Data Protection

The Amalgamated Boxing Club Guernsey (“GABC”) holds data on members. The GABC is regis-tered as a “Data Controller” under Guernsey’s 2001 Data Protection Law, which requires our coaches to behave professionally when handling data. The GABC could face legal action if the Law is breached.

It applies when personal data is stored on a computer or in a manual filing system which enables an individual’s record to be found by a search. It applies not only to databases, but to anything carried in an email or a memo typed on a word processor. It would not apply to a hand-written note unless that note was then put into a file indexed with that person’s name or some other personal identifier (e.g. a membership number). Remember that even “deleted” computer files can often be retrieved and almost any document can be searched for a name. Art, journalism, research and statistics are amongst a small number of special cases where the law does not al-ways apply. Information which is already published (i.e. in the phone book) can also be exempt.

Personal data is any information about a member who can be identified from the data, for exam-ple name, address or their photograph. So an anonymous survey is not covered by the Law, but a CCTV camera image is. Anything we do with that data is “processing” it.

Sensitive personal data relates to the racial or ethnic origin, political opinions, religious beliefs, trade union membership, physical or mental health, sex life, the commission of offences etc. This can only be recorded by the GABC where for instance the subject has given specific consent or if there is any legal obligation to do so.

1. Data must be processed fairly and lawfully.
People must know, or be able to assume, that we are processing information about them (i.e. if they fill in a form or send us a letter or email). We should not collect information by underhand means or use it for unlawful purposes.

2. Personal data must be obtained only for one or more specified purposes
We can only use data for the purposes we set out when we collected it. So, if we collect address lists to allow us to send newsletters we cannot automatically pass these on to third parties etc.

3. Data must be adequate, relevant and not excessive.
We should record only what we need to record. If we do not need to know a person’s date of birth, then we must not record it. It may be however that we need to make some records of sen-sitive personal data in order to do our jobs properly – for example a participant’s medical infor-mation.

4. Data must be accurate and up to date.
Inaccurate data wastes our time and the time of the public we serve. It can cause offence – for example continuing to write to someone who is deceased or invoicing someone who has already paid. Errors can open the way to identity theft and fraud. So, we need to keep data up to date and purge old, redundant information.

5. Data must be retained for no longer than necessary.
Data files must be reviewed periodically and data not needed should not be kept. Specific de-tails on GABC timeframes for retaining information can be found in the section below entitled “The Amalgamated Boxing Club Guernsey Retention and Sharing of Data Policy”.

6. Data must be processed in accordance with the rights of data subjects.
The rights of our data subjects include having access to their personal data (see below). We should also avoid causing damage or distress – for example by publishing names without that person’s consent. We must take care with any direct marketing, as this can be construed as junk mail or email spam.

7. Data must be kept secure.
This does not just mean keeping files under lock and key, but also that data is protected against being destroyed or corrupted, that there are back-ups, that passers-by cannot read computer screens, that passwords are changed periodically, that discarded data is disposed of appropri-ately, and that only properly authorised people see or use the data. The “leaking” of information to any person outside The Amalgamated Boxing Club Guernsey may be taken as breaking this principle. You should take great care when sending data as email attachments and when for-warding emails with large “cc” lists giving away other people’s email addresses. All paper which includes personal data should be shredded. Care should be taken when carrying data on laptop computers, data disks or pen drives; at the end of their useful lives these items should be dis-posed of by IT, which will ensure they are properly erased.

Members have the right to request access to personal data held about them. This means you must be careful about putting anything on file, on computer or into an email which you would not want the subject to read. You may be required to explain any flags, codes or abbreviations used in the records.

If you receive such a request in writing you must not withhold the request (as we have only 60 days to respond). You must not destroy, alter or delete any records after receiving the request, as this would breach the Law. You must not inadvertently compromise other people’s rights in responding to such a request (i.e. if a record contains data relating to more than one person).
People have the right to be told what the data is being used for and to object to this if they don’t like it.

Any form, web page etc that we design to collect personal data should include a Data Protection Statement. This will set out who we are, what we intend doing with the data the public are provid-ing and who we will share it with. It may include “opt out” or “opt in” boxes to tick, for example if members do not wish to receive marketing information.

Members have rights under the Law to see files relating to them held by GABC. There are certain exceptions to the kind of documents which must be released.

Data on Paper

The following should be kept for 6 years and then destroyed:

1. Membership consent forms.
2. Accident/Incident paper Report Forms.
3. Completed paper Risk Assessments.
4. Completed paper Registers
5. Any other similar forms for GABC run programmes.

Electronic Data

1. Any computer files containing personal information will be password protected.
2. Personal information on computer files will be kept for the year of the programme/initiative and then another full calendar year. After this time the files will be destroyed or de-personalised if needed to be kept for statistics.

Any information shared is done in accordance with GABC Safeguarding and Protecting Children and Vulnerable Adults policy.

1. Photographs will be stored securely.
2. Photographs will only be used and kept where consent has been gained, and for the purposes given.
3. Photographs are taken and stored in line with the GABC Safeguarding and Protecting Children and Vulnerable Adults policy.
4. Photographs on personal devices should be immediately/as soon as
   possible downloaded to a GABC PC/Device and permanently deleted from the personal device.
5. Photographs may be kept for historical records and review purposes, however there will be no references to individuals or personal information. Such photographs will be securely stored.

Reviewed 11/08/2021