Please be assured Forest United have taken appropriate steps to ensure we comply with the new General Data Protection Regulation.
Forest United is committed to protecting your information and will only process information in line with GDPR. We will keep your personal data confidential unless we are required to disclose it by law or regulation.
We will only store your information with your explicit agreement and will dispose of it in an appropriate manner and in line with legislative requirements.
You have the ‘right be forgotten’ upon request.
You can change your mind about whether / how you are contacted by us at any time.
What we collect
Forest United collects personal information about you when you complete any of our registration forms, be that paper or via out website, for example, name, contact information including email address and postcode.
What we do with the information we gather
If you have consented to receive marketing information, we use your information to keep you up-to-date with information, services, and special offers/products in line with your agreed preferences.
We understand that you do not want to be inundated with these types of communication, therefore, we will request your explicit permission as to what information we will share with you by email. If you no longer wish to receive marketing information from us, you have the right to stop it at any time by getting in touch with us or unsubscribing.
We want to make sure that your personal information is accurate and up to date. You may ask us to change or remove information you think is incorrect. If you are aware that any information we hold about you has changed (e.g. change of address) then please let us know the changes that need to be made at the earliest opportunity.
You have the right to request a copy of the information we hold about you this is known as a Subjected Access Request there is no cost to this and we will provide this information within 30 days. More information is available at https://ico.org.uk/your-data-matters/your-right-of-access/
If you would like a copy of some or all of your personal information, please write to our Club Secretary at secretary@forestunitedyouthfc.co.uk
Security
We have in place security procedures for the storage and disclosure of your personal information to prevent its loss, misuse, alteration or theft.
Use of Cookies
Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site. Cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie does not give us access to your computer or any information about you, other than the data you choose to share with us.
What happens if I refuse the use of cookies?
You may refuse the use of cookies by selecting the appropriate settings on your br,owser, however please note that if you do this you may not be able to use the full functionality of this website.
For further information on cookies visit http://www.allaboutcookies.org/
How to delete cookies
For information on how to delete cookies on your website go to http://www.aboutcookies.org/Default.aspx?page=2#ie8 select your browser and follow the instructions given.
General Data Protection Regulation supersedes the Data Protection Act 1998. Forest United. has updated its policies and procedures to reflect the new rights of individuals under GDPR, namely:
● the right to be informed;
● the right of access;
● the right to rectification;
● the right to erasure;
● the right to restrict processing;
● the right to data portability;
● the right to object; and
● the right not to be subject to automated decision-making including profiling.
Forest United keeps information on its staff, members and users, in order to meet our legal obligations and keep individuals safe when they are participating in our activities. Our reasons for keeping this information are covered by the lawful bases allowed in GDPR, namely: (clubs should select which of these bases apply to them, for each element of information held)
(a) Consent: The individual has given clear consent for you to process their personal data for a specific purpose.
(b) Legal obligation: The processing is necessary for you to comply with the law (not including contractual obligations).
(c) Vital interests: The processing is necessary to protect someone’s life.
(d) Public task: The processing is necessary for you to perform a task in the public interest or for your official functions, and the task or function has a clear basis in law.
(e) Legitimate interests: The processing is necessary for your legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests.
Audit of data held
Forest United has conducted an audit of the personal and sensitive data that we hold in the organisation.
Designated person responsible for GDPR compliance
The designated person responsible for GDPR compliance at Forest United is Scott Wade
Data Collection Procedures
● Forest United explains to people whose personal data we store how we intend to use that data through our privacy statement which is clearly accessible on our website
● Forest United gains active consent from individuals for holding their personal information by:
o Requiring the person (or their parent/carer for those under the age of 13) to sign to say they consent at the point at which data is collected
o We verify that the person giving consent on behalf of a young person under the age of 13 has the right to do so
o Seeking consent on an annual basis for those on mailing lists – and removing people from data bases if they do not respond.
o We keep records that demonstrate that individuals have given active consent for us to store and use their personal data
● Our forms and templates include a standard form of wording to ensure that individuals understand what the purpose of the collection of the data is and what will happen to that data. Importantly, our forms ensure that all individuals give their explicit consent when they supply information regarding medical conditions or are consenting to the use of their data for commercial purposes. Good evidence of explicit consent is a box ticked on a form.
● For people under the age of 13 we ensure that the child’s parent or carer give their consent by completing a paper form. We have a similar process for the carers of vulnerable adults who cannot give an agreement themselves
● Our privacy statement is written in terms which can be easily understood by our members/users and their families/carers
● Our staff and volunteers have been trained in using the personal data we collect only for the purposes that we state we use it for
● We store personal information securely, on password protected devices and/or in locked cabinets in secure premises. Only approved individuals have access to this data
● If someone withdraws consent for us to store and use their personal data, we immediately remove their data from our management information systems and shred any paper documents we hold concerning their personal information.
