Mid South
Endurance GB
GDPR
As the governing body of the sport of endurance in Great Britain, EGB has always had great respect for our members’ and supporters’ data and for their privacy. This will continue under GDPR. EGB has put the necessary policies and procedures in place to be compliant with the new legislation, which includes the Lawful Basis under which EGB processes personal data.
GDPR – EGB Data Privacy Policy
What personal data do EGB (Endurance GB Ltd) collect?
The data we collect includes names, addresses, age, gender and contact information. Medical information may be used in the event of an accident. Disability information is used to enable reasonable adjustments to be made to ride rules so that para riders can compete on an equitable basis. Parental consent forms are also submitted to ride organisers / secretaries.
The data is collected directly from Members, Staff, Volunteers or via EGB Groups.
We may also record data about people making enquiries to EGB who are not members or supporters for the purposes of providing information about membership and events.
We keep information regarding disciplinary actions and sanctions.
For some members we keep information about their board, committee, group or administrative roles (e.g. Ride Organisers and Secretaries) and whether they are an international trainer or an international athlete.
We may hold photographs of individuals including generic photographs where individuals may be difficult to identify.
We collect the results of competitions and these are used for maintaining the riding level, qualifications to ride (including in international competitions), of individuals along with annual rankings.
For members of staff we collect personal data and maintain personnel records in line with statutory requirements and best practice.
What is this personal data used for?
We use members’ data for the administration of your membership; the communication of information, including sending the EGB magazine and the organisation of rides and other events.
Medical information may be used in the event of an accident. Disability information is used to enable reasonable adjustments to be made to ride rules so that para riders can compete on an equitable basis. Parental consent forms are also submitted to ride organisers / secretaries.
We provide a limited amount of data for use by Ride Organisers, Technical Stewards and providers of support systems (e.g. RFID timing) for the proper and accurate administration of rides. A limited amount of data can also be submitted to other key officials from time-to-time, such as International Team, National Team and Group Team officials.
Who is your data shared with?
Member data is provided to Ride Organisers, Ride Secretaries and Technical Stewards for the purposes of administering rides entered by the Member. But only when an entry is made by the Members (or authorised delegate)
Member data is passed to our Card processing providers (currently SagePay and PayPal) for financial transactions related to ride entries, membership and other online purchases (e.g from the online shop)
Membership Lists are sent to the publisher of the printed magazine and rule book for the purpose of distributing Rule Books and the Member Magazine. The publisher deletes this information once the distribution has been made.
Membership Lists are sent to the Local EGB Group to which the Member belongs to allow communication about local events relevant to the Member.
Member and result data is sent to the FEI in relation to International registrations, entries and results.
Provision of results and rankings to other BEF Member bodies.
Results are provided to the EGB Archive database.
Disciplinary and safeguarding records may be sent to BEF if relevant to overall equestrian sport.
Entry lists may be given to providers of technical support services (e.g. Online Timing and results)
Where does this data come from?
Member & rider data is sourced directly from the member through online or paper application forms and can be viewed and amended online by the member or by request to the EGB office.
International competition data may be obtained from the FEI.
Information about Overseas Riders eligibility to compete in the UK (NoCs) is obtained (via the Member) from Other National Competiton Organisations.
Result information provided by Ride Organiser/Secretaries and Technical Stewards.
Disciplinary and safeguarding information from other BEF Member bodies.
Membership of other BEF Member bodies.
How is your data stored?
Most of our data, including our main database, is stored in a secure database hosted in “the cloud” using Google Cloud Platform in compliance with the GDPR.
Information for Ride Organisers and Technical Stewards is usually provided via spreadsheets which are held locally and destroyed when they are no longer required. Guidance has been issued to Ride Organisers and Technical Stewards on the safe storage of personal data.
Documents are normally in Word format and are increasingly stored in Microsoft OneDrive which is GDPR compliant.
Emails by the EGB Board, its Officers and the EGB Office are sent and received using Microsoft Office 365 which is GDPR compliant. Most volunteers use their own personal accounts.
The remainder of our data is kept in the form of written documents stored in our Abbey Park offices.
Who is responsible for ensuring compliance with the relevant laws
and regulations?
Under the GDPR (General Data Protection Regulation) we do not have a statutory requirement to have a Data Protection Officer. The person who is responsible for ensuring EGB discharges its obligations under the GDPR is the Executive Officer (office@endurancegb.co.uk). The Executive Officer is the person responsible for maintaining a log of data breaches and notifying the ICO and any members affected as necessary, in accordance with our legal obligations.
Who has access to your data?
Members of staff of EGB have access to members’ data in order for them to carry out their legitimate tasks for the organisations, such as responding to enquiries from those members.
