Northumbria Sport Privacy Policy

Data Category

Example

Biographical

Name, title, staff/student number

Contact Details

Addresses, telephone

numbers, email address etc.

Administrative

Enquiry and correspondence records, application records etc.

Financial

Banking or payment card details, national insurance, salary

deduction/payroll number

Special category

(“Sensitive”) Personal Data

Data concerning your health fitness and sporting/athletic

performance. (e.g. relevant disability, relevant health issues,

etc)

Security Data

Building entry, CCTV images, security incident reports

Third Party

Emergency contact information

Photos and video

Performance images and footage, sports participation, events etc

Article

Description

6(1)(a)

Data is required for the following activities, which have been identified as necessary “for the performance of our contract with you” or in the case of applicants, “in order to take steps prior to entering into a contract”.

• To respond to your enquiries, to receive and administer your application or registration, and to deal with any ongoing concerns or enquiries you have.

• To process payment of your membership or participation fees, and for the administration of renewals, including notification of upcoming membership expiry.

• To provide you with access to our events, facilities, services and activities.

• To provide you with operational information about the events, facilities, services and activities such as cancellation of sessions, closures or other relevant communications.

6(1)(b)

Data is also processed for the following activities, which have been identified as necessary “for us to comply with the law”:

• For monitoring compliance with and enforcement of relevant policies in relation to health and safety and security (prevention and detection of crime) - including the

use of CCTV, and safeguarding.

6(1)(c)

We may also process your personal data because it is necessary for our “legitimate interests or the legitimate interests of a third party”:

• To monitor and evaluate our performance and effectiveness

• To maintain and improve our facilities and the services available;

• To seek advice on our rights and obligations, such as where we require our own legal advice;

• To process the recovery of any money you owe to us.

• In relation the “establishment, exercise or defence of legal claims” or whenever courts are acting in their judicial capacity”.

6(1)(d)

Photography, video and social media

Photographs and video may be taken at our events and activities for use in communications, news and marketing materials including, but not limited to, our website and on social media channels, performance anaylsis and printed publicity. 

We will gain explicit written consent when:

• You are the sole subject of the photograph, and we are going to use your image in printed materials

You are participating in an activity where you expect a higher level of privacy. E.g., a swimming pool session or sports massage

We may use your image or video footage without explicit written consent when:

1. You are not the subject of the image, i.e., if it is a “group”/ “crowd” shot at an activity/event.
2. We are publishing the image for journalistic purposes e.g., a match report of a sports fixture.
3. You are participating in fixtures or training as part of a Northumbria Sports Club - This is outlined in the Terms & Conditions of the Club Membership and Scholarship contracts and in the Northumbria Sport Photography Policy.

Notifications will be put up in and around our facilities to inform you when such photography is taking place at events and activities. When we carry out specific photoshoot, written consent forms will be provided to all participants.

If you do not wish to be included in photography/video, you can highlight that to the photographer present or can ask for your digital image to be removed.

We may share fixture/competition images and video footage with partners and sponsors including organisations such as BUCS.

6(1)(e)

Video Analysis

Video footage may be taken of Sports Club members for performance analysis purposes as outlined in a scholarship contract or membership terms and conditions. Footage is stored securely on cloud-based software. On occasion, footage from video analysis cameras will be live streamed. In some cases, video footage will be shared on social media where applicable. Northumbria Sport will be using a variety of Spiideo and Veo cameras to capture this both have been approved by Northumbria University’s Legal Department.

6(1)(f)

Social media

We may use images/video on ‘live’ social media as outlined above including at events and fixtures. We will also publish post event images/videos on social media.

You have the right to object or restrict your image being taken or used. If you would like to exercise this right, please contact us as set out below.

9(2)(a)

Communications

All communication with you, including in relation to updates to this privacy notice, will, where possible be made via the preferred method of communication that you have registered with us.

We will contact you in relation to events and products that we believe are relevant to you based upon their similar nature to your engagement with us including: events, benefits and opportunities offered by us, or in relation to operational information (e.g. building closures etc).

If, at any stage, you are concerned about the content (e.g. unwanted marketing), frequency (too many) or method (change preference) of these communications, you can unsubscribe or update your preferences using the link which will be provided at the bottom of the relevant correspondence.

Should you unsubscribe from our marketing messages you will miss regular communications about our services and updates.

9(2)(c)

Personal Data may be shared with

From time to time, we may be required to share limited personal data with third parties

for specific purposes, including:

• Player registration with national governing bodies and leagues, for example BUCS, TASS etc

• With coaches, physiotherapists and other relevant sports or health care related partners where they are engaged as part of the delivery of our contract with you, for occupational health related purposes or with your explicit consent.

• With emergency services or your emergency contact where there is a vital interest.

• With the police or law enforcement agency if requested for the prevention or detection of crime.

• With your parent/guardian if you are between the ages of 5 – 11 (Kids Camps).

• The Health and Safety Executive.

• External auditors, insurance providers or appointed legal representation.

Any other disclosures that may be required but not listed above will be in accordance with your rights and the requirements of the GDPR.

9(2)(f)

Transfers to third party countries

Some of our IT services are hosted by organisations who may back up their data to locations based in third party countries. Where data is shared with third party countries, we ensure that these countries are either approved by the European Commission as having ‘adequate protection’ or we put in place ‘appropriate safeguards’ and contracts with these organisations, so as to maintain the security of the data and your rights under relevant Data Protection legislation.

There may also be limited sharing with organisation in third countries under specific events, for example Zambia Project.

9(2)(g)

How personal data is stored securely by Northumbria University

We have implemented appropriate physical, technical, and organisational security measures designed to secure your personal data against accidental loss and unauthorised access, use, alteration, or disclosure. In addition, we limit access to personal data to those employees, agents, contractors, and other third parties that have a legitimate business need for such access.

All of our employees, contractors and volunteers with access to personal data receive mandatory data protection training and have a contractual responsibility to maintain confidentiality and access to your data is restricted to those members of staff who have a requirement to access it.

We utilise many different storage solutions and IT systems, some of which are outsourced to third party providers. For example, email accounts are provided by the Microsoft Live@Edu service.

Where processing takes place with an external third party, processing takes place under an appropriate agreement outlining their responsibilities to ensure that processing is compliant with the Data Protection legislation and verified to be secure.

9(2)(h)

Automated individual decision making, including profiling

We may use ‘Profiling’ (where information about you is used to tailor goods or services based on your interests, movement or records of your activities) to identity and inform our marketing campaigns on social media and via email.