This Privacy Policy sets out how we use and look after the personal information we collect from you. As the organisation that is responsible for, and controls the processing of your personal data, we are the data controller, and sometimes also the data processor, and will take reasonable care to keep your information secure and to prevent any unauthorised access or use of it. We may update this Privacy Policy from time to time and will inform you of any changes in how we handle your personal data.

Information we may collect from you;

Personal data means any information about an individual from which that individual can be identified.

We may collect, use, store and transfer some personal data of our participants and their parents or guardians, and other members. The data we collect from participants may include:

Name, date of birth and gender
Contact information, such as a home address, email address and telephone numbers.
We may hold some health data or other special category data of some of our participants or members for the purposes of their health, well being and welfare and, safeguarding. Where we hold this data it will be with the explicit consent of the participant or, if applicable, the participant’s parent or guardian.
Where we need to collect personal data to fulfil our responsibilities and a participant fails to provide that data, we may not be able to honour or administer their participation in football.

How is your personal data collected? A participant may give us their personal data by filling in forms or by corresponding with us by post, phone, email, in person, via our website or otherwise. This will typically be provided to the FA or league by inputting participant details into the Whole Game System. Other participants, such as referees, may input their own data into the Whole Game System. Please refer to the Essex FA for the details of their Privacy Policy.

Marketing

From time to time, we may send you information, products or services we believe may be of interest to you as a member of BHRFC. If at any time, you prefer not to receive such communications from us (except in connection with information, products or services that you specifically request), then you have the right to inform us to stop such communications at any time.

Sharing your personal data

As a club, we enter participant and/or member details onto the Whole Game System which is administered by the FA. We also use the other systems for maintaining information regarding our participants and hold parental and/or guardian information. These systems may also hold medical and emergency contact information.

We may disclose your personal information to third parties if we are under a duty to comply with any legal obligation; or to protect the rights, property, or safety of our participants, members or affiliates, or others.

Protection of your personal data

We are committed to protecting your privacy and have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. However, the nature of the Internet is such that the data may in some circumstances flow over networks without full security measures and could be accessible to unauthorised persons.

Data Retention

We keep personal data on our participants, members and other website users while they are signed up to BHRFC. We will delete this data one year after an individual has ended their membership or affiliation, or sooner if specifically requested and we are able to do so. We may need to retain some personal data for longer for legal or regulatory purposes. Some financial information may be required to be held for longer (5 years).

In some circumstances, we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

Cookies

When you visit our website, we may collect, process and use information about you that may not personally identify you but which may be helpful for improving the operation of the website. Such information may be collected through “traffic data” and may entail the use of “cookies”, “IP Addresses” or other numeric codes used to identify your computer. You can delete cookies or configure your computer to reject them, although this may disable the website’s ability to manage individual sessions.

Third-Party Links

This website may contain links to other sites. Please be aware that we are not responsible for the privacy practices of these sites. We encourage our users to be aware when they leave this website and to read the privacy statements applicable on those sites. This privacy policy does not apply to information collected on third party sites.

Your Rights

All data subjects have the right to:

Request access to your personal data
Request rectification of the personal data that we hold about you.
Request erasure of your personal data where there is no good reason for us continuing to process it.
Object to processing of your personal data for direct marketing, or where we are processing on the grounds of a legitimate interest of that interest is overridden by your rights and freedoms.
Request restriction of processing of your personal data while we establish the data’s accuracy, or verify an overriding interest to object to processing; where our use of the data has been unlawful but you do not want us to erase it; where you need us to hold the data to establish, exercise or defend legal claims.
Request the transfer of your personal data to you or to a third party in a structured, commonly used, machine-readable format.
Withdraw consent at any time where we are relying on consent to process your personal data.
Complain at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk).

Contact Us

If you have any queries about this Privacy Policy, wish to stop direct marketing by Beacon Hill Rovers FC or you wish to access or update your information, or to notify us if you wish to withdraw your consent please email contact @beaconhillrovers.com.

Data policy

Beacon Hill Rovers Football Club (“Club”) is committed to complying with data protection law and to respecting the privacy rights of individuals. The policy applies to all of our Committee Members, Volunteers, Management, Players and Supporters (“Members”).

This Data Protection Policy (“Policy”) sets out our approach to data protection law and the principles that we will apply to our processing of personal data. The aim of this Policy is to ensure that we process personal data in accordance with the law and with the utmost care and respect. References in this Policy to “us”, “we” and “our” are to the Club. References to “you”, “yourself” and “your” are to each Member to whom this Policy applies.
We recognise that you have an important role to play in achieving these aims. It is your responsibility, therefore, to familiarise yourself with this Policy and to apply and implement its requirements when processing any personal data. Please pay special attention to sections 14, 15 and 16 as these set out the practical day to day actions that you must adhere to when working or volunteering for the club.

Data protection law is a complex area. This Policy has been designed to ensure that you are aware of the legal requirements imposed on you and on us and to give you practical guidance on how to comply with them. This Policy also sets out the consequences of failing to comply with these legal requirements. However, this Policy is not an exhaustive statement of data protection law nor of our or your responsibilities in relation to data protection.
If at any time you have any queries on this Policy, your responsibilities or any aspect of data protection law, seek advice. Contact the Club.

1. Who is responsible for data protection?

1.1 All our Members are responsible for data protection, and each person has their role to play to make sure that we are compliant with data protection laws.
1.2 In the interim we have not appointed a Data Protection Officer (DPO), but we will do so at some point in the near future. The DPO when appointed will be responsible for overseeing our compliance with data protection laws.

2. Why do we have a data protection policy?

2.1 We recognise that processing of individuals’ personal data in a careful and respectful manner cultivates trusting relationships with those individuals and trust in our brand. We believe that such relationships will enable our organisation to work more effectively with and to provide a better service to those individuals.
2.2 This Policy works in conjunction with other policies implemented by us from time to time, including for example the Archiving.

3. Status of this Policy and the implications of a breach.

3.1 Any breaches of this Policy will be viewed very seriously. All Members must read this Policy carefully and make sure they are familiar with it. Breaching this Policy is a disciplinary offence and will be dealt with under our Disciplinary Procedure.
3.2 If you do not comply with Data Protection Laws and/or this Policy, then you are encouraged to report this fact immediately to the DPO, once appointed. This self-reporting will be taken into account in assessing how to deal with any breach, including any non-compliance which may pre-date this Policy coming into force.
3.3 Also if you are aware of or believe that any other representative of ours is not complying with Data Protection Laws and/or this Policy you should report it in confidence to the DPO, once appointed.

4. Other consequences

4.1 There are a number of serious consequences for both yourself and us if we do not comply with Data Protection Laws. These include:
4.1.1 For you:
4.1.1.1 Disciplinary action: If you are an employee, your terms and conditions of employment require you to comply with our policies. Failure to do so could lead to disciplinary action including dismissal. Where you are a volunteer, failure to comply with our policies could lead to termination of your volunteering position with us.
4.1.1.2 Criminal sanctions: Serious breaches could potentially result in criminal liability.
4.1.1.3 Investigations and interviews: Your actions could be investigated and you could be interviewed in relation to any non-compliance.
4.1.2 For the organisation:
4.1.2.1 Criminal sanctions: Non-compliance could involve a criminal offence.
4.1.2.2 Civil Fines: These can be up to Euro 20 million or 4% of the Clubs worldwide turnover whichever is higher.
4.1.2.3 Assessments, investigations and enforcement action: We could be assessed or investigated by, and obliged to provide information to, the Information Commissioner on its processes and procedures and/or subject to the Information Commissioner’s powers of entry, inspection and seizure causing disruption and embarrassment.
4.1.2.4 Court orders: These may require us to implement measures or take steps in relation to, or cease or refrain from, processing personal data.
4.1.2.5 Claims for compensation: Individuals may make claims for damage they have suffered as a result of our non-compliance.
4.1.2.6 Bad publicity: Assessments, investigations and enforcement action by, and complaints to, the Information Commissioner quickly become public knowledge and might damage our brand. Court proceedings are public knowledge.
4.1.2.7 Loss of business: Prospective members, participants, players, customers, suppliers and contractors might not want to deal with us if we are viewed as careless with personal data and disregarding our legal obligations.
4.1.2.8 Use of management time and resources: Dealing with assessments, investigations, enforcement action, complaints, claims, etc takes time and effort and can involve considerable cost.

