PRIVACY POLICY

Edgbaston Priory Club, Sir Harry’s Road, Edgbaston, B15 2UZ is a private members’ club offering tennis, squash, lifestyle, food, beverage and events facilities.

The privacy of your personal data is very important to us. The collection and processing of personal data by Edgbaston Priory Club is governed by the General Data Protection Regulation (the “GDPR”).

The Club complies with its obligations by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.

This privacy policy explains:

  • What constitutes ‘personal data’
  • Who we collect ‘personal data from
  • How we process personal data
  • Who we share your data with
  • What measures we take to keep your data private and secure
  • Your rights
  • Who to contact if you have any queries or concerns about any personal data we may store about you.

YOUR PERSONAL DATA – WHAT IS IT?

Personal data is any information which identifies you as a living individual. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession.

This may include name, address, phone numbers, email addresses, date of birth, gender, employment status, demographic information, personal descriptions, photographs, CCTV images, Membership numbers, usernames, passwords, attitudes and options.

We will only collect personal data that we need in order to fulfil our legal obligations, deliver services to you and enable us to tailor and enhance your experience of Edgbaston Priory Club.

WHO WE COLLECT PERSONAL DATA FROM

We collect personal data from:

  • Members
  • Juniors
  • Prospective Members
  • Visitors to the Club
  • Visitors to our website
  • People who make enquiries via telephone or our website
  • Employees
  • Self-employed coaches and trainers
  • Volunteers
  • Members of the public enrolled on our courses
  • Juniors enrolled on our courses and Kids Camp
  • Suppliers
  • Contractors
  • Stakeholders

We never sell personal data. We will only share it with organisations when necessary in order to fulfil our service to you and where the privacy and security of your data is assured. 

HOW DO WE PROCESS YOUR PERSONAL DATA

We will only process your ‘personal data’ for legitimate purposes, as set out in the General Data Protection Regulation (from 25 May 2018) and the UK Data Protection Act.

All ‘personal data’ supplied to us will be processed for the purpose outlined in a specific privacy notice at the time of collection and in accordance with any consent and preferences you express.

If asked by the police, or any other regulatory or government authority investigating suspected illegal activities, we may be obliged to provide them with your personal data.

Below are the main uses of personal data, dependent on your relationship with us and how you interact with various services and technology.

Members

When a new Member joins the Club, we collect the following information:

  • Personal details (Name, address, email address, telephone number)
  • Personal Identification such as a copy of your passport
  • Financial information (credit or debit card, direct debit mandate)
  • A picture of you to link to your Membership card
  • Your goals and reasons for joining the Club

This personal data is used to administer the new member joining process; maintain a record of your membership, process your membership subscription, enable you to book courts and classes, contact you regarding your participation in club teams, leagues and tournaments, contact you regarding your membership renewal and the Annual General Meeting and offer you the opportunity to provide feedback in satisfaction surveys.

In addition to the above, your activities and involvement with the Club will result in personal data being created such as:

  • How often you visit the Club collected via your membership card
  • Your usage of classes, courts and events
  • Courses you attend
  • Purchases you make in the Club Shop
  • Purchases in the Bar and Bistro

We want to ensure Members get the most out of their membership by keeping them up to date with the latest news, events, activities and services running at the Club.

We will seek Members consent about:

  • What they wish to hear about by asking them to select their preferences based on their interests
  • How they wish to be kept informed eg by post, email, text

If you agree to receiving marketing communications from us you are able to change your mind at any time by unsubscribing or by informing us by email or by phone.

However, if you do not opt in to receive marketing communications, you may not hear about events and offers that may be of interest to you.

We undertake research and analysis on all the data we collect in order to tailor our services and communication with you.

Juniors

Children under the age of 18 are considered Juniors and are linked to an adult parent/guardian who must be a Member. We hold the name, address and date of birth of the Junior to ensure their right to free admission up until the age of four. We do not send any marketing or communications to Juniors. Juniors may also only be enrolled on our court booking system with the permission of their parent/guardian.

