Data Protectionpolicy

SCOTTISH JUNIOR

FOOTBALLASSOCIATION

DATA PROTECTIONPOLICY

CONTENTS

Section1:Introduction

Section2:Principles

Section3:Personal Data

Section4:Sensitive Personal Data

Section5:Processing Personal Data

Section6:Rights of Access

Section7:Exemptions

Section8:Disclosure of Information

Section9:Security

1.INTRODUCTION

1.1SJFAisrequiredtoprocessrelevantpersonaldataregardingemployeesandmembers aspartofitsoperationandshalltakeallreasonablestepstodosoinaccordancewith this Policy.

1.2Processing may include obtaining, recording, holding, disclosing, destroying or otherwiseusingdata. InthisPolicy any referencetoemployeesincludescurrentpastor prospective employees.

1.3All members authorisetheSJFA to hold data, under coveroftheDataProtection Act

1998, in relation to advertising, marketing &public relations, accounts & records, administration ofmembership records includingpreparation ofteamlines and fundraising.

1.4TheSJFASecretarywill act as DataProtection ComplianceOfficer.

2.THEPRINCIPLES

2.1Anyone processing personal data must comply with the eight principles of good practice.Theseprovidethat personal datamust be:

2.1.1Processed fairlyand lawfully;

2.1.2Processed forlimited purposes and in an appropriateway;

2.1.3Adequate, relevantand not excessive forthepurpose;

2.1.4Accurate;

2.1.5Not kept longerthan necessaryforthepurpose;

2.1.6Processed in linewith datasubjects' rights;

2.1.7Secure;

2.1.8Not transferred to people or organisations situated in countries without adequateprotection.

3.PERSONALDATA

3.1Personaldatacoversbothfactsandopinionsaboutanindividual.TheSJFAmay

processawiderangeofpersonaldataofemployeesand/ormembersaspartofits operation.

3.2Thispersonaldatamayinclude(butisnotlimitedto);namesandaddresses,bank details, disciplinaryand attendancerecords, datesofbirth and membershipdetails.

4.SENSITIVEPERSONALDATA

4.1SJFAmay,fromtimetotime,berequiredtoprocesssensitivepersonaldataregarding

an employeeand/ormember.

4.2Sensitivepersonal dataincludes but is not limitedto:

4.2.1medical information;

4.2.2data relatingto membership;

4.2.3data relatingto disciplinaryproceedings;

4.2.4criminal records and proceedings;

4.2.5data relatingto point 5.2

4.3Wheresensitivepersonaldatais processed bySJFA the explicit consent ofthe appropriateindividual will be requiredas and when makingapplication for membership.

5.PROCESSING PERSONALDATA

5.1Isanyactivitythat involves useofthedata, includingsimplyviewingthedata. It includes

obtaining, recordingorholdingthedata,or carryingoutanyoperation orset of operations on thedataincludingorganising,amending, retrieving, using, disclosing, erasingordestroyingit. Processing also includestransferringpersonal datato third parties (even partnerorganisations).

5.2SJFAanditsManagement Committeemayholdsomeorallofthefollowingdataaboutsome orallmembersandotherswhocompete infootballunderthe jurisdictionofSJFA: name,postalandemailaddresses,phone andfaxnumbers,year of birth,disclosure information,competitionage class,competitionresults,officesheld,skillsand qualifications,coursesattendedanddetailsofofficiatingatcompetitions.The datamay beheld in electronicorpaper form.

5.3Thedatamay beobtaineddirectlyfromanindividualperson,amemberclub,amember leagueorotherorganisations.

5.4ThedataisusedinorganisingJuniorfootballinScotlandandforsocialpurposes, including,butnotlimitedto,mailing ofmagazinesandotherliterature, publicationof competition entries andresults, tournaments, coaching, teamselection,training and appointment ofofficials.