5. Data protection laws

5.1 The Data Protection Act 1998 (“DPA”) and the General Data Protection Regulation (GDPR) (together “Data Protection Laws”) applies to any personal data that we process.
5.2 The Data Protection Laws all require that the personal data is processed in accordance with the Data Protection Principles (on which see below) and gives individuals rights to access, correct and control how we use their personal data (on which see below).

6. Keywords in relation to data protection

6.1 Personal data is data that relates to a living individual who can be identified from that data (or from that data and other information in or likely to come into our possession). That living individual might be an employee, customer, prospective customer, supplier, contractor or contact, and that personal data might be written, oral or visual (e.g. CCTV).
6.2 Identifiable means that the individual can be distinguished from a group of individuals (although the name of that individual need not be ascertainable). The data might identify an individual on its own (e.g. if a name or video footage) or might do if taken together with other information available to or obtainable us (e.g. a job title and company name).
6.3 Data subject is the living individual to whom the relevant personal data relates.
6.4 Processing is widely defined under data protection law and generally, any action taken by us in respect of personal data will fall under the definition, including for example collection, modification, transfer, viewing, deleting, holding, backing up, archiving, retention, disclosure or destruction of personal data, including CCTV images.
6.5 Data controller is the person who decides how personal data is used, for example, we will always be a data controller in respect of personal data relating to our employees.
6.6 Data processor is a person who processes personal data on behalf of a data controller and only processes that personal data in accordance with instructions from the data controller, for example, an outsourced payroll provider will be a data processor.

7. Personal data

7.1 Data will relate to an individual and therefore be their personal data if it:
7.1.1 identifies the individual. For instance, names, addresses, telephone numbers and email addresses;
7.1.2 its content is about the individual personally. For instance, medical records, credit history, a recording of their actions, or contact details;
7.1.3 relates to the property of the individual, for example, their home, their car or other possessions;
7.1.4 it could be processed to learn, record or decide something about the individual (or this is a consequence of processing). For instance, if you are able to link the data to the individual to tell you something about them, this will relate to the individual (e.g. salary details for a post where there is only one named individual in that post, or a telephone bill for the occupier of a property where there is only one occupant);
7.1.5 is biographical in a significant sense, that is it does more than record the individual's connection with or involvement in a matter or event which has no personal connotations for them. For instance, if an individual’s name appears on a list of attendees of an organisation meeting this may not relate to the individual and may be more likely to relate to the company they represent;
7.1.6 has the individual as its focus, that is the information relates to the individual personally rather than to some other person or a transaction or event he was involved in. For instance, if a work meeting is to discuss the individual’s performance this is likely to relate to the individual;
7.1.7 affects the individual's privacy, whether in their personal, family, organisation or professional capacity, for instance, email address or location and work email addresses can also be personal data;
7.1.8 is an expression of opinion about the individual; or
7.1.9 is an indication of our (or any other person’s) intentions towards the individual (e.g. how a complaint by that individual will be dealt with).
7.2 Information about companies or other legal persons who are not living individuals is not personal data. However, information about directors, shareholders, officers and employees, and about sole traders or partners, is often personal data, so business-related information can often be personal data.
7.3 Examples of information likely to constitute personal data:
7.3.1 Unique names;
7.3.2 Names together with email addresses or other contact details;
7.3.3 Job title and employer (if there is only one person in the position);
7.3.4 Video - and photographic images;
7.3.5 Information about individuals obtained as a result of Safeguarding checks;
7.3.6 Medical and disability information;
7.3.7 CCTV images;
7.3.8 Member profile information (e.g. marketing preferences); and
7.3.9 Financial information and accounts (e.g.information about expenses and benefits entitlements, income and expenditure).

