Data Protection Guidance— Table Tennis England

GDPR stands for General Data Protection Regulation. It outlines the privacy rights of every EU citizen and the ways in which an individual’s ‘Personal Data’ can and can’t be used.

Personal data is information about an individual such as name, address, phone number etc. and includes special categories of personal data including one’s race, ethnicity, religion or sexual orientation.

The EU will be enforcing these laws across the 28 member states from May 25th 2018.

Explore the attachments below for more guidance on how this is likely to affect your club, league or county.

Click here to scroll to the attachments

Click here to visit the Sport & Recreation Alliance online GDPR toolkit

Table Tennis England GDPR Review – Info Document

The GDPR is new data protection legislation that comes into force from 25^th May 2018. Table Tennis England must ensure it is compliant before this date and is therefore taking steps to review current processes.

Aligned to Code for Sports Governance

Principle 5 of the Code for Sports Governance states that ‘Organisations shall comply with all applicable laws and regulations, undertake responsible financial strategic planning, and have appropriate controls and risk management procedures’.

Table Tennis England has a risk register that includes the compliance to laws and regulations of which data protection is referenced.

Risk

Non-compliance or a breach could result in significant sanctions of between:

2% of global annual turnover or €10million (whichever is higher) for less serious breaches; and/or
4% of global annual turnover or €20million (whichever is higher) for serious breaches.

Principles

Table Tennis England is committed to improving the quality of the information it holds about individuals for the benefit of the sport and to improve the experiences of those involved in table tennis and running.

Table Tennis England takes the protection of the data that we hold about athletes, volunteers, coaches and officials seriously and will do everything possible to ensure that data is collected, stored, processed, maintained, cleansed and retained in accordance with current and future legislation.

Table Tennis England aim to only collect data that is required to perform its services, communications with our stakeholders.

Many functions within the new structure and work areas of significant importance to deliver the strategic plan, such as developing commercial partnerships and fundraising, will rely on the use of data and the robust collection and management of data. Therefore, Data Protection Impact Assessments will form part of all projects across the business.

Table Tennis England acknowledges the need to support affiliated clubs and leagues and will provide advice and guidance to help them in the collection, storage and management of data to help affiliated bodies to also be compliant under the new GDPR.

Table Tennis England takes all reasonable care to ensure that the information contained in its Guidance is accurate and that any opinions, interpretations and guidance expressed have been carefully considered in the context in which they are expressed. However, before taking any action based on the contents of this Guidance or any other Guidance provided by Table Tennis England, readers are advised to confirm the up to date position and to take appropriate professional advice specific to their individual circumstances.

Table Tennis England want to use this opportunity to make all efforts to ensure that our internal processes are as efficient as possible and the administration required by clubs and volunteers is intuitive and makes people’s lives easier.

Processes – legitimate interest

Table Tennis England conduct a series of processes to administer our stakeholders’ involvement in the sport. These processes will involve the use of personal data. The key processes that would be classified as in our ‘legitimate interest’ are:

The transfer of TTiD (membership number), Name and D.O.B via an API to check licence validation at point of entry to events such as leagues and competitions.
The transfer of registered members from one club or league to another. The individual will maintain the same record but the club or league name associated with the record will change. Personal data cannot be kept for longer than is necessary for the purpose for which it was collected and therefore cannot be retained indefinitely on this basis.
There is an administration portal where a selected number of staff can access data to help to respond to queries, update data and perform necessary administration activity.
The regular monitoring of trends in the sport to allow Table Tennis England to make informed operational decisions and create reports for funders. This relies of the transfer of a copy of all data to a separate organisation, with whom we have Data Processing Agreement where data is analysed. We have checked and reviewed their Data security and are fully satisfied that is it sufficiently robust
Providing relevant and necessary information via email, text, post about the following:
Changes to rules and regulation
Updates to advice and guidance relating to specific roles held within table tennis
Transactional information relating to affiliation, table tennis registration, coach licences, courses and qualifications
Playing performance
Participation Opportunities

