook, WhatsApp, Instagram.) If you join one of the social media
platforms, please note that providers of the social media platform/s have their
own data/privacy policies and that MAAS do not accept any responsibility or
liability for these policies. Please check these policies before you submit any
personal data on the club social media pages.
When you become a member of MAAS, you are also registered with any umbrella
organisations under the wing of MAAS.
MAAS does not share any personal data it holds to any other third party than
otherwise stated above or process data for any further purposes other than those
detailed in this policy.
MAAS will share any data that we hold with law enforcement agencies where we
are legally obliged to do so.
MAAS does not store or transfer your personal data outside of the U.K./E.U.
How long we hold your personal data.
We will hold your personal data on file for as long as you have an active account
with us. Membership data is generally updated every year on annual
membership/insurance application forms. Any personal data we hold on you will
be securely destroyed after three years of inactivity on your account. (Subject to
any other data retention requirements as required for example accident records,
insurance claims or any other reason where we are required to do so by law.)
Your rights regarding your personal data.
As a data subject you may have the right at any time to request access to,
rectification or erasure of your personal data; to restrict or object to certain kinds
of processing of your personal data, including direct marketing; to the portability
of your personal data and to complain to the UK’s data protection supervisory
authority, the Information Commissioner’s Office about the processing of your
personal data.
As a data subject you are not obliged to share your personal data with the MAAS.
If you choose not to share your personal data with us we will not be able
administer your membership/insurance which will have an affect on you joining or
renewing membership/insurance at any MAAS registered club.
Contact & communication with us.
Persons contacting this us through a website or social media platform do so at
their own discretion and provide any such personal details requested at their own
risk. Your personal information is kept private and stored securely until a time it
is no longer required or has no use.
Where we have clearly stated and made you aware of the fact, and where you
have given your express permission, we may use your details to send you
products/services information through a mailing list system.
Email mailing list & marketing messages.
We may operate an email mailing list program, used to inform subscribers about
products, services and/or news we supply/publish. Users may be able to
subscribe through an online automated process if available. Where members have
given their explicit permission.
Subscriber personal details are collected, processed, managed and stored in
accordance with this policy. Subscribers maybe able unsubscribe at any time
through an automated online service if available. But otherwise can unsubscribe
by following the detailed information in the footer of sent marketing messages.
Email marketing messages may contain tracking beacons/tracked clickable links or
similar server technologies in order to track subscriber activity within email
marketing messages. Where used, such marketing messages may record a range
of subscriber data relating to engagement, geographic, demographics and already
stored subscriber data.
25th May 2018
Signed: Brian Dossett