8. Lawful basis for processing

8.1 For personal data to be processed lawfully, we must be processing it on one of the legal grounds set out in the Data Protection Laws.
8.2 For the processing of ordinary personal data in our organisation these may include, among other things:
8.2.1 the data subject has given their consent to the processing (perhaps on their membership application form or when they registered on the club’s website)
8.2.2 the processing is necessary for the performance of a contract with the data subject (for example, for processing membership subscriptions);
8.2.3 the processing is necessary for compliance with a legal obligation to which the data controller is subject (such as reporting employee PAYE deductions to the tax authorities); or
8.2.4 the processing is necessary for the legitimate interest reasons of the data controller or a third party (for example, keeping in touch with members, players, participants about competition dates, upcoming fixtures or access to club facilities).

9. Special category data

9.1 Special category data under the Data Protection Laws is personal data relating to an individual’s race, political opinions, health, religious or other beliefs, trade union records, sex life, biometric data and genetic data.
9.2 Under Data Protection Laws this type of information is known as special category data and criminal records history becomes its own special category which is treated for some parts the same as special category data. Previously these types of personal data were referred to as sensitive personal data and some people may continue to use this term.
9.3 To lawfully process special categories of personal data we must also ensure that either the individual has given their explicit consent to the processing or that another of the following conditions has been met:
9.3.1 the processing is necessary for the performance of our obligations under employment law;
9.3.2 the processing is necessary to protect the vital interests of the data subject. The ICO has previously indicated that this condition is unlikely to be met other than in a life or death or other extreme situation;
9.3.3 the processing relates to information manifestly made public by the data subject;
9.3.4 the processing is necessary for the purpose of establishing, exercising or defending legal claims; or
9.3.5 the processing is necessary for the purpose of preventative or occupational medicine or for the assessment of the working capacity of the employee.
9.4 To lawfully process personal data relating to criminal records and history there are even more limited reasons, and we must either:
9.4.1 ensure that either the individual has given their explicit consent to the processing; or
9.4.2 ensure that our processing of those criminal records history is necessary under a legal requirement imposed upon us.
9.5 We would normally only expect to process special category personal data or criminal records history data in the context of our members for health and safety requirements and safeguarding checks

9.6 When do we process personal data?

9.7 Virtually anything we do with personal data is processing including collection, modification, transfer, viewing, deleting, holding, backing up, archiving, retention, disclosure or destruction. So even just storage of personal data is a form of processing. We might process personal data using computers or manually by keeping paper records.
9.8 Examples of processing personal data might include:
9.8.1 Using personal data to correspond with members;
9.8.2 Holding personal data in our databases or documents; and
9.8.3 Recording personal data in personnel or member files.

10. Outline

10.1 The main themes of the Data Protection Laws are:
10.1.1 good practices for handling personal data;
10.1.2 rights for individuals in respect of personal data that data controllers hold on them; and
10.1.3 being able to demonstrate compliance with these laws.
10.2 In summary, data protection law requires each data controller to:
10.2.1 only process personal data for certain purposes;
10.2.2 process personal data in accordance with the 6 principles of ‘good information handling’ (including keeping personal data secure and processing it fairly and in a transparent manner);
10.2.3 provide certain information to those individuals about whom we process personal data which is usually provided in a privacy notice, for example, you will have received one of these from us as one of our Members;
10.2.4 respect the rights of those individuals about whom we process personal data (including providing them with access to the personal data we hold on them); and
10.2.5 keep adequate records of how data is processed and, where necessary, notify the ICO and possibly data subjects where there has been a data breach.
10.3 Every Member has an important role to play in achieving these aims. It is your responsibility, therefore, to familiarise yourself with this Policy.
10.4 Data protection law in the UK is enforced by the Information Commissioner’s Office (“ICO”). The ICO has extensive powers.

