Summary of how Stockwood Park RFC and the RFU use your data
Stockwood Park RFC (also referred to as “the club”, “we” or “us”) uses your personal data to conduct its business and pursue its legitimate interests, in particular;
- To manage and administer your membership and your involvement with its teams and club, and to keep in contact with you for these purposes.
- Where you make contact with the club via mail, telephone, e-mail or contact forms on the club website this information may also be used to contact you, manage your membership or manage any bookings or purchases made with the club.
- When placing an order or booking in the club shop we collect information to allow us to manage the order or booking as well as process the payment.
- Some data is shared with the RFU, who use your data to regulate, develop and manage the game.
- Some data is shared with other stakeholders in rugby, such as, but not limited to, other clubs, constituent bodies, referee societies, league organisers, equipment and kit providers so that they can provide kit and equipment appropriately, maintain appropriate records and assist us in organising matches and administering the game.
- Where we or the RFU rely on your consent, such as any consent we seek for email marketing, you can withdraw this consent at any time.
- Amongst the data we collect from you may be medical (including injury) information. We will hold this where you (or your parent) have given consent, so that we can ensure we are aware of your condition and that you are supported appropriately.
- Where you work in a particular role within the game, you may be required to undergo a Disclosure & Barring Service check using the RFU’s eDBS system. The result of this check will be input into your Game Management Service (GMS) record.
- Some data is shared with our payment processors, Stripe, to allow us to process payments on our website.
- To personalize your site experience and to allow us to deliver the type of content and product offerings in which you are most interested or administer a contest, promotion, survey or other site feature.
- To allow us to better service you in responding to your customer service requests.
- If you have opted-in to receive our e-mail newsletter, we may send you periodic e-mails. If you would no longer like to receive promotional e-mail from us, please refer to the “How can you opt-out, remove or modify information you have provided to us?” section below. If you have not opted-in to receive e-mail newsletters, you will not receive these e-mails. Visitors who register or participate in other site features such as marketing programs and ‘members-only’ content will be given a choice whether they would like to be on our e-mail list and receive e-mail communications from us.
- You may, however, visit our site anonymously, however, you will not be able to see all information if visiting the site anonymously.
What information do we collect?
We collect and process personal data from you or your parent when you join and when we carry out annual renewals of your membership. This includes:
- your name
- your gender,
- your date of birth,
- your RFU ID (as assigned in GMS)
- your home address, email address and phone number;
- your legal guardian(s) home address, email address and phone number if under the age of 18.
- your passport and NI details, where we have to check your eligibility or ability to work for us;
- your type of membership and involvement in particular teams, or any key role you may have been allocated, such as Chair, Safeguarding Lead, Membership Secretary etc.
- your payment and/or bank account details, where you provide these to pay for membership.
- your marketing preferences, including any consents you have given us.
- your clothing and kit sizes.
- your medical conditions or disability, where you provide this to us with your consent (or your parent’s consent) to ensure we are aware of any support we may need to provide to you.
- Some information will be generated as part of your involvement with us, in particular data about your performance, involvement in particular matches in match reports and details of any disciplinary issues or incidents you may be involved in on and off the pitch, such as within health and safety records.
- We collect information from you when you register on the site, place an order, enter a contest or raffle, respond to a survey or communication such as e-mail, or participate in any such site feature.
- When using our online shop we track which products you’ve viewed: we’ll use this to, for example, show you products you’ve recently viewed
- We may also use or track your Location, IP address and browser type: we’ll use this for purposes like estimating taxes and shipping
- Shipping address: we’ll ask you to enter this so we can, for instance, estimate shipping before you place an order, and send you the order!
- When you purchase from us, we’ll ask you to provide information including your name, billing address, shipping address, email address, phone number, credit card/payment details and optional account information like username and password. We’ll use this information for purposes, such as, to:
- Send you information about your account and order
- Respond to your requests, including refunds and complaints
- Process payments and prevent fraud
- Set up your account for our store
- Comply with any legal obligations we have, such as calculating taxes
- Improve our store offerings
- Send you marketing messages, if you choose to receive them
- If you create an account, we will store your name, address, email and phone number, which will be used to populate the checkout for future orders.
