Kit StoreFixtures & ResultsClub AppBecome A Sponsor
bronzeRank #320
Powered By
Pitchero
Back

Login

Don’t have an account?Register
Forgotten your password?
Login with facebook
Powered By
Pitchero
Club Policies
Club Policies
  1. Club Constitution
  2. Code of Conduct
  3. Safeguarding Policy and Procedures
  4. Complaints & Disciplinary Procedures
  5. Social Media Policy
  6. Privacy Notice
  7. Data Protection Policy
  8. Inclusion Policy
  9. Rules for Playing Members
  10. Rules for Managers and Coaches
  11. Team Management Procedures
Club Policies 7 of 11

7. Data Protection Policy

Gomersal & Cleckheaton Football Club (“the Club”, “we”, “our”, “us”) is committed to protecting personal data and processing it responsibly, transparently, and in compliance with the UK General Data Protection Regulation (UK GDPR).

This policy applies to all members, officers, committee members, volunteers, contractors, coaches, managers, and anyone else acting on behalf of the Club who may access or process personal data in any capacity.

Purpose

This policy outlines how the Club manages personal data lawfully and fairly and clarifies the responsibilities of individuals handling such data. It supports our commitment to:

  • Building and maintaining trust with players, parents, and members
  • Ensuring data is only used for appropriate, football-related purposes
  • Meeting legal and ethical responsibilities in line with UK GDPR and safeguarding requirements

Defintions

  • Personal Data: Any information that can identify an individual (e.g. name, contact details)
  • Processing: Any operation performed on personal data (collecting, storing, sharing, deleting, etc.)
  • Data Subject: The person whose data is being processed
  • Data Controller: The Club – responsible for determining how and why data is processed
  • Data Processor: Anyone acting on behalf of the Club (e.g. volunteers or coaches)

See the ICO – Key Definitions for further details.

What Data We Handle

We process personal data relating to:

  • Players and their parents/guardians (current, former, and prospective)
  • Volunteers, coaches, managers, referees, officials, and committee members
  • Suppliers, service providers, FA and League officials

Data may be collected through registration forms, communications, event participation, or via third-party systems (e.g. the FA’s Whole Game System).

Legal Basis for Processing

We process personal data under the following lawful bases:

  • Contractual obligation – e.g. to administer Club membership or roles
  • Legitimate interes – e.g. for general Club operations and communication
  • Consent – e.g. for use of medical data or photos
  • Legal duty – e.g. for safeguarding or insurance purposes

Failure to provide required data may affect participation in Club activities or roles.

Responsibilities

  • Individuals acting on behalf of the Club must process data lawfully, securely, and only for Club-related purposes
  • Personal data should not be shared without valid justification
  • Any concerns about misuse or unauthorised access should be raised immediately

The Club Management Committee is responsible for overall compliance. All queries should be directed to the Club Secretary.

Data Retention & Security

  • Personal data will be retained only for as long as necessary
  • Data will typically be deleted within 12 months of the end of an individual's relationship with the Club (unless required longer by law)
  • Access is restricted to authorised individuals and secured through appropriate measures (e.g. password protection, limited-access folders, secure systems)

Breach Reporting

Any actual or suspected data breach must be reported immediately to the Club Secretary. The Club will investigate and follow appropriate procedures, including reporting to the ICO if required.

Last updated: June 2025. This notice is reviewed annually.

pdf

Data Protection Policy 220625

473.7KB
Download