Data Protection policy.
The British Para Ice Hockey Association (BPIHA) is a privacy conscious organisation and is strongly committed to your right to privacy. That is why we have produced a Data Protection Policy, which follows guidelines set out in EU General Data Protection Regulations (May 2018) and UK Data Protection Act (2018).
Data Protection Policy
BPIHA is committed to complying with data protection law and to respecting the privacy rights of individuals. The policy applies to all of our staff, workers, directors, volunteers and consultants.
This Data Protection Policy sets out our approach to data protection law and the principles that we will apply to our processing of personal data. The aim of this Policy is to ensure that we process personal data in accordance with the law and with the utmost care and respect.
- The Principles of the General Data Protection Regulations (Under Article 5):
processed lawfully, fairly and in a transparent manner in relation to individuals;
- collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;
- adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
- accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
- kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals; and
- processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
BPIHA’s full Data Protection Policy can be found below.
Processing of Data/Privacy Notices
We are committed to respecting your privacy. Our privacy notice explains how we may use personal information we collect before, during and after your membership with us. The notice explains how we comply with the law on data protection, what your rights are and for the purposes of data protection we will be the controller of any of your personal information.
The notice applies to you if you are either:
- an individual player/participant of BPIHA who has registered his/her interest in participating in the sport competitively and/or whose details we have collected from one of our affiliated clubs, schools, colleges, universities or other third-party referral;
- a coach or off-ice official who has registered for membership and/or to find out more about the training courses and accreditation services we offer; or
- a fan, participant or supporter of BPIHA who has contacted us to purchase any of our online merchandise and/or signed up to receive updates about upcoming events, offers and ways to get involved further with BPIHA.
We may update this privacy notice from time to time. When we change this notice in a material way, we will update the version date at the bottom of this page. For significant changes to this notice we will try to give you reasonable notice unless we are prevented from doing so. Where required by law we will seek your consent to changes in the way we use your personal information.
The full Privacy Notice can be found at the bottom of this page.
The names, images, pictures and logos identifying BPIHA, are the proprietary marks of BPIHA. Copying our logos and/or any other third party logos accessed via this website is not permitted without prior approval from the relevant copyright owner.
Requests for permission to use our logo should be directed to email@example.com. Tell us how and why you wish to use our logo. Please include your contact details, name, address, telephone number and email.
Hyperlinking to us at BPIHA
You do not have to ask permission to link directly to pages hosted on this site. We do not object to you linking directly to the information hosted on our site. However we do not permit use of our logo as a link without prior permission or our pages to be loaded into frames on your site. Requests for permission to use our logo should be directed to firstname.lastname@example.org.
If BPIHA’s pages are to be used they must load into the user’s entire window.
Virus Protection Awareness
We make every effort to check and test material at all stages of production. It is always wise for you to run an anti-virus program on all material downloaded from the Internet. We cannot accept any responsibility for any loss, disruption or damage to your data or your computer system which may occur whilst using material derived from this website.
All staff members are responsible for ensuring that any personal data that they possess regarding any other individual is kept securely and is not disclosed to any unauthorised third party unless prior permission from the data subject has been sought after or it is highlighted and adopted in BPIHA’s privacy notice.
Any breach of this policy will be treated seriously and may also constitute a breach of the General Data Protection Regulations (May 2018) / UK Data Protection Act (2018). Any suspected breach of this policy or data breach will be dealt with by BPIHA’s Data Protection Compliance Manager or a nominated lead investigator. BPIHA may take action against any member who has breached BPIHA’s Data Protection policy in accordance with BPIHA’s Disciplinary Procedures.
If a suspected data breach is found, BPIHA’s Data Breach policy will be followed:
- Incident received/reported
- The Data Protection Compliance Manager (DPCM) or appointed lead investigator will firstly determine if the breach is still occurring. If so, the appropriate steps will be taken immediately to minimise the effect of the breach.
- An investigation will be undertaken by the DPCM or appointed lead investigator immediately and wherever possible within 24 hours of the breach being discovered/reported.
- The investigation will need to take into account the following:
- The type of data involved and its sensitivity
- Any protections that currently in place
- Whats happened to the data (has it been lost or stolen)
- Could the data be put to any illegal or inappropriate use
- Who the individuals are, number of individuals, potential affects on those data subjects
- Are there any wider consequences to the breach
- The appointed lead investigator will determine who needs to be notified of the breach.
- Any legal/contractual requirements?