11. Data protection principles

11.1 The Data Protection Laws set out 6 principles for maintaining and protecting personal data, which form the basis of the legislation. All personal data must be:
11.1.1 processed lawfully, fairly and in a transparent manner and only if certain specified conditions are met;
11.1.2 collected for specific, explicit and legitimate purposes, and not processed in any way incompatible with those purposes (“purpose limitation”);
11.1.3 adequate and relevant, and limited to what is necessary to the purposes for which it is processed (“data minimisation”);
11.1.4 accurate and where necessary kept up to date;
11.1.5 kept for no longer than is necessary for the purpose (“storage limitation”);
11.1.6 processed in a manner that ensures appropriate security of the personal data using appropriate technical and organisational measures(“integrity and security”).

12. Data subject rights

12.1 Under Data Protection Laws individuals have certain rights (Rights) in relation to their own personal data. In summary, these are:
12.1.1 The rights to access their personal data, usually referred to as a subject access request
12.1.2 The right to have their personal data rectified;
12.1.3 The right to have their personal data erased, usually referred to as the right to be forgotten;
12.1.4 The right to restrict processing of their personal data;
12.1.5 The right to object to receiving direct marketing materials;
12.1.6 The right to portability of their personal data;
12.1.7 The right to object to the processing of their personal data; and
12.1.8 The right to not be subject to a decision made solely by automated data processing.
12.2 The exercise of these rights may be made in writing, including email, and also verbally and should be responded to in writing by us (if we are the relevant data controller) without undue delay and in any event within one month of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests. We must inform the individual of any such extension within one month of receipt of the request, together with the reasons for the delay.
12.3 Where the data subject makes the request by electronic form means, any information is to be provided by electronic means where possible unless otherwise requested by the individual.
12.4 If we receive the request from a third party (e.g. a legal advisor), we must take steps to verify that the request was, in fact, instigated by the individual and that the third party is properly authorised to make the request. This will usually mean contacting the relevant individual directly to verify that the third party is properly authorised to make the request.
12.5 There are very specific exemptions or partial exemptions for some of these Rights and not all of them are absolute rights. However the right to not receive marketing material is an absolute right, so this should be complied with immediately.
12.6 Where an individual considers that we have not complied with their request e.g. exceeded the time period, they can seek a court order and compensation. If the court agrees with the individual, it will issue a Court Order, to make us comply. The Court can also award compensation. They can also complain to the regulator for privacy legislation, which in our case will usually be the ICO.
12.7 In addition to the rights discussed in this document, any person may ask the ICO to assess whether it is likely that any processing of personal data has or is being carried out in compliance with the privacy legislation. The ICO must investigate and may serve an “Information Notice” on us (if we are the relevant data controller). The result of the investigation may lead to an “Enforcement Notice” being issued by the ICO. Any such assessments, information notices or enforcement notices should be sent directly to the Club from the ICO.
12.8 In the event of a Member receiving such a notice, they must immediately pass the communication to our DPO when appointed.

13. Notification and response procedure

13.1 If a Member has a request or believes they have a request for the exercise of a Right, they should:
13.1.1 pass the call to their supervisor/manager. The supervisor/manager should take and record all relevant details and explain the procedure. If possible try to get the request confirmed in writing addressed to our DPO when appointed and
13.1.2 inform our DPO when appointed of the request.
13.2 If a letter or fax exercising a Right is received by any Member they should:
13.2.1 pass the letter to their supervisor/manager;
13.2.2 the supervisor/manager must log the receipt of the letter with our DPO when appointed and send a copy of it to them; and
13.2.3 our DPO when appointed will then respond to the data subject on our behalf.
13.3 If an email exercising a Rights is received by any Member they should:
13.3.1 pass the email to their supervisor/manager;
13.3.2 the Supervisor/manager must log the receipt of the email with our DPO when appointed and send a copy of it to them; and
13.3.3 our DPO when appointed will then respond to the data subject on our behalf.
13.4 Our DPO when appointed will co-ordinate our response which may include written material provided by external legal advisors. The action taken will depend upon the nature of the request. The DPO when appointed will write to the individual and explain the legal situation and whether we will comply with the request. A standard letter/email from the DPO when appointed should suffice in most cases.
13.5 The DPO when appointed will inform the relevant management line of any action that must be taken to legally comply. The DPO when appointed will coordinate any additional activity required by the IT Department to meet the request.
13.6 The manager/senior manager who receives the request will be responsible for ensuring that the relevant response is made within the time period required.
13.7 The DPO when appointed’s reply will be validated by the relevant manager of the department producing the response. For more complex cases, the letter/email to be sent will be checked by [legal advisors].

