Data Protection Policy

JMCK Soccer Schools

Data Protection Policy

    1. About this Policy
      • This Policy is about how to deal with data protection matters internally. It should be made available to anyone who comes into contact with personal data during the course of their involvement with JMCK SOCCER SCHOOLS (referred to as “BCS”, “The Club” or “we”, “our”, “us”)
      • We handle personal data about current, former, and on occasion prospective players.
      • We recognise the need to treat all personal data in an appropriate and lawful manner, in accordance with the EU General Data Protection Regulation 2016/679 (GDPR).
      • Correct and lawful treatment of this data will maintain confidence in and protect the rights of players and any other individuals associated with JMCK Soccer Schools. This Policy sets out our data protection responsibilities and highlights the obligations of anyone acting for or on behalf of JMCK Soccer Schools
      • You are obliged to comply with this policy when processing personal data on behalf of The Club
      • The committee will be responsible for ensuring compliance with this Policy. Any questions about this Policy or data protection concerns should be referred to the committee.
      • We process a member’s personal data for administrative and management purposes. Our purpose for holding this personal data is to be able to contact relevant individuals on our business
What we need from you
    1. To assist with our compliance with GDPR, we will require you to comply with the terms of this policy.

Please help us to comply with the data protection principles

    1. please ensure that you only process data in accordance with our transparent processing as set out in our Privacy notice;
    2. please only process personal data for the purposes for which we have collected it ( if you want to do something different with it, then please speak to John McKellar at JMCK Soccer Schools or Email:
    3. please do not ask for further information about players and/or members and/or staff and/or volunteers without first checking with JMCK Soccer Schools
    4. please comply with our retention periods listed in our Privacy Notice and make sure that if you still have information which falls outside of those dates, that you delete/destroy it securely;
    5. Please treat all personal data as confidential. If it is stored in electronic format, then please consider whether the documents themselves should be password protected or whether your personal computer is password protected and whether you can limit the number of people who have access to the information. Please also consider the security levels of any cloud storage provider (and see below). If it is stored in hard copy format, then please make sure it is locked away safely and is not kept in a car overnight or disposed of in a public place;
    6. If you are looking at using a new electronic system for the storage of information, please talk to the committee first so that they can decide whether such a system is appropriately secure.
    7. if you receive a subject access request, then please tell The Secretary as soon as possible

if you think there has been a data breach (for example you have lost personal data or a personal device which contains personal data or you have sent an email and open copied all contacts in), then please speak to John McKellar

  1. Data protection principles
    • Anyone processing personal data must comply with the enforceable principles of data protection. Personal data must be:
      • processed lawfully, fairly and in a transparent manner;
      • collected for only specified, explicit and legitimate purposes;
      • adequate, relevant and limited to what is necessary for the purpose(s) for which it is processed;
      • accurate and, where necessary, kept up to date;
      • kept in a form which permits identification of individuals for no longer than is necessary for the purpose(s) for which it is processed;
      • processed in a manner that ensures its security by appropriate technical and organisational measures to protect against unauthorised or unlawful processing and against accidental loss, destruction or damage;
    • We are responsible for and must be able to demonstrate compliance with the data protection principles listed above.
  2. Processing for limited purposes
    • JMCK Soccer Schools collects and processes personal data. This is data we receive directly from an individual and data we may receive from other sources.
    • We will only process personal data for the purposes of the club as instructed by the committee. We will let individuals know what those purposes are when we first collect the data or as soon as possible thereafter.
  3. Consent
    • One of the lawful bases on which we may be processing data is the individual’s consent.
    • An individual consents to us processing their personal data if they clearly indicate specific and informed agreement, either by a statement or positive action.
    • Individuals must be easily able to withdraw their consent at any time, and withdrawal must be promptly honoured.
    • Where consent is our legal basis for processing, we will need to keep records of when and how this consent was captured.
    • Our Privacy Notice sets out the lawful bases on which we process data of our players
  4. Notifying individuals
    • Where we collect personal data directly from individuals, we will inform them about:
      • the purpose(s) for which we intend to process that personal data;
      • any possible consequences of failing to provide that personal data;
      • The types of third parties, if any, with which we will share that personal data.
      • The period for which data will be stored and how that period is determined;
      • any automated decision-making processing of that data and whether the data may be used for any further processing, and what that further processing is.
    • If we receive personal data about an individual from other sources, we will provide the above information as soon as possible and let them know the source we received their personal data from;
  5. Adequate, relevant and non-excessive processing
    • We will only collect personal data that is required for the specific purpose notified to the individual.
    • You may only process personal data if required to do so in your official capacity with BCS. You cannot process personal data for any reason unrelated to your duties.
    • JMCK Soccer Schools must ensure that when personal data is no longer needed for specified purposes, it is deleted or anonymised.
  6. Accurate data

We will ensure that personal data we hold is accurate and kept up to date. We will check the accuracy of any personal data at the point of collection and at the annual renewal date (normally August). We will take all reasonable steps to destroy or amend inaccurate or out-of-date data.

  1. Timely processing

We will not keep personal data longer than is necessary for the purpose(s) for which they were collected. We will take all reasonable steps to destroy or delete data which is no longer required, as per our Privacy Notice.

  1. Processing in line with data subjects’ rights
    • As data subjects, all individuals have the right to:
      • be informed of what personal data is being processed;
      • request access to any data held about them
      • object to the processing of their data for direct marketing purposes (including profiling);
      • ask to have inaccurate or incomplete data rectified;
      • be forgotten (deletion or removal of personal data);
      • restrict processing;
      • not be subject to a decision which is based on automated processing.
  1. Data security
    • We will take appropriate security measures against unlawful or unauthorised processing of personal data, and against the accidental loss of, or damage to, personal data.
    • We have proportionate procedures and technology to maintain the security of all personal data.
    • Personal data will only be transferred to another party to process on our behalf where we have a GDPR-compliant written contract in place.
    • We will maintain data security by protecting the confidentiality, integrity and availability of the personal data.
  • Reporting a personal data breach

12.1      In the case of a breach of personal data, we may need to notify the committee and the individual.

12.2    If you know or suspect that a personal data breach has occurred, inform a member of the committee immediately. You should preserve all evidence relating to a potential personal data breach.

  • Dealing with subject access requests

13.1      Individuals may make a formal request for information we hold about them. Anyone who receives such a request should forward it to a member of the committee. Nobody should feel bullied or pressured into disclosing personal information. When receiving telephone enquiries, we will only disclose personal data if we have checked the caller’s identity to make sure they are entitled to it.

  • Accountability

14.1      The we must implement appropriate technical and organisational measures to look after personal data, and is responsible for, and must be able to demonstrate compliance with the data protection principles.

14.2    JMCK Soccer Schools must have adequate resources and controls in place to ensure and to document GDPR compliance, such as:

  1. providing fair processing notice to individuals at all points of data capture;
  2. reviewing the privacy measures implemented by JMCK Soccer Schools.
  • Changes to this policy

We reserve the right to change this policy at any time. Where appropriate, we will notify you by email.