GDPR - OU Club and Affiliated Clubs Privacy Notice

OU Club and Affiliated Clubs: Privacy Notice

Scope

1. This document sets out how your personal data is used by the OU Club and any affiliated clubs. It applies to all members of OU staff, and any other individuals who join clubs affiliated to the OU Club.

Who we are

1. The Open University is the data controller in relation to the processing activities described below. This means that the Open University decides why and how your personal information is processed.
2. Where this policy refers to “we”, “our” or “us” below, unless it mentions otherwise, it’s referring to the Open University

What information do we collect about you, and how do we collect it?

Information that you give to us

1. Information that clubs are likely to ask for includes name, contact details, date of birth, emergency contact details, and may include further information depending on the nature of the club. If you join the OU Club mailing list, you will provide the OU Club with your email address so you can receive details of offers and activities.
2. If the club requires a subscription, or payments for any activities, then details of payments will be collected. The club may require details of medical conditions, passports and insurance if these are relevant to club activities.

Information that we may collect

1. The club or its members may take photographs of members during activities

Information that we collect from other organisations

1. It is unlikely that clubs receive any information about you from other organisations. If they do, then you will be informed about this.

How do we use your personal information?

1. The club will use your personal information to provide you with their activities or services, and maintain your health and safety.
2. Photographs of members may be shared with other members, or may be used publicly in order to promote the clubs activities. Each club should provide a mechanism for members to consent to use of photographs for marketing purposes, and/ or to opt out of photographs being shared with members.
3. It is in the legitimate interest of each club to provide you with these activities and services, to provide news about its activities, and to promote the club’s activities and membership.
4. If the club is providing a service for which you are paying, then your personal details, and details about your payments are necessary for the contract you have with the club.
5. Details of health, injuries and conditions may be required by sports related clubs, in order to assess the suitability of the sport or exercise, and for insurance purposes. This is in the legitimate interest of the club, and would be gathered via consent as it includes “special category” data
6. Details of medical conditions etc may be requested via consent by clubs dealing with trips/ visits, so any problems can be dealt with effectively.

Who do we share your information with?

1. Affiliated clubs (normally sports related) may facilitate membership of associated national organisations, for example British Aikido Board, England Squash. If so, they will provide relevant details to the associated national organisation, as required for your contract with the club.
2. For trips and visits, your personal details will be transferred to the trip provider where required, along with information such as your passport details. This transfer would be necessary for your contract with the club, and necessary for your contract with the trip provider, where relevant. Where medical information is transferred, this would be done with your consent.
3. Where the club operates a social media group or contributes to a social media platform, photos and comments may be added to the group. This is in the club’s legitimate interest of providing a forum to discuss events etc, and promote the club. Posts and photos can be removed if members object.
4. We use third party suppliers and service providers, for activities including

• File storage
• Financial transactions and fee payments

1. When we use third party service providers, we only disclose to them any personal information that is necessary for them to provide their service and we have a contract in place that requires them to keep your information secure and not to use it other than in accordance with our specific instructions.

Do we transfer information outside the EEA?

1. Information you provide to us is stored on our secure servers, or on our cloud based systems which are located within the EEA.

How long do we keep your personal information for?

1. We keep personal information on members for as long as you are a member, and delete specific data when it is no longer necessary. Please contact the individual clubs for further details.

Your rights

1. You have the right

• To access your personal information that we process
• To rectify inaccuracies in the personal information that we hold about you

1. In some circumstances, you also have the right

• To have your details removed from systems that we use to process your personal data
• To restrict the processing of your personal data in certain ways
• To obtain a copy of your personal data in a structured electronic data file
• To object to certain processing of your personal data by us
• To request that we stop sending you direct marketing communications.

1. If you are concerned about the way we have processed your personal information, you can complain to the Information Commissioner’s Office (ICO). Please visit the ICO’s website www.ico.org.uk for further details.

Contact us

1. Please direct any queries about this policy or about the way we process your personal information to our Data Protection Officer using the contact details below.