14. Your main obligations

14.1 What this all means for you can be summarised as follows:
14.1.1 Treat all personal data with respect;
14.1.2 Treat all personal data how you would want your own personal data to be treated;
14.1.3 Immediately notify your line manager or the DPO when appointed if any individual says or does anything which gives the appearance of them wanting to invoke any rights in relation to personal data relating to them;
14.1.4 Take care with all personal data and items containing personal data you handle or come across so that it stays secure and is only available to or accessed by authorised individuals; and
14.1.5 Immediately notify the DPO when appointed if you become aware of or suspect the loss of any personal data or any item containing personal data. For more details on this see our separate Data Breach Policy which applies to all our Members regardless of their position or role in our organisation.

15. Your activities

15.1 Data protection laws have different implications in different areas of our organisation and for different types of activity, and sometimes these effects can be unexpected.
15.2 Areas and activities particularly affected by data protection law include human resources, payroll, security (e.g. CCTV), customer care, sales, marketing and promotions, health and safety and finance.
15.3 You must consider what personal data you might handle, consider carefully what data protection law might mean for you and your activities, and ensure that you comply at all times with this policy.

16. Practical matters

16.1 Whilst you should always apply a common-sense approach to how you use and safeguard personal data, and treat personal data with care and respect, set out below are some examples of dos and don’ts:
16.1.1 Do not take personal data out of the organisation’s premises (unless absolutely necessary).
16.1.2 Only disclose your unique logins and passwords for any of our IT systems to authorised personnel (e.g. IT) and not to anyone else.
16.1.3 Never leave any items containing personal data unattended in a public place, e.g. on a train, in a café, etc and this would include paper files, mobile phones, laptops, tablets, memory sticks etc.
16.1.4 Never leave any items containing personal data in unsecure locations, e.g. in a car on your drive overnight and this would include paper files, mobile phones, laptops, tablets, memory sticks etc.
16.1.5 If you are staying at a hotel then utilise the room safe or the hotel staff to store items containing personal data when you do not need to have them with you.
16.1.6 Do encrypt laptops, mobile devices and removable storage devices containing personal data.
16.1.7 Do lock laptops, files, mobile devices and removable storage devices containing personal data away and out of sight when not in use.
16.1.8 Do password protect documents and databases containing personal data.
16.1.9 Never use removable storage media to store personal data unless the personal data on the media is encrypted.
16.1.10 When picking up printing from any shared printer always check to make sure you only have the printed matter that you expect, and no third party’s printing appears in the printing.
16.1.11 Use confidential waste disposal for any papers containing personal data, do not place these into the ordinary waste, place them in a bin or skip etc, and either use a confidential waste service or have them shredded before placing them in the ordinary waste disposal.
16.1.12 Do dispose of any materials containing personal data securely, whether the materials are paper-based or electronic.
16.1.13 When in a public place, e.g. a train or café, be careful as to who might be able to see the information on the screen of any device you are using when you have personal information on display. If necessary move location or change to a different task.
16.1.14 Do ensure that your screen faces away from prying eyes if you are processing personal data, even if you are working in the office. Personal data should only be accessed and seen by those who need to see it.
16.1.15 Do challenge unexpected visitors or employees accessing personal data.
16.1.16 Do not leave personal data lying around, store it securely.
16.1.17 When speaking on the phone in a public place, take care not to use the full names of individuals or other identifying information, as you do not know who may overhear the conversation. Instead, use initials or just first names to preserve confidentiality.
16.1.18 If taking down details or instructions from a customer in a public place when third parties may overhear, try to limit the information which may identify that person to others who may overhear in a similar way to if you were speaking on the telephone.
16.1.19 Never act on instructions from someone unless you are absolutely sure of their identity and if you are unsure then take steps to determine their identity. This is particularly so where the instructions relate to information that may be sensitive or damaging if it got into the hands of a third party or where the instructions involve money, valuable goods or items or cannot easily be reversed.
16.1.20 Do not transfer personal data to any third party without the prior written consent of your line manager or our DPO when appointed
16.1.21 Do notify your line manager or our DPO when appointed immediately of any suspected security breaches or loss of personal data.
16.1.22 If any personal data is lost, or any devices or materials containing any personal data are lost, report it immediately to our DPO when appointed. For more details on this see our separate Data Breach Policy which applies to all our Members regardless of their position or role in our organisation.
16.2 However you should always take a common-sense approach, and if you see any areas of risk that you think are not addressed then please bring it to the attention of our DPO when appointed.