- Whether notification would assist the individual affected – could they act on the information to mitigate risks?
- Whether notification would help prevent the unauthorised or unlawful use of personal data?
- Would notification help BPIHA meet its obligations under the seventh data protection principle;
- If a large number of people are affected, or there are very serious consequences, whether the Information Commissioner’s Office (ICO) should be notified. Not every incident warrants notification and over notification may cause disproportionate enquiries and work.
- Notification to the individuals whose personal data has been affected by the incident will include a description of how and when the breach occurred, and the data involved. Specific and clear advice will be given on what they can do to protect themselves and include what action has already been taken to mitigate the risks. Individuals will also be provided with a way in which they can contact BPIHA for further information or to ask questions on what has occurred.
- Once the initial incident is contained, the appointed lead investigator will carry out a full review of the causes of the breach; the effectiveness of the response(s) and whether any changes to systems, policies and procedures should be undertaken.
Above is a brief overview of BPIHA’s data breach policy. BPIHA has an internal data breach policy which will be followed where any breach is found. Our Data Breach flowchart can be found here.
To reduce the risk of any data breach occurring, BPIHA has taken the following steps to reduce any risk:
- BPIHA will ensure that its name and address will be on all paperwork as appropriate and will identify the use to which any information requested will be put.
- Data held will be used responsibly and within the limits described in the regulations.
- The type of data collected will be reviewed at least annually.
- Any error will be rectified as soon as possible after BPIHA becomes aware of it.
- Financial records are kept for seven years or as long as is dictated by the law.
- All computer-held personal or financial data is held on password protected computers with only the authorised users holding passwords
- Any data held in paper form will be kept in locked cabinets and only accessed by authorised personnel.
- Any paper records are securely shredded when they are no longer required.
Individuals and organisations on which BPIHA holds information have the right to:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling.
More information with regards to each individual right can be found on the ICO website (ico.org.uk)
Player Registration System, Website Terms and Conditions
Player Registrations are maintained under the BPIHA Privacy and Data Protection policy. Any information provided by will be held by BPIHA on its computer records in accordance with the General Data Protection Regulations.
Generic Club Contact details will be placed on the BPIHA website, if you do not wish to have your club contact details on the BPIHA website please contact BPIHA at email@example.com and we will remove your club contact details from our website.
We will also from time to time send individual members electronic communication via email. We will only do this when we feel it is important for all members to be advised of a strategic change. All other correspondence will be sent directly to each club to disseminate to all members.
The BPIHA website and material relating to information, products and services (or to third party information, products and services) is provided ‘as is’, without any representation or endorsement made and without warranty of any kind whether express or implied, including but not limited to the implied warranties of satisfactory quality, fitness for a particular purpose, non-infringement, compatibility, security and accuracy. We do not warrant that the functions contained in the material contained in this site will be uninterrupted or error free, that defects will be corrected, or that this site or server that makes it available are free or viruses or represent the full functionality, accuracy, reliability of the materials.
In no event will we be liable for any loss or damage including, without limitation, indirect or consequential loss or damage, or any loss or damages whatsoever arising from use or loss of use of data or profits arising out of or in connection with the use of the BPIHA website.
If any of these Terms and Conditions should be determined to be illegal, invalid, or otherwise unenforceable by reason of the laws of any state or country in which these Terms and Conditions is are intended to be effective, then to the extent and within the jurisdiction which that Term or Condition is illegal, invalid or unenforceable, it shall be severed a and deleted from this clause and the remaining terms and conditions shall survive, remain in full force and effect and continue to be binding and enforceable. These Terms and Conditions s shall be governed by and construed in accordance with the laws of England and Wales. Any dispute arising under these Terms and Conditions shall be subject to the exclusive jurisdiction of the courts of England and Wales.
If these Terms and Conditions are not accepted in full, you do not have permission to access the contents of this website and therefore should cease using this website immediately.
Responsibilities of Staff and Management
The management and staff of BPIHA are responsible for the processing of data in accordance with the regulations and for upholding the principles outlined in this policy for the processing and maintenance of data regarding its members.
All personnel are expected to observe data protection good practice at all times and to ensure that the personal data they make available for processing is kept accurate, up to date and secure.
Transferring of Data
BPIHA currently doesn’t hold or transfer data outside of the European Economic Area (EEA).
If this changes it will be communicated as appropriate and/or any transfers made will be in full compliance with all aspects of the General Data Protection Regulations (May 2018) / UK Data Protection Act (2018).
Last Update: 1st January 2020