6.RIGHTSOFACCESS

6.1AformalrequestfromadatasubjectforinformationSJFAholdsaboutthemmustbe

made inwriting,signedandaddressedtotheData Protection Compliance Officer. Employees,Management Committee orworking group/committeemembers, volunteers,SJFA members, registeredofficials,advisers,consultants,contractorsandagentswhoreceive a written request should forward it to the Data Protection Compliance Officer immediately. SJFAwillrespondtothe requestwithin40calendar daysandhastherighttochargea fee (presentlyno morethan £10) forthis service.

6.2Whenreceivingtelephoneenquiries,employeesorSJFAofficevolunteers,member league officials,memberclubofficials,advisersor consultantsshouldbecarefulabout disclosinganypersonal information held on SJFA, leagueorclub systems.

In particulartheyshould:-

6.2.1Checkthecaller'sidentitytomakesurethatinformationisonlygiventoa personwhoisentitledtoit. Acommonsenseapproachshouldbe takenwhen verifyingtheidentityofthecaller. Forexample,ifyoupersonallyknowthe individualandaresatisfiedthattheyarecallingthisoughttobesufficient. If youdonotknowthecaller,youcouldasktoreturntheircallandensurethat the number giventallieswiththatonthe membershipdatabase recordforthe person. Alternatively ifindividualshavebeenissuedwithapasswordthe information can bereleased iftheycorrectlydisclosetheirpassword;

6.2.2Suggestthatthecallerputtheirrequestinwritingwheretheemployeesor SJFAoffice volunteers,member league officials,member clubofficials, advisersorconsultantsarenotsureaboutthecaller'sidentity andwheretheir identitycannotbechecked. Alternatively,theindividualshouldbeaskedto attend in person (especiallyiftheinformation is ofasensitivenature).

6.2.3RefertotheDataProtectionComplianceOfficerforassistanceindifficult situations(forexample,whereany requestmightinvolvedisclosingsomeone else’spersonaldata). Any employeesorSJFAofficevolunteers,member leagueofficials,memberclubofficials,advisersorconsultantsshouldnotbe bullied into disclosingpersonal information.

7.EXEMPTIONS

7.1CertaindataisexemptedfromtheprovisionsoftheDataProtectionActwhichincludes

the following:

7.1.1 Theprevention ordetection of crime;

7.1.2 The assessment ofanytaxor duty;

7.1.3Wheretheprocessingisnecessary toexercisearightorobligationconferredor imposed bylaw upon theSJFA.

7.2TheaboveareexamplesonlyofsomeoftheexemptionsundertheAct. Anyfurther informationonexemptionsshouldbe sought fromthe Data Protection Compliance Officer.

8.DISCLOSUREOFINFORMATION

8.1SJFAmayreceiverequestsfromthirdpartiestodisclosepersonaldataitholdsabout

employees,officevolunteers,membersetc. SJFAconfirmsthatitwillnotgenerally disclose informationunlessthe individualhasgiventheirconsentor oneof the specific exemptions undertheDataProtection Act applies.

8.2WhereSJFAreceivesadisclosurerequestfromathirdpartyitwilltakereasonable steps to verifytheidentityofthethird partybeforemaking anydisclosure.

9.SECURITY

9.1SJFAwilltakereasonablestepstoensurethatmembersofstaffandofficevolunteers

willonlyhaveaccesstopersonaldatarelatingtoemployeesormemberswhereitis necessaryforthem to doso.

9.2Allemployeesandofficevolunteerswillbemadeawareofthispolicyandtheirduties undertheDataProtectionAct. SJFAwillensurethatallpersonalinformationisheld securelyand is not accessibleto unauthorised persons.

9.3SJFAand its Management Committee shall:

9.3.1 Review thelength oftimetheykeep personal data;

9.3.2Considerthepurposeorpurposestheyholdtheinformationforindeciding whether(and forhow long)to retain it;

9.3.3Securelydeleteinformationthatisnolongerneededforthispurposeorthese purposes; and

9.3.4 Update, archiveorsecurelydeleteinformation ifit goes out ofdate.

1st November 2017