17. Foreign transfers of personal data

17.1 Personal data must not be transferred outside the European Economic Area (EEA) unless the destination country ensures an adequate level of protection for the rights of the data subject in relation to the processing of personal data or we put in place adequate protections. This is mainly relevant to data held and accessed in Cloud-based services as well as some data processing the club may outsource like payroll processing or performance data analysis
17.2 These protections may come from special contracts we need to put in place with the recipient of the personal data, from them agreeing to be bound by specific data protection rules or due to the fact that the recipients own country’s laws provide sufficient protection.
17.3 These restrictions also apply to transfers of personal data outside of the EEA even if the personal data is not being transferred outside of our group of companies.
17.4 You must not under any circumstances transfer any personal data outside of the EEA without your line manager’s or the DPO when appointed’s prior written consent.
17.5 We will also need to inform data subjects of any transfer of their personal data outside of the UK and may need to amend their privacy notice to take account of the transfer of data outside of the EEA.
17.6 If you are involved in any new processing of personal data which may involve the transfer of personal data outside of the EEA, then please seek approval of your line manager or our DPO when appointed prior to implementing any processing of personal data which may have this effect.

18. Queries

18.1 If you have any queries about this Policy please contact either your line manager or the DPO when appointed.

Terms and Conditions

Please read these terms carefully before using this website.

By using this website, the user (“user” or “you”) agrees to the following terms of use. If you do not agree to these terms of use, you should exit the website.

Contents of the Website: All of the content of this website (which includes without limitation all graphics, text, images, photographs, illustrations, and the design, selection and arrangement thereof) is protected by copyright and/or trademark. Other proprietary trademarks and trade names may be featured on this website from time to time and remain the property of their respective owners. Limited licence; restrictions: You are granted a limited licence to download the materials contained on this website to a single personal computer, and to print a hard copy of the materials contained on this website, solely for personal, non-commercial use, and provided all copyright, trademark and other proprietary notices are left intact. In all cases, BHRFC must be acknowledged as the source of the material. Use of the materials contained on this website on any other internet site is strictly prohibited. The grant of this limited licence is conditional upon your agreement to and compliance with all these terms of use. Any other use of any of the materials on this website including reproduction (for any purposes other than those noted above), modification, distribution, or re-publication, without the prior written permission of either BHRFC or Pitchero, is strictly prohibited and is a violation of the proprietary rights of one or all of the operators.

Downloading of Software: If you download any software from this website, the software, including any images or files incorporated in or generated by the software, and data accompanying the software (collectively, the “Software”) are subject to the limited licence set out above. The operators and/or their respective suppliers (as the case may be) retain all rights, title, interest and intellectual property rights in and to the software. You may not distribute, sell, or transmit the software and you are not permitted to alter, modify or adapt the software, including but not limited to translating, decompiling, reverse engineering, disassembling, or creating derivative works of it.

