1. INTRODUCTION
Gomersal & Cleckheaton FC recognises that players, parents, volunteers, members and partners trust us with their personal information.
We are committed to handling that information responsibly, securely and transparently in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 and all applicable legislation.
Protecting personal information is not simply a legal requirement; it is an important part of maintaining the trust and confidence of everyone involved with our Club.
This handbook explains how Gomersal & Cleckheaton FC manages personal information in practice and should be read alongside the Club Constitution, Governance Framework and supporting Club policies.
2. OUR COMMITMENT
GCFC is committed to ensuring that personal information is:
• Collected fairly and lawfully.
• Used only for legitimate Club purposes.
• Accurate and kept up to date.
• Stored securely.
• Shared only where appropriate.
• Retained only for as long as necessary.
• Deleted securely when no longer required.
We believe everyone has a responsibility to protect the personal information entrusted to the Club.
3. DATA PROTECTION PRINCIPLES
At GCFC we believe:
• Personal information belongs to the individual.
• Privacy should always be respected.
• Only the minimum information necessary should be collected.
• Information should only be shared when there is a legitimate reason.
• Safeguarding and data protection work together.
• Good data protection builds trust.
4. WHO THIS HANDBOOK APPLIES TO
This handbook applies to everyone acting on behalf of Gomersal & Cleckheaton FC, including:
• Players
• Parents and Carers
• Coaches and Managers
• Committee Members
• Volunteers
• Match Officials
• Anyone processing personal information on behalf of the Club
Everyone has a responsibility to protect personal information.
5. ROLES & RESPONSIBILITIES
Everyone at GCFC must:
• Handle personal information responsibly.
• Keep information secure.
• Respect people's privacy.
• Report suspected data breaches immediately.
• Follow this handbook and Club procedures.
Managers and Coaches must:
• Only collect information necessary for football activities.
• Store information securely.
• Use approved Club systems wherever possible.
• Keep player information confidential.
• Dispose of information securely when no longer required.
Managers and Coaches must never:
• Share personal information without a legitimate reason.
• Store Club information on unsecured personal devices.
• Discuss confidential information publicly.
• Keep information longer than necessary.
• Use player information for personal purposes.
Committee Members must:
• Ensure appropriate governance arrangements are maintained.
• Protect information relating to members and volunteers.
• Ensure appropriate security measures are in place.
• Promote good data protection practices throughout the Club.
6. PERSONAL INFORMATION WE COLLECT
The Club may collect information including:
• Names
• Addresses
• Telephone numbers
• Email addresses
• Emergency contacts
• Medical information where necessary
• Date of birth
• FA registration information
• Coaching qualifications
• DBS information
• Attendance records
• Photographs and videos (where appropriate)
Only information necessary for legitimate Club purposes will be collected.
7. HOW WE USE PERSONAL INFORMATION
Personal information is used to:
• Register players and volunteers.
• Organise football activities.
• Communicate with members.
• Meet safeguarding obligations.
• Meet league and FA requirements.
• Manage memberships.
• Process payments.
• Arrange events.
• Maintain Club records.
Information will never be used for unrelated purposes without an appropriate lawful basis.
8. LAWFUL BASIS FOR PROCESSING
GCFC processes personal information using one or more of the following lawful bases:
• Contract
• Legal obligation
• Legitimate interests
• Consent
• Protection of vital interests where appropriate
Where consent is relied upon, individuals may withdraw that consent at any time where applicable.
9. SHARING INFORMATION
Information may be shared only where appropriate, including with:
• The Football Association
• County Football Association
• League organisations
• Safeguarding agencies
• Emergency services
• Professional advisers
• Approved service providers
Information will only be shared where there is a lawful reason to do so.
10. DIGITAL SYSTEMS
To help protect personal information, GCFC uses approved digital systems wherever possible.
These may include:
• Pitchero
• The FA systems
• Microsoft 365
• Microsoft Forms
• Outlook
• Approved Club cloud storage
Volunteers should avoid storing Club information within personal email accounts, personal cloud storage or unauthorised applications unless specifically authorised.
Only approved Club systems should be used to store or process Club information unless specifically authorised by the Executive Committee.
11. PHOTOGRAPHY AND DIGITAL MEDIA
Photographs and videos form part of Club life but must always be managed responsibly
The Club will:
• Obtain appropriate consent where required.
• Follow safeguarding guidance.
• Respect individual privacy.
• Store digital media appropriately.
• Remove content where appropriate.
Volunteers should follow the Club's Photography and Social Media Policies at all times.
12. DATA SECURITY
Everyone handling Club information should:
• Use strong passwords.
• Lock devices when unattended.
• Protect paper records.
• Avoid sending confidential information insecurely.
• Dispose of information securely.
• Report lost devices or information immediately
• Report suspected phishing emails, scams or cyber security incidents immediately.
Protecting information is everyone's responsibility.
13. DATA RETENTION
Personal information will only be kept for as long as necessary to fulfil its purpose or meet legal and regulatory obligations.
When information is no longer required it will be securely deleted or destroyed.
When volunteers leave the Club, access to Club systems should be removed promptly and any Club records returned.
14. INDIVIDUAL RIGHTS
Individuals have rights under UK GDPR, including the right to:
• Be informed.
• Access their information.
• Correct inaccurate information.
• Request deletion where appropriate.
• Restrict processing in certain circumstances.
• Object to certain processing.
• Complain to the Information Commissioner's Office (ICO).
Requests should be made to the Club Secretary
15. DATA BREACHES
If you believe personal information has been lost, stolen, shared incorrectly or accessed without authorisation:
What should I do?
1. Report the issue immediately to the Club Secretary.
2. Do not attempt to hide or delete evidence.
3. Record what has happened, including when and who may be affected.
4. Cooperate fully with any investigation.
Do not attempt to contact affected individuals unless instructed to do so by the Club Secretary or Management Committee.
Prompt reporting allows the Club to protect individuals and comply with legal reporting obligations where necessary.
16. RELATED DOCUMENTS
This handbook should be read alongside:
• Club Constitution
• Governance Framework
• Roles & Responsibilities
• Manager & Coach Handbook
• Volunteer Recruitment, Induction & Management Procedure
• Safeguarding Handbook
• Equality, Diversity & Inclusion Handbook
• Code of Conduct
• Financial Governance Policy
• Digital Communication & Social Media Handbook
• Privacy Notice
• Respect & Conduct Procedure
17. OUR COMMITMENT
Protecting personal information is about more than legal compliance - it is about respecting the trust that players, parents, volunteers and members place in our Club every day.
By working together and following the principles within this handbook, we will ensure information is handled responsibly, securely and transparently, helping Gomersal & Cleckheaton FC remain a trusted, professional and well-governed community football club.