Kit StoreFixtures & ResultsClub AppWest Riding County FA
bronzeRank #291
Powered By
Pitchero
Back

Login

Don’t have an account?Register
Forgotten your password?
Login with facebook
Powered By
Pitchero
Club Policies
Club Policies
  1. Club Constitution
  2. Code of Conduct
  3. Safeguarding Policy and Procedures
  4. Complaints & Disciplinary Procedures
  5. Social Media Policy
  6. Privacy Notice
  7. Data Protection Policy
  8. Inclusion Policy
  9. Rules for Playing Members
  10. Rules for Managers and Coaches
  11. Team Management Procedures
Club Policies 7 of 11

7. Data Protection Policy

Gomersal & Cleckheaton Football Club (“the Club”, “we”, “our”, “us”) is committed to protecting personal data and processing it responsibly, transparently, and in compliance with the UK General Data Protection Regulation (UK GDPR).

This policy applies to all members, officers, committee members, volunteers, contractors, coaches, managers, and anyone else acting on behalf of the Club who may have access to or process personal data in any capacity.

Purpose

This policy explains how the Club manages personal data lawfully and fairly, and the responsibilities of those handling it on behalf of the Club. It supports our aims to:

  • Build and maintain trust with players, parents, and other members
  • Ensure that data is only used for appropriate, football-related purposes
  • Meet legal and ethical responsibilities in line with UK GDPR and safeguarding expectations

Defintions

Personal Data: Any information that can identify an individual (e.g. name, contact details)
Processing: Anything done with personal data (collecting, storing, sharing, deleting, etc.)
Data Subject: The person whose data is being processed
Data Controller: The Club (who decides how and why personal data is processed)
Data Processor: Anyone acting on behalf of the Club (e.g. volunteers or coaches)

(See the ICO glossary for more detail: ICO – Key Definitions)

What Data We Handle

We process personal data relating to:

  • Players and their parents/guardians (current, former, and prospective)
  • Volunteers, coaches, managers, referees, officials, and committee members
  • Suppliers, third-party service providers, FA/League contacts

Data is collected via registration forms, communication, event attendance, or third-party systems (e.g. Whole Game System).

Legal Basis

Our legal bases for processing data include:

  • Contractual obligation (e.g. administering membership or roles)
  • Legitimate interest (e.g. contacting volunteers or running club operations)
  • Consent (e.g. when sharing health information or media)
  • Legal duty (e.g. safeguarding, insurance, or regulatory compliance)

If you do not provide the required personal data, you may be unable to fulfil your role or participate in Club activities.

Responsibilities

  • All individuals acting on behalf of the Club must follow this policy and process personal data securely and fairly
  • Do not share personal data without good reason or outside of Club-related purposes
  • Raise concerns immediately if you believe data is being misused or accessed inappropriately

The Club Management Committee is responsible for overseeing compliance. Questions or concerns should be directed to the Club Secretary

Data Retention & Security

  • Data will be retained only as long as necessary for the purposes stated
  • For most roles, personal data will be deleted within 12 months of the end of your official relationship with the Club
  • Access to data is limited to those who need it and is protected using reasonable safeguards (passwords, limited access folders, secure platforms)

Breach or Concern

Any potential data breach must be reported to the Club Secretary immediately. The Club will follow appropriate procedures to investigate, report, and manage the situation.

This policy will be reviewed annually or sooner if required by legislation or Club operations. Last reviewed: April 2025