Data Protection Policy

This is the organisation’s policy and statement of the purposes for which it holds personal data about its employees and others who work for it. It deals with the use of personal information which is likely to arise in any employment relationship. In the course of your work you may come into contact with and use confidential personal information about people such as names and addresses and also information about a client’s circumstances, families, health or other private matters. This policy helps to ensure that you do not breach the Data Protection Act 1998 which has strict rules in this area.  If you are in any doubt about what you may or may not do, seek advice from your line manager.




  1. We will collect, hold and process information consisting of personal data including sensitive personal data (see paragraphs 3 & 4 below) about all our employees, applicants for employment, self-employed contractors, agency workers and others who work for us, who are referred to in the Act as “data subjects”.


  1. The purpose for which we hold any information about data subjects is for use solely for administrative and personnel management purposes, including, but not limited to recruitment, appraisals, performance, promotion, training, career development, pay and remuneration, pension and insurances and other benefits, payroll, tax, national insurance, other deductions from pay, health and safety, discipline and grievances and the review of our Human Resources polices.


Sensitive Personal data:


  1. The Act defines “sensitive personal data” as personal data consisting of information as to racial or ethnic origin, political opinions; religious beliefs or other beliefs of a similar nature, membership of a trade union; physical or mental health or condition; sexual life; the commission or alleged commission of any offence or any proceedings for any offence committed or alleged to have been committed, including the disposal of such proceedings or the sentence of any court in such proceedings.


  1. The purpose for which we hold sensitive personal data about data subjects is for use solely for equal opportunities monitoring or for the provision of specific services to individuals, including but not limited to: suitability and fitness for work, sick pay and sick leave, absence control, maternity leave and pay, parental leave, safe environment and obligations under the Equality Act.


Retention of data


  1. We shall retain information on employees for as long as is necessary to comply with administrative and personnel purposes and to comply with the law and in line with established good practice.


  1. The purpose for which we hold any information about data subjects after the end of employment (as indicated in the above table) is for use solely for any residual employment related matters including, but not limited to the provision of job references, processing applications for re – employment, matters relating to retirement benefits and allowing us to fulfil contractual or statutory obligations.


Statutory purposes


  1. In addition to the above purposes, we may collect, hold and process data including sensitive personal data if it is necessary to do so for compliance with any statutory duty with which we are required to comply.


Third parties


8. If necessary for the above purposes we may transfer personal data to our insurers, bankers, legal, employment, medical and other professional advisers, administrators of our pension scheme or your own pension provider and other companies to which we have contracted work relating to any of the above purposes for which the personal data are to be used.  Data may also be disclosed to others at an employee’s own request.


Electronic Communications


  1. We monitor electronic communications by employees, including access to websites, to ensure that these systems are being used in accordance with our ICT policies.   


Good practice


  1. The Data Protection Act sets out eight enforceable principles of good practice; to which we will make all reasonable efforts to adhere.  These principles are that:


  • Personal data shall be processed fairly and lawfully and, in particular, shall not be processed unless specific conditions are met;

  • Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes;

  • Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed;

  • Personal data shall be accurate and, where necessary, kept up to date;

  • Personal data shall not be kept for longer than is necessary for that purposes or those purposes;

  • Personal data shall be processed in accordance with the individual’s rights under the Act;

  • Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data;

  • Appropriate technical and organisation measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.


In addition, the Club will ensure that:


  • There is a Data Protection Officer with specific responsibility for data protection in the Club. The DPO is currently [                ];

  • Everyone managing and handling personal information understands that they are responsible for following good data protection practice;

  • Everyone managing and handling personal information is appropriately trained to do so;

  • Any third party organisation which processes data on our behalf has adequate measures in place and provides us with written guarantees to this effect;

  • Queries about handling personal information are promptly and courteously dealt with;

  • Methods of handling personal information are clearly described;

  • A regular review and assessment is made of the way personal information is managed.


Access and correction


  1. You have a right to request access to, and to request correction of, your personal data in relation to your employment.  If you wish to exercise these rights, please contact the DPO. You will be charged an administration fee of £10 for any request under the DPA. The Club will respond as soon as possible to any request for access to your personal data, and in any event within 40 days of your request.


  1. The organisation expects all employees with access to personal information to respect the need for confidentiality and to avoid improper use or transfer of such information.  Any employee who fails to adhere to these principles will render themselves liable to disciplinary action under the organisation’s rules and procedures. If you access the records of another employee or a client without authority or use such records in a way inconsistent with the rules set out in this policy this is misconduct which could lead to the disciplinary action against you, including the possibility of your dismissal. In addition, such unauthorised access is also a criminal offence under section 55 of the Data Protection Act 1998.