General Data Protection Regulation (GDPR)
Data controller: Druids Lodge Polo LLP
Druids Lodge Polo LLP (DLP) collects and processes personal data relating to its clients in order to manage the relationship. DLP is committed to being transparent about how it collects and uses that data and to meeting its data protection obligations.
What information does DLP collect?
DLP collects and processes the following information:
– Your name, address, and contact details including your email address
– Details pertaining to membership
– Bank details for payment
– Emergency contact
– Medical details
– CCTV footage and pictures
We do not use any other third party to collect or process information on our behalf.
Why do we collect this data?
DLP needs to process data to enter into contracts with you and to meet its obligations under such contracts.
In some cases, DLP needs to process data to ensure that we are complying with our legal obligations. For example, we are required to process medical data to ensure we comply with health and safety and do not put your health at risk through participation.
In other cases, we have a legitimate interest in processing personal data before, during, and after your contract with DLP. Processing client data allows us to:
– confirm bookings and rearrange lessons and to follow up with you regarding your experience with us
– maintain accurate and up-to-date client records and contact details, including emergency contacts
– maintain correct invoicing and payments
– assess client safety and suitability regarding playing and instruction
Processing employee data allows us to:
– maintain accurate and up-to-date records and contact details, including emergency contacts
– maintain correct invoicing and payments
– assess safety and fitness to work
For our members
DLP need to process personal data such as name, contact details and address to form a contract between you as the member and the polo club. In order to carry out our obligations under this contract and notify or invoice you regarding our services we need to process personal data such as email address and/or address.
In some cases, we may be required to share personal information with the HPA, i.e. change in handicap or if you register your HPA membership with DLP.
For our non-members
DLP need to process your personal data to contact you regarding lesson bookings and to follow up on your time with us.
For job applicants and current/past employees
DLP is the data controller for the application process unless otherwise stated.
All the information you provide during the process will only be used for the purpose of progressing your application or to fulfil legal or regulatory requirements.
The contact details you provide will be used to contact you to progress your application. We use other information that you provide to assess your suitability for the position.
We do not collect more information than we need to fulfil our stated purposes.
We are required to confirm the identity of our staff, their right to work in the United Kingdom and seek assurance as to their trustworthiness, integrity and reliability.
You will therefore be required to provide:
– Proof of your identity – you will be asked to attend our office with original documents, we will take copies.
– We will contact your referees, using the details you provide in your application, directly to obtain references
We will also ask you to complete a form about your health and previous experiences. This is to establish your fitness to work.
If we make a job offer, we will also ask you for the following:
Bank details – to process salary payments
Emergency contact details – so we know who to contact in case you have an emergency at work
Medical details – if you have a medical condition that could impact you during work, you must disclose this.
For all staff we will retain the information you provide as part of your employee file for the duration of your employment. We may also keep your Personal Information for a number of years after the end of your employment.
Unsuccessful applicants: we may retain your information in order to contact you, should an opportunity become available after the original job has been filled.
Who has access to this data?
Your information may be shared internally within the management team. Providing access to your data is necessary for performance of their roles.
The organisation may share your data with third parties for two possible reasons;
– If required by the HPA or other polo organisation with regard to the management of the sport.
– If required by medical staff following an accident, for example, your name, age, and any pre-existing medical conditions
DLP may also share your information with government authorities for legitimate purposes.
How long do we keep your data?
We will keep Personal Information for as long as is necessary for the purposes for which we collect it. The precise period will depend on the purpose for which we hold your information. In addition, there are laws and regulations that apply to us which set minimum periods for retention of Personal Information.
Depending on our relationship with you, we may keep your Personal Information for a number of years after our relationship ends.
We will provide you with further information if appropriate to give you a full picture of how we collect and use your Personal Information.
Druids Lodge Polo LLP will never send marketing information that does not relate directly to services that we provide.
We will send out regular information on events and services happening at Druids Lodge. We may also send out marketing on behalf of events that we are directly involved in or feel our clients will have a genuine interest in, for example, international polo events.
Pictures and Images
Druids Lodge Polo LLP often have photographers present at fixtures and events who may take photos of players and the crowd which we use for marketing and business purposes.
We will always treat all images of our clients as sensitive data and will not sell your images on to third parties without your permission.
If you have any concerns about this, please contact us using the details below.
CCTV on the Premises
DLP has 24 hour closed circuit television on the car park for safety and to protect its residents, clients, and visitors on the site.
The system is encrypted at two separate levels so only those within senior management and the Premises Manager have access to the footage.
Footage is stored on the built-in memory for a maximum of 120 days when it is automatically deleted.
Footage is only downloaded from the system when it pertains to an incident that requires investigation internally or by the police. In these cases, only footage that is of the incident will be downloaded.
We do not use the CCTV system as a way of monitoring our residents, staff, clients, or visitors to the site.
DLP registered our CCTV with the ICO as is required under the GPDR. This does not give the ICO access to the system.
If we do collect personal data through our website, we’ll be upfront about this. We’ll make it clear when we collect personal information and we’ll explain what we intend to do with it.
Any non-essential cookies on our website are opt-in only and you can change these settings anytime through your browser. Essential cookies are there for functionality and security of the website. Again, you can clear all cookies through your browsers settings.
What if you do not provide your personal data?
You have some obligations under the contract to provide DLP with data. Certain information such as, medical and health information, and emergency contacts are required in order to provide you with the best possible service.
As a data subject you have a number of rights which you can exercise in relation to the information we hold about you. This is under the Data Protection Act 1998.
You can read more about these rights here – https://ico.org.uk/for-the-public/is-my-information-being-handled-correctly/
If you would like to exercise any of these rights, please contact the address below.
Queries or complaints
If you believe that DLP has not complied with your data protection rights, you can complain to the Information Commissioner
How to Contact us
If you want to request information you can email email@example.com or write to:
Data Protection Coordinator
Druids Lodge Polo Club
SP3 4UN Date updated: 03/08/18
Policy Review Date: 27/10/18