Disclaimer: This website and its contents are provided without any representations or warranties of any kind, either express or implied. The operators each disclaim all representations and warranties, including by way of example but not limitation, as to fitness for a particular purpose, to the fullest extent permitted by applicable laws. In addition, none of the operators represents or warrants that the information and/or facilities on or accessible via this website are accurate, complete or current, or that this website will be free of defects, including, but not limited to, viruses or other harmful elements.

Users Of This Website: The user of this website assumes all costs arising as a result of the use of this website. Limitation of liability: To the fullest extent permitted by applicable laws, none of the operators nor any of their respective directors, employees, affiliates or other representatives will be liable for any loss or damages (whether direct or indirect and whether caused by negligence or otherwise) arising out of or in connection with the use of, or inability to use, the materials in and/or facilities or services offered through this website, including, but not limited to, indirect, special or consequential loss or damages, loss of data, income, profit or opportunity, loss of or damage to property and claims of third parties (even if any or all of the operators have been advised of the possibility of such loss or damages, or such loss or damages were reasonably foreseeable). If this clause is unenforceable in whole or in part in any jurisdiction due to relevant laws, then in no event shall the total liability to you of all of the operators and their respective directors, employees, affiliates or other representatives for all damages, losses, and claims (whether in contract, tort (including, but not limited to, negligence), or otherwise) exceed the amount paid by you, if any, for accessing this website. Nothing in this clause shall limit or exclude any liability for death or personal injury resulting from negligence. Indemnification: You agree to defend, indemnify and hold harmless all of the operators and their respective directors, officers, employees and agents from and against all liabilities, claims, damages, costs and expenses, including attorneys’ fees arising out of: your use of the website; any material you post, upload, e-mail or otherwise transmit using the site; or your violation, breach or alleged violation or breach of these terms of use.

Children under 16: If you are under 16, you must ask your parents or a guardian before you E-mail the website, or ask us to e-mail anything to you; Send any information to us; Enter any content or game that requires information about you or offers a prize; Post any information on any bulletin board or enter any chat room; Buy anything online? By continuing to use this website and any of the services offered, you are confirming that you have received the consent of your parents or guardian.

Links from this site: This website contains links to other internet sites on the World Wide Web. We provide such links for your convenience only, and we are not responsible for the content on any site linked from this website. We disclaim all warranties, express or implied as to the accuracy, legality, reliability or validity of any content on any other such site, and that such sites will be free of viruses or other harmful elements. Amending the terms of use and privacy policy: We may add to, change or remove any part of these terms of use and privacy policy at any time, without notice. Any changes to these terms of use or privacy policy or any terms shown on this website apply as soon as they are shown. By continuing to use this website after any changes are posted, you are indicating your acceptance of those changes. It is therefore your responsibility to check these terms of use and privacy policy each time you use this website so that you can take note of any amendments we may make. We may add, change, discontinue, remove or suspend any other content displayed on this website, including features and specifications of products and services described or depicted on the website, temporarily or permanently, at any time, without notice and without liability.

Governing Law: Those who choose to access this website do so at their own risk and on their own initiative and are responsible for compliance with all applicable local laws. These terms shall be governed by and construed in accordance with the laws of England. Any dispute under these terms shall be subject to the exclusive jurisdiction of the courts of England (subject to appeal) and, by using this website, you hereby submit to the jurisdiction of such courts for such purposes and waive any and all objections as to jurisdiction or venue in such courts.

Miscellaneous: Any waiver of any provision of these terms must be in writing and signed on behalf of BHRFC or Pitchero to be valid. A waiver of any provision hereunder shall not operate as a waiver of any other provision, or a continuing waiver of the same provision in the future. If any court of competent jurisdiction finds any provision of these terms to be void or unenforceable for any reason then such provision shall be ineffective to the extent of the court’s finding without affecting the validity and enforceability of any remaining provisions. These terms represent the entire understanding and agreement between the parties relating to the subject matter herein and supersede any and all prior statements, understandings or agreements whether oral or written and shall not be modified except in writing, signed by you and on behalf of BHRFC or Pitchero.