Prospective Members

We ask permission to collect the following information from people who make enquiries about Membership:

  • Name and contact details so we can follow up enquiries
  • Reasons for joining so that we can tailor any tour to your interests
  • How you found out about us to improve our marketing
  • Reasons why you do not wish to join so that we can improve our services

We may also use automated communications with you dependent on your interests and consent.

Visitors to the Club

We collect the following information from Members’ guests who wish to come and enjoy our facilities:

  • Name, address and contact details do that we can monitor the amount of visits in 12 months in line with our Rules and Bye-Laws
  • Financial information (credit or debit card details) for payment to use the sporting facilities

Visitors to the Website

If you visit and interact with our website and Members’ area of the website we may collect information about you using cookies. Cookies are small text files stored on your device when you visit certain websites. Cookies will not give us access to your device, cannot harm your computer and cannot provide us with any personal data about you, other than the data you choose to share with us by completing forms on our website.

Non-personally identifiable information may include: the type of browser and operating system you are using, your IP address, your device identifiers, your Internet or wireless service provider, and location-based information, specific web pages, length of time spent, pages accessed and search terms used to find the website.

We use cookies to:

  • Personalise your experience of using the website, for example by remembering what stage you are at in completing a form or survey
  • Measure the performance of our website and marketing activity. We use Google Analytics to gather aggregate statistical information about the site to improve the user experience. We are not able to identify individual users with these cookies.
  • Ensure we deliver limited, relevant advertisements to prospective Members based on you visits to our website and your interests as expressed by your internet and social network use.

When you first visit our website, you will be asked whether you wish to accept our cookies. You can choose to accept or decline cookies and you can usually modify your browser setting to decline cookies if you prefer. However, this may prevent you from taking full advantage of the website.

If you wish to learn more about cookies go to www.allaboutcookies.org

You may find links to third party websites on our website. These websites should have their own privacy policies which you should check. We do not accept any responsibility or liability for their policies whatsoever as we have no control over them.

 

Employees and Self-employed Coaches and Trainers

In order to comply with our contractual, legal, and management obligations and responsibilities as a responsible employer, we process personal data, including ‘sensitive’ personal data, from job applicants, employees and our self-employed coaches and trainers.  This includes:

  • Data processed to meet our contractual responsibilities: payroll, bank account, postal address, sick pay; leave, maternity pay, pension and emergency contacts;.
  • Data processed to meet our legal responsibilities: tax, national insurance, statutory sick pay, statutory maternity pay, family leave, work permits, identification (passport) DBS checks, equal opportunities monitoring.
  • Data processed to meet our performance management responsibilities: recruitment and induction processes, training and development records, absence and disciplinary records

The Act defines ‘sensitive personal data’ as information about racial or ethnic origin, political opinions, religious beliefs or other similar beliefs, trade union membership, physical or mental health, sexual life, and criminal allegations, proceedings or convictions.

We will process data about an employee’s health where it is necessary, for example, to:

  • record absence from work due to sickness
  • to pay statutory sick pay
  • to make appropriate referrals to the Occupational Health Service;
  • to make any necessary arrangements or adjustments to the workplace in the case of disability.

This processing will not normally happen without the employee’s knowledge and, where necessary, consent.

Data about an employee’s criminal convictions will be held as necessary.

We may process data about, but not limited to, an employee’s racial and ethnic origin, their sexual orientation or their religious beliefs only where they have volunteered such data and only for the purpose of monitoring and upholding our equal opportunities policies and related provisions.

Volunteers and Work Experience

The Club uses volunteers from time to time to deliver its services to Members and the community. Personal data collected and processed from volunteers includes:

  • Personal details (Name, address, email address, telephone number)
  • Personal Identification such as a copy of your passport
  • Financial information (credit or debit card, direct debit mandate) to reimburse any expenses
  • References
  • Criminal record checks
  • Emergency contact details
  • Medical forms

Such information will be retained for legal and contractual reasons, to protect us in the event of a legal or insurance claim and for safeguarding purposes.