● We review our data collection and storage systems every 2 years, to ensure that they remain fit for purpose
How we handle personal and sensitive data
Forest United ensures that any confidential information is handled sensitively, stored appropriately and destroyed when no longer used.
1. We ensure that sensitive information, whether on a computer file or paper copies, is kept securely with access strictly controlled and limited to persons who need to have access to this information in the course of their work.
2. Sensitive data which could be a risk to individuals if in the public domain (e.g. health records, employment history) is held on fully secured, encrypted with a password, devices
3. Confidential information will only be used for the specific purpose for which it was requested and with the person’s full consent (although see below for information relating to welfare).
4. Once the information is no longer needed, confidential information will be destroyed by secure means (e.g. shredding, pulping or burning).
Information relating to the welfare of children, young people or vulnerable adults
Forest United works with children, young people or vulnerable adults with respect to their welfare, and we inform people that:
● Information will only be forwarded on ‘a need to know’ basis in order to safeguard the child/young person/vulnerable adult
● Giving such information to others for the protection of the child/young person/vulnerable adult is not a breach of confidentiality if it follows the agreed processes of local safeguarding authorities
● We cannot guarantee total confidentiality where the best interests of the child/young person/vulnerable adult are at risk
● Primary carers, children, young people and vulnerable adults have a right to know if a report is being made to the Health Services or police unless informing them could put the child/young person/vulnerable adult at further risk. If a decision is taken not to inform primary carers of such a report, reasons for that decision will be recorded
● Images of a child/young person under the age of 18/vulnerable adult/ will not be used for any reason without the consent of their parent/carer
● Images of members over 18 will not be used without their consent. We cannot, however, guarantee that cameras/videos will not be used at public events
Procedures are in place for recording and storing data in line with our privacy statement.
Information on employees and volunteers
Forest United holds information on its employees as required by government departments. We also hold data about our volunteers to enable us to respond to their needs and meet the requirements of our funders (where appropriate). We hold information on employees and volunteers for the duration of their employment/volunteering with us, and for 5 years after they have left our organisation.
Employees and volunteers can ask to see any information that we hold about them. Forest United will respond to such requests in a timely manner, within 30 days of receiving the request.
Dealing with a Data Protection Request
● Under GDPR, anyone can ask if an organisation holds personal information about them, through a Subject Access Request (SAR). Forest United will respond to their request within 30 days. This includes written records as well as data held on computer systems.
● The person has the right to know:
o What information is being used
o Why it’s being used
o Where it came from
o Who can see the information?
● Forest United will send them a hard copy, if possible, such as a letter or print out, unless both parties agree otherwise
● Forest United will make sure the recipient can understand the information, i.e. explain what any codes mean
● Forest United follows the advice of the Information Commissioner on what type of personal data must be disclosed if an organisation receives a subject access request. The key steps that must be followed when deciding whether to disclose personal data are that data should be disclosed if:
(i) A living individual can be identified from the data.
(ii) The data relates to the identifiable living individual, whether in personal or family life, business or profession.
(iii) That data is obviously about a particular individual.
(iv) The data linked to the individual provides particular information about that individual.
(v) The data is used to inform or influence actions or decisions affecting an identifiable individual.
(vi) The data had biographical significance in relation to the individual.
(vii) The data focuses or concentrates on the individual as its central theme rather than some other person.
(viii) The data impacts or has the potential to impact on an individual whether in a person, family, business or professional capacity.
● Particular care will be taken when disclosing information if a third party can be identified from the data. Special provisions apply in such circumstances.
Transferring information to third parties:
● Forest United only shares information on our members and users with third parties when a suitable contract is in place with any ‘data processors’ processing personal data on the organisation. This includes funders and sport governing bodies.
● Forest United does not transfer data to third parties unless we have authorisation (usually that the individual has given consent, or the recipient is an authorised ‘data processor’)
● Forest United does not put personal data on the Internet without the individual’s consent.
Significant data breach
In the event of a significant data breach, such as lost or misplaced personal files, computers or memory sticks holding such information Forest United will inform the relevant authorities and the individuals involved within 72 hours. Authorities will be given full details of the breach and actions to be taken to mitigate the impact.
Welcome to our website. If you continue to browse and use this website, you are agreeing to comply with and be bound by the following terms and conditions of use, which together with our privacy policy govern Forest United (1973) Youth Football Club Limited's relationship with you in relation to this website. If you disagree with any part of these terms and conditions, please do not use our website.
The term ' Forest United (1973) Youth Football Club Limited's or 'us' or 'we' refers to the owner of the website whose registered office is 20 Brampton Grove, Wembley, England, HA9 9QU. Our company registration number is 09581611 in England and Wales. We are also a registered charity with the charity number 1161923. The term 'you' refers to the user or viewer of our website.
The use of this website is subject to the following terms of use: