NRU

General Data Protection Regulation Statement

Northumberland RFU
Data Protection Statement

NRFU is fully committed to full compliance with the requirements of the General Data Protection Regulation. NRFU will therefore follow procedures which aim to ensure that all employees, elected Officers, Team Management, Partners or other servants or agents of the NRFU or RFU (collectively known as data users) who have access to any personal data held by or on behalf of NRFU are fully aware of and abide by their duties under the General Data Protection Regulation 

 
Statement of Policy

NRFU needs to collect and use information about people with whom it works in order to operate and carry out its functions in supporting the game of rugby. These may include Players, Clubs, Members, Members of the Public, Clients and Customers and Suppliers.

In addition, NRFU may be required to collect and use information in order to comply with the requirements of the RFU and WR. This personal information will be handled and dealt with properly however it is collected, recorded and used and whether it is on paper, in computer records or recorded by other means. 

NRFU regards the lawful and appropriate treatment of personal information as very important to its successful operations and essential to maintaining confidence between NRFU and those with whom it carries out business. NRFU therefore fully endorses and adheres to the Principles of the General Data Protection Regulation. 

 

Handling personal/special category data

NRFU will, through management and use of appropriate controls, monitoring and review:

  • Use personal data in the most efficient and effective way to deliver better services 
  • Strive to collect and process only the data or information which is needed 
  • Use personal data for such purposes as are described at the point of collection, or for purposes which are legally permitted 
  • Strive to ensure information is accurate 
  • Not keep information for longer than is necessary 
  • Securely destroy data which is no longer needed 
  • Take appropriate technical and organisational security measures to safeguard information (including unauthorised or unlawful processing and accidental loss or damage of data) 
  • Ensure that information is not transferred without suitable safeguards 
  • Ensure that there is general information made available to the public of their rights to access information 
  • Ensure that the rights of people about whom information is held can be fully exercised under the General Data Protection Regulation

These rights include:

  • The right to be informed
  • The right of access to personal information
  • The right to request rectification
  • The right to request erasure 
  • The right to restrict processing in certain circumstances 
  • The right to data portability
  • The right to object to processing 

 

The Principles of Data Protection

Anyone processing personal data must comply with 6 principles of good practice. These principles are legally enforceable. 

Summarised, the principles require that personal data shall be: 

1.         processed lawfully, fairly and in a transparent manner in relation to individuals 

2.         collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes; 

3.         adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed; 

4.         accurate and where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay; 

5.         kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals;

6.         processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures in accordance with the rights of data subjects under the Act 

The Act provides conditions for the processing of any personal data. It also makes a distinction between personal data and 'special category' data. 

Personal data is defined as any information relating to an identified or identifiable natural person.

NRFU endeavours to summarise the purposes for which your personal data will be processed (by the RFU, WR and your club) when collecting your personal data from you for registration and related purposes.

This notice is simply to provide further details about the way in which the NRFU, RFU, WR and your Club may process so-called sensitive personal data relating to you.

Ethnicity data

If data is collected from you, it will be used to identify and keep under review equality of opportunity at the NRFU and within the game. It will also be anonymously used for statistical and reporting purposes.  

Disability data  

If data is collected from you, it will be used to identify and keep under review equality of opportunity at the NRFU and within the game. It will also be anonymously used for statistical and reporting purposes.  

Injuries data  

This may be collected by the NRFU directly from you or via your club, for example through our Reportable Injuries Scheme. It will be used (anonymously) for statistical and reporting purposes and may be used in connection with any subsequent legal claims.  

Criminal records data  

The RFU is registered with the Disclosure and Barring Service to assist it in ensuring that those who take up appointments do not pose a risk to the children in its care. NRFU may therefore process criminal records data disclosed by the DBS. This will be processed in accordance with the DBS’s Code of Practice for Registered Persons.

Anti-Doping data

This data may be collected from you by the RFU either through a TUE application or through sample collection and analysis, if you are within the RFU’s national registered testing pool. It will be used for the purpose of administering the RFU’s anti-doping programme and may be used by the RFU (or any other organisations involved in doping control) for the purposes of any disciplinary proceedings brought against you for anti-doping rule violation.  

Your data (including medical data) may be passed to WR, WADA, UK Sport and other organisations or individuals involved in the administration of the doping control process or concerned with the results of that process.

NRFU is registered with the Information Commissioners Office (ICO).

Contact NRFU Data Officer at: dataofficer@northumberlandrfu.co.uk