Members of the public enrolled on our courses

We will process the following information from individuals and Juniors who express an interest in and enrol on our courses:

  • Personal details (Name, address, email address, telephone number)
  • Financial information (credit or debit card, direct debit mandate)
  • Medical Information
  • Photograph for identification
  • Emergency contact details

Where the Club is teaching a qualification by a governing body such as the Royal Life Saving Society, we may share data in order to administer the qualification. Where this is the case, you will be informed at the point of registration.

We will seek consent to communicate with course participants regarding future courses, events and news. If you agree to receiving marketing communications from us you are able to change your mind at any time by unsubscribing or by informing us by email or by phone. However, if you do not opt in to receive marketing communications, you may not hear about events and offers that may be of interest to you.

Juniors enrolled on our courses and Kids Camp

We will process the following information of Juniors enrolled on our courses and Kids Camp:

  • Personal and financial data of the Junior’s Parent/Guardian (Name, address, email address, telephone number)
  • Name and date of birth of Junior
  • Photograph for identification purposes
  • Medical and dietary needs
  • Emergency contact details

Where the Club is teaching a qualification by a governing body such as the Lawn Tennis Association, England Squash or the Swimming Teachers Association, we may share personal data in order to administer the qualification. Where this is the case, you will be informed at the point of registration.

We will seek consent to communicate with course participants regarding future courses, events and special offers. If you agree to receiving marketing communications from us you are able to change your mind at any time by unsubscribing or by informing us by email or by phone. However, if you do not opt in to receive marketing communications, you may not hear about events and offers that may be of interest to you.

Suppliers, contractors and stakeholders

We will hold the following data about our suppliers, contractors and stakeholders

  • Personal details (Name, address, email address, telephone number) of the lead contact
  • Details of any contracts or agreements
  • Financial information where necessary in order to process and pay invoices

RESEARCH

We carry out regular research with Members, Staff, self-employed coaches and trainers, course participants and volunteers. We use the feedback to improve your experiences of Edgbaston Priory Club. This research is optional and is kept anonymous. If you choose to take part we will inform you of the data we will collect, why and how we’ll use it.

AUTOMATED PROFILING AND TARGETING

We are committed to using our resources in a responsible and cost-effective way. We use automated profiling and targeting in very limited ways. These include:

  • Automated emails to prospective new members, based on the preferences they choose when completing forms on our website. This ensures they receive relevant information
  • Using Google Analytics and third party cookies to collect information on the use of our website to improve the user experience, optimise our marketing activity and ensure the site is performing.
  • Collecting data from existing Members about their goals, interests and usage. The information collected is aggregated to create generic member personas or types. This information is used to ensure our resources are used efficiently to target and attract new members.

CCTV

The EPC uses CCTV equipment to provide a safer, more secure environment for members and staff and to prevent bullying, vandalism and theft. Essentially it is used for:

  • The prevention, investigation and detection of crime.
  • The apprehension and prosecution of offenders (including use of images as evidence in criminal proceedings).
  • Safeguarding public, members and staff safety.
  • Monitoring the security of the site.

The EPC does not use the CCTV system for covert monitoring.

Access to the CCTV recorded footage is limited to designated staff and other authorised personnel (including police) with a legitimate reason to view and/or otherwise use the captured footage, including the provision of evidence in support of prosecution of criminal or illegal behaviour. Authorisation to review any footage will be given to relevant parties on a case by case basis which will be determined at the discretion of the Chief Executive in accordance with applicable data protection legislation.

Live footage recording is automatically erased after two weeks. However, any footage recorded will not be stored for longer than 12 months.

Further details governing the use of CCTV may be found in our CCTV Policy.

PAYMENT CARD SECURITY

The Club has an active PCI-DSS compliance programme in place. This is the international standard for safe card payment processes. As part of our compliance to this very stringent standard, we ensure that our IT systems do not directly collect or store payment card information; for example the full 16 digit number on the front of the card or the security code on the back.