- We generally store information about you for as long as we need the information for the purposes for which we collect and use it, and we are not legally required to continue to keep it. For example, we will store order information for 7 years for tax and accounting purposes. This includes your name, email address and billing and shipping addresses.
- We will also store comments or reviews, if you choose to leave them.
- When making payments on the club website we may ask for bank details or credit card details to allow us, and/or our 3rd party payment processor (Stripe), to process the payment for your order. We do not retain any payment related information such as bank details or credit card/debit card information either during or after the payment has been processed.
- For information on how bank details or card details are processed when making payment on the RFU or RFU related websites, please check with these websites directly for details on how your bank or card information is processed or held.
- Banking or card details held on our payment processor, Stripe, are not visible to any club Stripe administrator as they are tokenised. For further information on how information and details are secured on Stripe please check with the Stripe website directly.
How does the RFU use any of my information?
The RFU provides GMS, but make its own use of the following information:
- your name;
- your gender;
- your date of birth;
- your RFU ID (as assigned in GMS);
- your home address, email address and phone number; and
- your type of membership and involvement in particular teams at the Club, or any key role you may have been allocated, such as Chair, Safeguarding Lead, Membership Secretary etc.
The RFU uses this information as follows:
- As required by the RFU to conduct its business and pursue its legitimate interests, in particular:
- communicating with you or about you where necessary to administer Rugby in England, including responding to any questions you send to the RFU about GMS;
- administering and ensuring the eligibility of players, match officials and others involved in English rugby – this may involve the receipt of limited amounts of sensitive data in relation to disabled players, where they are registered for a disabled league or team, or in relation to anti-doping matters;
- maintaining records of the game as played in England, in particular maintaining details of discipline and misconduct;
- monitoring use of GMS, and using this to help it monitor, improve and protect its content and services and investigate any complaints received from you or from others about GMS;
- maintaining statistics and conducting analysis on the make-up of rugby’s participants;
- ensuring compliance with the current RFU Rules and Regulations including those on the affiliation of clubs, referee societies, constituent bodies and other rugby bodies, and registration of players; and
- communicating with you to ask for your opinion on RFU initiatives.
- For purposes which are required by law:
- The RFU will ensure, where you will work with children and where this is required, that you have undergone an appropriate DBS check – this is also carried out with your consent.
- The RFU may respond to requests by government or law enforcement authorities conducting an investigation.
How do we protect visitor information?
We implement a variety of security measures to maintain the safety of your personal information. Your personal information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems, and who are required to keep the information confidential. When you place orders or access your personal information this is done via a secure/encrypted connection.
Do we disclose or share the information we collect to outside parties?
We do not sell, trade, or otherwise transfer to outside parties your personally identifiable information. We may release your information when we believe release is appropriate to comply with the law, enforce our site policies, or protect ours or others’ rights, property, or safety.
Who will we share this data with, where and when?
In addition to sharing data with the RFU, we will share some limited information with East Midlands Rugby Union, East Midlands Referee Society and Bedfordshire County Rugby Union and other stakeholders in rugby, such as, but not limited to, other clubs, constituent bodies, referee societies, league organisers, equipment and kit providers so that they can, provide kit and equipment appropriately, maintain appropriate records and assist us in organising matches and administering the game.
Personal data may be shared with government authorities and/or law enforcement officials if required for the purposes above, if mandated by law or if required for the legal protection of our or the RFU’s legitimate interests in compliance with applicable laws.
Personal data will also be shared with third party service providers, who will process it on our behalf for the purposes identified above. Such third parties include the RFU as the provider of GMS and providers of payment processing, both manual and internet based such as Stripe. Stripe is our payment processor for website transactions and only regulatory and information required to process the payment is passed to Stripe.
Where information is transferred outside the EEA, and where this is to a stakeholder or vendor in a country that is not subject to an adequacy decision by the EU Commission, data is adequately protected by EU Commission approved standard contractual clauses, an appropriate Privacy Shield certification or a vendor’s Processor Binding Corporate Rules. A copy of the relevant mechanism can be provided for your review on request.