What Data do we hold and collect and why

Information provided to relevant parties

Based on your area of interest in the sport we will also provide specific information and newsletters which would include: –

Table Tennis England market research and customer feedback
Table Tennis England Newsletter for member
Table Tennis England Newsletter for clubs
Table Tennis England Newsletter for coaches
Table Tennis England Newsletter for officials
Table Tennis England Newsletter for schools
Table Tennis England Newsletter for volunteers
Information relating Table Tennis England competitions and events
Information relating to county and area competitions and events
Information relating to major events and information regarding tickets for these
Information about volunteering in table tennis
Information about coaching courses and CPD
Information relating to fundraising activity

Should you either wish to receive information you are currently not or stop receiving this information please do not hesitate to contact us we will comply with your preferences. This list is subject to change.

Third Party Service Providers

The following organisations / individuals currently also undertake important administrative functions (covered in the definitions of activities above) for the sport and therefore will have access to information via a secure portal:

TT365 league manager
Azolve Coaching platform
Selected members of National Council/County Table Tennis Associations
Selected League and Club administrators
Two Circles (Data Analysis)
Club Spark (Club Platfrom)
Sport80 (tournament platform)

Data Processing Agreements are in place, where appropriate, with the above organisations and they are GDPR compliant. Your data will only be used in line with the basis for processing your data.

Data will be anonymised where possible.

Data retention

All information that we hold about an individual will be retained as deemed necessary. If an individual has not played an active part in the sport or acknowledged that they no longer wish to retain their current membership status, their contact details will be deleted on request. The following information will be retained for historic performance and reporting purposes – TTiD, Name, DoB, results and contact details were relevant. An individual will be contacted each year to ensure that the data we hold about them is correct. This can be updated via the individual portal that an individual has access to.

Partners and Third Parties

Table Tennis England work with several carefully selected partners whose support will aim to add value to our stakeholders. Information from these partners will be sent to only to those individuals who proactively contact them and not via Table Tennis England i.e. the membership benefits package ( https://tabletennisengland.co.uk/membership/membership-benefits/ )

We will not share or provide data with any other third party for marketing purposes unless additional express consent is provided.

Marketing, Communications and Research

Table Tennis England wants to develop an engaged community of table tennis members. High quality communications will be integral to this and as such we will only send marketing information where we have specific and express consent or another legal basis.

Training

All staff will have had training and those processing data on a day to day basis will have formal face to face training as a refresher to the training all staff have completed already.

Data control

Data will be managed in accordance with the data retention policy and users will be able to update profile information at any time.

A record will be made of when consent was provided, the wording of the consent and any updates will be timestamped. Consent needs to be easy to withdraw at any time. If a person no longer wishes to receive communications from Table Tennis England they can unsubscribe from marketing emails.

Information security policies

Where possible Data should not be exported. Permission will be granted to individuals/ organisations to access relevant information and data sharing agreements will be in place when data is shared.

Any spreadsheets including personal data are to be deleted or encrypted and stored and password protected. This way of working is being phased out and our vision is to eradicate the use of spreadsheets to store data with the implementation of a CRM system.

All Table Tennis England laptops and phones will be encrypted/password protected.

Data Protection Officer

The responsibility of Data Protection currently forms part of Director of Business Operations role.

Data Protection Policy

Table Tennis England has data protection policy in place which is in line with GDPR.

Privacy Impact Assessment Procedure

Table Tennis England has a Privacy Impact Assessment procedure in place.

Privacy Policy

Table Tennis England has a Privacy Policy in place this can be found on our website

Data Protection – Contract with agencies/ consultants/ external data processors

Every contract that Table Tennis England has with consultants, agencies and any other individuals or organisations that have access to data/ undertake any processing on our behalf signs a contract which confirms that they are GDPR Compliant.