Our online payment solutions are carried out using a ‘payment gateway’ (e.g. Sagepay) which is a direct connection to a payment service provided by a bank. This means that when you input card data into the payment page, you are communicating directly with the bank and the bank passes your payment to us, this means that your payment card information is handled by the bank and not processed or held by us.

All staff must store, process and transmit payment card information in accordance with PCI DSS mandatory requirements. This standard applies to information held on paper as well as electronically and to transactions processed online and via a third party terminal.

SHARING YOUR PERSONAL DATA

Members

Your personal data will be treated as strictly confidential. We do not share your personal data to any third parties for commercial purposes. We only share your data with third parties in order to administer membership and provide services. This includes:

  • Courts and class bookings
  • Administration of the AGM process
  • To manage our email communication with you
  • To manage our text messaging service with you

When we do share data with third parties, we take measures to ensure they are compliant with GDPR and there are appropriate measures and controls in place to keep your data secure.

Employees, Self-Employed coaches and Trainers

In order to carry out our contractual and management responsibilities, we may, from time to time, need to share an employee’s personal data with one or more third parties:

  • A payroll & pension provider
  • HM Revenue & Customs
  • Disclosure and Barring Service

We never share ‘personal data’ to any other third party for commercial reasons and would only do so if we obtained your consent. 

KEEPING YOUR DATA SAFE AND SECURE

We undertake the following measures to ensure the personal data we hold is kept safe and secure:

  • We maintain an Information Asset Register which details the data, including personal data we hold, the staff responsible for obtaining consent, who has access, how access is secured and how long the data is retained.
  • Senior Managers are responsible for undertaking regular data audits and developing and implementing a set of data handling instructions to ensure their teams process and secure ‘personal data, in accordance with guidelines
  • Our IT Support supplier undertake regular audits and implement appropriate measures to minimise the risk of cyber attacks
  • All new staff receive mandatory training on the importance of data protection at their induction and regularly thereafter to reinforce their responsibilities.
  • We only use and retain your information for as long as it is required for the purpose it was collected for and in order to comply with statutory requirements. Our retention periods are set out in the Information Asset Register.
  • Once we no longer require your personal data, it will be deleted in accordance with the timeframes set out in the Club’s Data Retention, Archiving and Deletion Policy.

YOUR RIGHTS AND YOUR PERSONAL DATA

Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data:

  • The right to request a copy of your personal data which the Club holds about you;
  • The right to request that the Club corrects any personal data if it is found to be inaccurate or out of date;
  • The right to request your personal data is erased where it is no longer necessary for the Club to retain such data;
  • The right to withdraw your consent to processing at any time
  • The right to request that the data controller provide the data subject with his/her personal data and where possible, to transmit that data directly to another data controller, (known as the right to data portability),
  • The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
  • The right to object to the processing of personal data, (where applicable)
  • The right to lodge a complaint with the Information Commissioner’s Office.

If you would like further information on your rights, please write to the Marketing and Communications Manager, Julie O’Hare, at Edgbaston Priory Club, Sir Harry’s Road, Edgbaston, Birmingham, B15 2UZ or email reception@edgbastonpriory.com

SUBJECT ACCESS REQUESTS

If you would like to view the personal data the Club holds about you, you will be asked to complete a Subject Access Request Form to provide us with:

  • The personal information you wish to access
  • Where it is likely to be held
  • The date range of the information you wish to access
  • Information to confirm your identity

If we hold your personal data, we will give you a copy of the information together with an explanation of why we hold and use it.

Once we have all the information necessary to respond to your request we’ll provide your information to you within one month. This timeframe may be extended by up to two months if your request is particularly complex.

WHAT TO DO IF YOU’RE NOT HAPPY

In the first instance, please talk to us directly so we can try to resolve your issues. You also have the right to contact the Information Commissions Office (ICO) if you have any questions about Data Protection. You can contact them using their help line 0303 123 113, by post at Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF or at www.ico.org.uk

UPDATING THIS POLICY

If we wish to use your personal data for a new purpose, not covered by this Privacy Policy or any specific privacy statement issues to you when collecting and obtaining consent to hold your data, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.