Northumbria Sport and Activity Participant and Membership Privacy Notice
- Data Controller
Northumbria Sport is a department of Northumbria University, a registered Data Controller with the Information Commissioner’s Office (‘ICO’), which is the supervisory authority responsible for the oversight and enforcement of Data Protection Legislation within the United Kingdom.
Registration Number: Z7674926
This privacy notice is a statement that describes how and why ‘Northumbria Sport’ (“we”, “our”, “us”) processes (‘collects’, ‘uses’, ‘retains’, ‘discloses’, ‘disposes of’) the personal data of past, current and prospective Northumbria Sport members, facilities users, volunteers and interns, and registered activity participants (“you”, “your”).
3. Where do we get your personal data from?
You provide data to us through your enquiry and application to become a member, or user of Northumbria Sport, when you participate in our programmes or activities or when you register for and attend our events.
Data is further collected or updated through management of your membership, when you communicate with us, when you interact with our facilities and through our management and evaluation of your sports performance and development plans.
4. Categories of personal data are processed by us
To carry out our activities and to deliver our obligations to you, we may collect, store, and process the following categories of personal data for the purpose of administering the relationship with you:
Name, title, staff/student number, addresses, telephone
numbers, email address etc.
Enquiry and correspondence records, application records etc.
Banking or payment card details, national insurance, salary
(“Sensitive”) Personal Data
Data concerning your health fitness and sporting/athletic
performance. (e.g. relevant disability, relevant health issues,
Building entry, CCTV images, security incident reports
Emergency contact information
Photos and video
Performance images, sports participation, events etc
5. Activities we process your personal data for and the lawful basis
Under Article 6 GDPR we must identify a basis for the "Lawfulness of processing" of our activities involving of your data. These are broadly described as: ‘Consent’, ‘Contract’, ‘Legal Obligation’, ‘Vital Interests’, ‘Public Interest (or Public Task)’ and ‘legitimate interests’.
Data is required for the following activities, which have been identified as necessary “for the performance of our contract with you” or in the case of applicants, “in order to take steps prior to entering into a contract”.
• To respond to your enquiries, to receive and administer your application or registration, and to deal with any ongoing concerns or enquiries you have.
• To process payment of your membership or participation fees, and for the administration of renewals, including notification of upcoming membership expiry.
• To provide you with access to our events, facilities, services and activities.
• To provide you with operational information about the events, facilities, services and activities such as cancellation of sessions, closures or other relevant communications.
Data is also processed for the following activities, which have been identified as necessary “for us to comply with the law”:
• For monitoring compliance with and enforcement of relevant policies in relation to health and safety and security (prevention and detection of crime) - including the
use of CCTV, and safeguarding.
We may also process your personal data because it is necessary for our “legitimate interests or the legitimate interests of a third party”:
• To monitor and evaluate our performance and effectiveness
• To maintain and improve our facilities and the services available;
• To seek advice on our rights and obligations, such as where we require our own legal advice;
• To process the recovery of any money you owe to us.
• In relation the “establishment, exercise or defence of legal claims” or whenever courts are acting in their judicial capacity”.
Photography, video and social media
Photographs and video may be taken at our events and activities for use in communications, news and marketing materials including, but not limited to, our website and on social media channels.
We will gain explicit written consent when:
- You are the sole subject of the photograph, and we are going to use your image in printed materials
- You are participating in an activity where you expect a higher level of privacy. E.g., a swimming pool session or sports massage
We may use your image without explicit written consent when:
- You are not the subject of the image, i.e., if it is a “group”/ “crowd” shot at an activity/event.
- We are publishing the image for journalistic purposes e.g., a match report of a sports fixture.
- You are participating in fixtures or training as part of a Northumbria Sports Club - This is outlined in the Terms & Conditions of the Club Membership and Scholarship contract.
Notifications will be put up in and around our facilities to inform you when such photography is taking place at events and activities
If you do not wish to be included in photography/video, you can highlight that to the photographer present or can ask for your digital image to be removed.
We may share fixture/competition images with partners and sponsors including organisations such as BUCS.
Video footage may be taken of Sports Club members for performance analysis purposes as outlined in a scholarship contract or membership terms and conditions. Footage is stored securely on cloud-based software. On occasion, footage from video analysis cameras will be live streamed.
We may use images/video on ‘live’ social media as outlined above including at events and fixtures.
You have the right to object or restrict your image being taken or used. If you would like to exercise this right, please contact us as set out below.
All communication with you, including in relation to updates to this privacy notice, will, where possible be made via the preferred method of communication that you have registered with us.
We will contact you in relation to events and products that we believe are relevant to you based upon their similar nature to your engagement with us including: events, benefits and opportunities offered by us, or in relation to operational information (e.g. building closures etc).
If, at any stage, you are concerned about the content (e.g. unwanted marketing), frequency (too many) or method (change preference) of these communications, you can unsubscribe or update your preferences using the link which will be provided at the bottom of the relevant correspondence.
Should you unsubscribe from our marketing messages you will miss regular communications about our services and updates.