Members of committees, the board of EGB and the local EGB Group to which the member belongs will be given access to this data for any legitimate purpose to do with their roles as officers of the organisation or members of their committees but will not be free to pass it on to any other organisation.
Ride Organisers/Secretaries and Technical Stewards are sent the limited information necessary for them to accurately and safely administer rides.
Sub-contractors of EGB may be given access to data for specific tasks, such as mailing copies of EGB magazine on our behalf. They are not allowed to use it for any other purpose.
What is the lawful basis for collecting this data?
EGB collects personal data that is necessary for the purposes of its legitimate interests as a membership organisation and as the authority of an internationally recognised and regulated, competitive sport.
For some data, such as that relating to financial matters, the basis for its collection and retention is to comply with our legal obligations. Similarly, personnel data is kept in compliance with our legal obligations.
How you can check what data we have about you?
If you want to see the basic membership data we hold about you, you can log in to The EGB Website and go to "Members | Account | View/Edit". There you can also update most of your details or change the permissions you wish to grant for the use of your data.
You can view your entire competition history in the EGB Archive, available by going to the website and selecting "Rides | Results | Archive".
You can contact us with a “Subject Access Request” if you want to ask us to provide you with any other information we hold about you. If you are interested in any aspects, specifying them will help us to provide you with what you need quickly and efficiently. We are required to provide this to you within 30 days.
There is not usually a fee for this, though we can charge a reasonable fee based on the administrative cost of providing the information if a request is manifestly unfounded or excessive, or for requests for further copies of the same information.
Does EGB collect any “special” data?
The GDPR refers to sensitive personal data as “special categories of personal data”.
Medical information may be held when provided by a rider, in confidence, and used in the event of an accident. Disability information maybe held and is used to enable reasonable adjustments to be made to ride rules, so that para riders can compete on an equitable basis.
Parental consent forms are also submitted to ride organisers / secretaries.
We also hold information on whether each member is a UK Citizen as it is a requirement of the FEI that any person who is not a UK Citizen has permission from their National Organising Committee to complete in National Competitions in the UK.
How can you ask for data to be removed, limited or corrected?
There are various ways in which you can limit how your data is used:
-
You could maintain your EGB membership with your correct name but with limited contact details. However, we do need to have at least one method of contacting you. You could for example simply maintain an up-to-date email address, but of course this would limit what we are able to provide you with in the way of written information, so you would not be able to get the EGB magazine in printed form or any other member benefits that require a mailing address.
-
You do not need to provide us with your date of birth unless you wish to enter age-limited (Young, Junior or Veteran) classes or gain concessions based on age.
-
You may choose not to receive information emails from the EGB sponsors. Note: Your email address is NOT provided to third parties, on very rare occasions we send the emails on their behalf.
-
Any of these options can be implemented by logging on to the EGB website and going to "Members | Account | View/Edit" and
editing your record there, either to correct erroneous data or to delete information you do not wish us to have. If you need any assistance with this, you may contact the Office at office@endurancegb.co.uk.
-
You may ask that any photograph of you that appears on the website be deleted by contacting the Office at office@endurancegb.co.uk.
How long we keep your data for, and why?
We normally keep members’ data after their membership lapses. This is because we find members sometimes later wish to re-join (occasionally after several decades) and if we no longer had their records we would be unable to re-instate their correct competitive level, which would be unfair both to the member concerned and other members against whom they are competing. However, we will delete any former member’s contact details entirely and will comply with a right to be forgotten on request.
Since underlying statistical data, like results, continues to be necessary in relation to the purpose for which it was originally collected and processed, results from events are not deleted although they will no longer be attributed to a member who does not want their data to be kept. (i.e. Removed from the online Archive)
Historical ranking lists and prize lists are required for archiving purposes and names cannot be removed from them. Similarly, archived news articles, whether on the website, or in EGB's magazines (both printed and online), will not usually be deleted.
Other data, such as that relating to accounting or personnel matters, is kept for at least the legally required or recommended period – 7 years for financial transactions, 12 years after the final benefit for staff pensions.
What happens if a member dies?
We normally keep members’ information after they die and show their achievements in various annual and all-time rankings, such as distance awards. If requested by their next-of-kin to delete it, we will do so on the same basis as when requested to remove data by a former member.
Can you download your data to use it elsewhere?
We have no specific facilities to download your data, but will assist members in legitimate situations, for example where proof of experience is required by another National Organising Committee.
Please contact the office on office@endurancegb.co.uk with such requests.
VERSION CONTROL
Version Number Purpose / Change Author Date
1.1 Initial Draft Nick Wallbridge 30/04/2018
1.2 Issue for Review John Hudson 06/05/2018
1.3 Include Review Comments John Hudson 10/05/2018