Data Protection & GDPR

Data Protection & GDPR

As of the 25th May 2018, the new EU General Data Protection Regulation (GDPR) came into force, replacing current EU Data Protection policies, and has been adopted into UK law and so will carry through beyond BREXIT.
Action to take now:

  • Youth Section players will be required to complete/update Player Consent Forms for the 2018/19 season. Team Managers/Admins will contact parents/guardians of their respective squads to ensure all members have/will complete this form. The form is available through this link.
  • If you are registered online (Pitchero) - please log into your account and ensure your contact details are correct by updating your Personal Details Page. All players and parents of players should allow their contact details to be visible for team admins/officials to allow ease of contact in an emergency. If you are a controller of data* then when you login Pitchero will ask you to confirm your acceptance of their Privacy and GDPR policies and procedures.
  • If you are not registered on our website and are a current member, senior player or guardian of U18 Player - please go to our website and sign up. You can do complete this on your Eton Manor RFC Sign up page.

What is GDPR ?
In short and simplest terms, the regulation requires:

  • All those that hold data to do so responsibly and maintain its security in collection, retention, and deletion.
  • We must ensure there is a clear requirement to hold data and that we are taking the process seriously.
  • Further, that through a request (SAR) we are able to provide an individual with a copy of the data that we hold.
  • It categorises data into personal (factual, opinion etc) and sensitive personal data (beliefs, health, convictions etc)

What do we do at Eton Manor RFC?
  • Anyone with personal data access remains responsible for the safe management and integrity of information they hold as a data controller, whether that be through a third-party system or direct management.
  • An updated Privacy Policy is available through the website and will be kept up to date.
  • We have an app for coaches to contact parents and players for availability and team messages
  • Once transferred to Pitchero, they are responsible for the management of data and have produced their own Privacy Policy and GDPR Policy.
  • When purchasing information through the website (i.e. Memberships, Rugby Camps etc) the data is managed by GoCardless and we are not privy to further data (which is outside the GDPR policy) such as bank details. They have produced their own GoCardless GDPR Policy Guidelines.
  • We store member details in Pitchero where each member is able to view and amend accordingly. For U18 Players we store extended personal data (such as School Attended) on a separate secure server with access limited to members of the Youth Committee.
  • Any data submitted in hard form is stored securely in our Club Office and disposed of in a confidential manner (i.e. Reviews, Membership Forms, Function Bookings etc).
  • All Youth Section players asked to resubmit their personal data on an annual basis to ensure up to date and accurate personal data through JotForm which allows them to review and update this data on an ongoing basis.

This data is held legitimately for our members, volunteers, customers, and guardians of our U18 players to promote the enjoyment of the club/facilities and participation in sporting activities.
We currently hold information on the following:
    Personal Data
  • Name
  • Address
  • Contact details (phone and email)
  • Date of Birth
  • School Attended
  • Next of Kin (Emergency contact details)
  • Sensitive Personal Data
  • Medical Conditions or Allergies
  • Disciplinary Action by the Club or RFU
  • Safeguarding records

If you are concerned about the method, we control and manage data please raise these initially with your relevant Team Manager or the Club Secretary.


Privacy Policy