6. Personal Data may be shared with
From time to time, we may be required to share limited personal data with third parties
for specific purposes, including:
• Player registration with national governing bodies and leagues, for example BUCS TASS etc
• With coaches, physiotherapists and other relevant sports or health care related partners where they are engaged as part of the delivery of our contract with you, for occupational health related purposes or with your explicit consent.
• With emergency services or your emergency contact where there is a vital interest.
• With the police or law enforcement agency if requested for the prevention or detection of crime.
• With your parent/guardian if you are between the ages of 5 - 13.
• The Health and Safety Executive.
• External auditors, insurance providers or appointed legal representation.
Any other disclosures that may be required but not listed above will be in accordance with your rights and the requirements of the GDPR.
7. Transfers to third party countries
Some of our IT services are hosted by organisations who may back up their data to locations based in third party countries. Where data is shared with third party countries, we ensure that these countries are either approved by the European Commission as having ‘adequate protection’ or we put in place ‘appropriate safeguards’ and contracts with these organisations, so as to maintain the security of the data and your rights under relevant Data Protection legislation.
There may also be limited sharing with organisation in third countries under specific events, for example Zambia Project.
8. How personal data is stored securely by Northumbria University
We have implemented appropriate physical, technical, and organisational security measures designed to secure your personal data against accidental loss and unauthorised access, use, alteration, or disclosure. In addition, we limit access to personal data to those employees, agents, contractors, and other third parties that have a legitimate business need for such access.
All of our employees, contractors and volunteers with access to personal data receive mandatory data protection training and have a contractual responsibility to maintain confidentiality and access to your data is restricted to those members of staff who have a requirement to access it.
We utilise many different storage solutions and IT systems, some of which are outsourced to third party providers. For example, email accounts are provided by the Microsoft Live@Edu service.
Where processing takes place with an external third party, processing takes place under an appropriate agreement outlining their responsibilities to ensure that processing is compliant with the Data Protection legislation and verified to be secure.
9. Automated individual decision making, including profiling
We may use ‘Profiling’ (where information about you is used to tailor goods or services based on your interests, movement or records of your activities) to identity and inform our marketing campaigns on social media and via email.
10. Cookies on our Website
Our website uses ’cookies’, when you visit a site which help us understand how you use our websites. Some of our cookies remain on your computer after you leave the website, others are deleted automatically when you close your browser and others expire after a given period. The following table provides a list of the cookies used on our website along with information about how long they will remain active for, and or how you can disable them manually. Please note Northumbria University does not control dissemination of 3rd party cookies you should check the relevant third party website for more information about these.
Strictly Necessary Cookies
These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.
This cookie is native to PHP applications. The cookie is used to store and identify a users' unique session ID for the purpose of managing user session on the website. The cookie is a session cookie and is deleted when all the browser windows are closed.
These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.
The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
This cookie is installed by Google Universal Analytics to restrain request rate and thus limit the collection of data on high traffic sites.
As with most web servers, our web servers automatically collect the following information:
- Requested URL (Uniform Resource Locator)
- IP (Internet Protocol) address (this may or may not identify a specific computer)
- Domain name from which you access the internet
- Referring URL
- Software (browser/operating system) used to access the page
11 How long personal data held by Northumbria University
Your data is held in compliance with Northumbria University’s retention schedule, which is published on our website.
We will keep your personal information for as long as you are a customer of Northumbria Sport. After you stop being a customer, we may keep your data for up to 6 years, or for 6 years after your 18th birthday where data is collected below that age) for one of these reasons:
• To respond to any questions or complaints.
• To show that we treated you fairly.
• To maintain records according to rules that apply to us.
We may keep your data for longer than if required to do so for legal reasons, or for limited research or statistical purposes for which it will be anonymised. If we do, we will make sure that your privacy is protected and only use it for those purposes.
11.Your Rights under GDPR
Under the GDPR, you have a number of rights in relation to the processing of your
personal information, each of which may apply to differing degrees’ dependent upon
the nature of the processing and the legal basis for it. You have the right to:
• Request that we stop sending you direct marketing communications.
In certain circumstances, you may also have the right to:
In some cases, there may be specific exemptions as to why we aren’t able to comply with some of the above. Where this is the case, we will explain the reasons why.
• For more information about any of the above please see the GDPR pages of our website.
• In order to exercise any of the above rights, please contact the Data Protection Officer (details below).
12. Data Protection Officer
The Data Protection Officer (DPO) for Northumbria University is Duncan James.
Contact the DPO if you would like to:
• Receive a copy of your data.
• Have any questions you feel have not been covered by this Privacy Notice
• Have any concerns about the processing of your data
• Wish to make a complaint about the processing of your data
You can email at firstname.lastname@example.org or call +44 (0)191 243 7357
13. Lodging a Complaint with the Information Commissioners Office (ICO)
If you are dissatisfied with our processing of your data, or a response to a complaint
you have made to us about it, you have the right to complain to the ICO.
Information Commissioner's Office
Telephone: 0303 123 1113 (local rate) or 01625 545 745
14. Changes to this privacy notice
We keep this privacy notice under regular review and will communicate any significant updates to you. This privacy notice was last updated in July 2022 and will be reviewed annually.