How long will you retain my data?
We process the majority of your data for as long as you are an active member and for 10 years after this.
Some data, some examples, but not limited to;
- for historical purposes, e.g. team photo with names
- team selection sheets
- team or player statistics
will be retained indefinitely unless you contact us to request removal of this information.
Where we process personal data for marketing purposes or with your consent, we process the data for 10 years unless you ask us to stop, when we will only process the data for a short period after this (to allow us to implement your requests). We also keep a record of the fact that you have asked us not to send you direct marketing or to process your data indefinitely so that we can respect your request in future.
Where we process personal data in connection with performing a contract or for a competition, we keep the data for 10 years from your last interaction with us.
We will retain information held to maintain statutory records in line with appropriate statutory requirements or guidance.
The RFU will maintain records of individuals who have registered on GMS, records of DBS checks and the resulting outcomes and other disciplinary matters for such period as is set out in the RFU’s privacy notice to be set out on www.englandrugby.com.
Records of your involvement in a particular match, on team sheets, on results pages or in match reports may be held indefinitely both by us and the RFU in order to maintain a record of the game.
What rights do I have?
As a user, you will;
- be able to be removed from the site and have all your data deleted from our or any other third party server that your data might have been sent to.
- be able to restrict active processing of your data.
- be able to anonymize some of their data.
- be able to have their data rectified.
- be able to submit a complaint to a supervising authority.
- be able to access and download all data in a structured and machine readable format that you or any third-party your site uses to collect information on them.
You may also check your current [gdpr_preferences text=”Privacy Preferences”].
These rights may be limited, for example if fulfilling your request would reveal personal data about another person, or if you ask us to delete information which we are required by law to keep or have compelling legitimate interests in retaining the information.
You have the same rights for data held by the RFU for its own purposes on GMS.
To exercise any of these rights, you can get in touch with us– or, as appropriate, the RFU or its data protection officer – using the details set out below. If you have unresolved concerns, you have the right to complain to the Information Commissioner’s Office.
Much of the information listed above must be provided on a mandatory basis so that we can make the appropriate legal checks and register you as required by RFU Rules and Regulations. We will inform you which information is mandatory when it is collected. Some information is optional, particularly information such as your medical information. If this is not provided, we may not be able to provide you with appropriate assistance, services or support.
How can you opt-out, withdraw consent, remove or modify information you have provided to us?
Wherever we rely on your consent, you will always be able to withdraw that consent, although we may have other legal grounds for processing your data for other purposes, such as those set out above. In some cases, we are able to send you direct marketing without your consent, where we rely on our legitimate interests. You have an absolute right to opt-out of direct marketing, or profiling we carry out for direct marketing, at any time. You can do this by following the instructions in the communication where this is an electronic message, or by contacting us using the details set out below in the “How do I get in touch with you or the RFU?” section.
You may submit the following GDPR requests here, you must be logged on to submit these requests via the website;
How do I get in touch with you or the RFU without using our website?
We hope that we can satisfy queries you may have about the way we process your data. If you have any concerns about how we process your data, or would like to opt out of direct marketing, you can get in touch via the contact form by selecting the Data Protection Officer from the list of Club Contacts or by writing to Stockwood Park RFC, Data Protection Officer, London Road, LU1 3RN.
If you have any concerns about how the RFU process your data, you can get in touch at firstname.lastname@example.org or by writing to The Data Protection Officer, Rugby Football Union, Twickenham Stadium, 200 Whitton Road, Twickenham TW2 7BA.
Third party links
In an attempt to provide you with increased value, we may include third party links on our site. These linked sites have separate and independent privacy policies. We therefore have no responsibility or liability for the content and activities of these linked sites. Nonetheless, we seek to protect the integrity of our site and welcome any feedback about these linked sites (including if a specific link does not work).
Questions and feedback
We welcome your questions, comments, and concerns about privacy. Please send us any and all feedback pertaining to privacy, or any other issue.
Terms and Conditions
Please also visit our Terms and Conditions page on our website to establish the use, disclaimers, and limitations of liability governing the use of our website.