Data Protection Policy
Data Protection Policy
Table Tennis Ulster has legal obligations in respect of the way it obtains, retains, uses, and discloses personal data relating to employees, officers, affiliates and any other related individuals. Table Tennis Ulster is committed to complying with all Data Protection Law, and the purpose of this policy is to set out the legal requirements and principles and how they will be implemented, in order to ensure that all related parties are protected and that the reputation of the Association is preserved.
Scope and Definitions.
This policy applies to all employees, officers, affiliates and related individuals (eg contractors, consultants, suppliers or other third parties) who directly or indirectly have access to personal data obtained and retained by Table Tennis Ulster on its approved systems for the purposes of promoting and developing the sport of table tennis.
Below are definitions of some important terms used in this policy.
- Personal data means data relating to a living individual who may be identified from the data, on its own or in conjunction with other data that is in the possession of Table Tennis Ulster.
- Sensitive personal data means personal data relating to:
(a) the racial or ethnic origin, the political opinions or the religious or philosophical beliefs of a data subject;
(b) whether the data subject is a member of a trade union;
(c) the physical or mental health or condition or sexual life of the data subject;
(d) the commission or alleged commission of any offence by the data subject; or
(e) any proceedings for an offence committed or alleged to have been committed by the data subject, and the outcome of those proceedings.
- Data Protection Law means all legislation, regulations and applicable codes of practice relating to the processing, protection and privacy of Personal Data.
- Approved Systems covers any of the designated methods of data storage approved by the Board of Table Tennis Ulster. These include the laptops and hard drives of the Directors and employees and hard copies of records which may be required.
- Security of data means that all electronic data should be password-protected, and all printed or written hard copies of data should be secured when unattended.
All Table Tennis Ulster employees, officers and affiliates will adhere to the following data protection principles ;
- Obtain and process personal data fairly and lawfully;
- Retain it only for the specified purpose of promoting and developing the sport of table tennis;
- Process it in accordance with the rights of those individuals and only in ways compatible with the purposes for which the information was provided initially;
- Not transfer or provide sensitive personal data to a third party, without the express agreement of the data subject;
- Keep it safe and secure, taking all appropriate measures against unauthorised or unlawful processing of personal data and against accidental loss, destruction or damage. Electronic data should be password-protected, and hard copies secured when not attended;
- Not transfer personal data outside the EEA unless that country ensures an adequate level of protection;
- Keep it accurate and up-to-date;
- Ensure that it is adequate, relevant and not excessive;
- Retain it for no longer than is necessary for the specified purpose. Personal data should be destroyed after a period of 5 years from the date when the data subject ceases to be active, but related data may be retained for historical purposes; and
- Give a copy of his/her personal information to the individual, on request.
Table Tennis Ulster processes will be consistent with these principles and will ensure that the rights of our employees, officers, affiliates and other individuals are protected at all times while ensuring that the legitimate interests of Table Tennis Ulster are also protected.
Disclosure of Personal Information
Table Tennis Ulster will only disclose personal data to third parties if the data subject has consented to such disclosure or Table Tennis Ulster is entitled to do so for legitimate purposes or is obliged to do so under law. Table Tennis Ulster will ensure that any third party is contractually bound to comply with its instructions as to the processing of the data and to ensure that adequate processes are in place to protect the security of the data.
Specific Responsibilities of Directors and Employees
The Board of Directors and all employees of Table Tennis Ulster must;
- Comply, at all times, with the principles of this policy, which have been developed to comply with Data Protection Law;
- Understand the consequences of not following internal procedures e.g. customer’s personal data being compromised, reputational damage, regulatory sanction or costly rectification activity for Table Tennis Ulster;
- Understand their individual responsibility for compliance with Data Protection Law within their area of responsibilities and the potential consequences of non-compliance;
- Report any data protection breaches to the Board of Directors so that they can be examined and addressed appropriately.
Policy Monitoring and Escalation
Each Board Members and employee is required to conduct ongoing control checks to ensure compliance the principles of this policy document.
Table Tennis Ulster has a zero risk appetite for data protection policy breaches. Any unauthorised or unlawful processing of personal data, including unauthorised access to, or alteration, disclosure or destruction of, the data and accidental loss, potential loss or destruction to personal data is a breach and must be immediately reported to the Board of Directors.
Appropriate corrective action will be taken, including escalation to the Office of the Data Protection Commissioner where such breaches are deemed appropriate.
Table Tennis Ulster will deal with regulatory authorities and law enforcement agencies in an open, transparent and co-operative manner.
Exceptions to this policy are not permitted.
The Board of Directors is responsible for ensuring that Table Tennis Ulster meets the requirements of Data Protection Law, and that appropriate processes and systems are in place to ensure that all employees, officers and affiliates are aware of their obligations under Data Protection Law, and that such obligations are effected on an on-going basis. This policy will be reviewed at least every three years by the Board, or more often as relevant law, regulation or practice dictates.