Who we are
Our website address is: http://dev.cricketleaders.org.uk.
What personal data we collect and why we collect it
We collect, store, and process the following personal information about you and your child
- your child’s gender.
- your child’s age/date of birth.
- Your child’s school
- your home address, email address and phone number.
- where you make purchases from us (all through our 3rd party agents);
- your marketing preferences, including any consents you have given us.
- how you have reached our digital platforms and the internet protocol (IP) address you have used; (ClubPay Ltd only)
- your subscription or membership status.
- information collected in any forms you complete.
- images in video and/or photographic form and voice recordings; (all with your consent)
Most of the personal information we process is provided to us directly by you for one of the following reasons:
- To process membership data
- For medical emergencies
- For safeguarding purposes
We use the information that you have given us in order to:
- register your child onto our young leaders in cricket programme
- To arrange suitable training events
- To provide our Tutors with the necessary emergency contact details for your child
We may share this information with our other IT providers, by registering for the programme, you are agreeing for this to take place.
Data Protection: The Club/School/District will use the information provided on this form (together with the other information it obtains about the player) (together “information”) to administer his/ her cricketing activity at the Club/School/District and in any activities in which he/she participates through the Club/School/District and to care for and supervise activities in which he/she is involved.
In some cases, this may require the Club/School/District to disclose this information to County Boards, Leagues and to the England and Wales Cricket Board. In the event of a medical issue or child protection issue arising, the Club/School/District may disclose certain information to doctors or other medical specialists and/or to police, children’s social care, the Courts and/or probation officers and, potentially to legal and other advisors involved in an investigation.
The England and Wales Cricket Board (ECB) may use the information together with other information held about you including education and history as a cricket official and/or as a member of the cricketing community (together information) to:
– Administer membership of ECB ACO including keeping your affiliated County ACO informed of your membership status
– Administer your attendance and completion of courses
– Administer your benefits to ensure you get the most from your membership
The ECB will hold your information in a database which may be searched by County ACO’s/Boards each of which may use it to:
– Verify your qualification and qualification criteria
– Provide pre and post course administration
For the full ECB privacy notice, please click the link below
ECB Privacy Notice
Comments
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.
Media
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
Contact forms
Cookies
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.
Analytics
Who we share your data with
We use a number of partners who require a limited amount of your
information to process, either your registration or to purchase merchandise.
Those providers will retain the information you give for purely those
purposes.
Google Sheets to process volunteering hours.
NXT SPORTS* to enable you to purchase from their online shop
Spond Ltd* to register you onto their App
ClubPay Ltd* to register for the programme
How long we retain your data
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
What rights you have over your data
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
Where we send your data
Visitor comments may be checked through an automated spam detection service.
Your contact information
Additional information
How we protect your data
Your information is securely stored in a password and encrypted database.
We keep the information we have collected from you for 3 (three) years from the
registration date. We will then dispose your information by cleaning any personal identifier
information and then removing the data from our servers.
What data breach procedures we have in place
Data Protection Policy
Glossary of terms:
In this policy, the following words and phrases have the following meanings:
Personal data Any information relating to a natural person (the “Data Subject”) who may
be identified directly or indirectly from that information
Sensitive data A special category of personal data relating to a data subject’s racial or
ethnic origin, their politics, their religious beliefs, their physical or mental
health, their sexual orientation, or their trade union affiliation
Data Controller The organisation which collects and determines the use of personal data
Processing Any operation performed on personal data such as collection, storage,
retrieval, transfer or transmission, dissemination, deletion/destruction, or
adaption and alteration
Consent The consent of a data subject means any freely given, specific, informed and
unambiguous indication by statement or clear affirmative action, signifying
agreement to the processing of their personal data
Data breach A breach of security leading to the accidental or unlawful destruction, loss,
alteration, unauthorised disclosure of or access to personal data
Introduction
Cricket Leaders CIC (Cricket Leaders) which for the purposes of this document includes the delivery
referred to as The Young Leaders in Cricket Programme (YLIC), has a legal obligation to comply with
all appropriate data protection legislation, primarily the EU General Data Protection Regulation
(GDPR), but also such legislation as the Privacy and Electronic Communications Regulations (PECR).
Cricket Leaders also has a duty to comply with guidance issued by the Department of Health, the
NHS executive, NHS Information Authority, Information Commissioner’s Office, and other relevant
advisory groups.
Cricket Leaders needs to collect and use certain types of information about Individuals or Service
Users (“data subjects”) who come into contact with Cricket Leaders, in order to carry out its
functions. This personal information will be collected and dealt with appropriately whether
collected on paper, stored in a computer database, or recorded on other material, and there are
safeguards to ensure this in the GDPR.
Cricket Leaders is the Data Controller as defined by the GDPR, which means that it determines what
purposes personal information held will be used for. It is also responsible for notifying the
Information Commissioner of the data it holds or is likely to hold, and the general purposes that this
data will be used for.
Cricket Leaders may need to share data with other agencies such as, but not necessarily limited
to, a local authority, regulated health service providers, police, Inland Revenue and other
Government bodies.
Data Protection Principles
The Individual/Service User will be made aware in most circumstances how and with whom their
information will be shared. However, there are circumstances where the law allows disclosure of
personal data (including sensitive data) without the data subject’s consent.
These are:
- Carrying out a legal duty or as authorised by the Secretary of State
- Protecting the vital interests of an Individual/Service User or other person
- The Individual/Service User has already made the information public
- Conducting any legal proceedings, obtaining legal advice or defending any legal rights
- Monitoring for equal opportunities purposes – e.g. gender,race, disability or religion
- Providing a confidential service where the Individual/Service User’s consent cannot be
obtained or where it is reasonable to proceed without consent: e.g. where we would wish to
avoid forcing stressed or ill Individuals/Service Users to provide consent signatures
Cricket Leaders intends to ensure that personal data is treated lawfully and correctly. To this end it
will adhere to the principles of the GDPR. Specifically, the GDPR requires that personal information: - Shall be processed fairly and lawfully and, in particular, shall not be processed unless specific
conditions are met - Shall be obtained only for one or more of the purposes specified in the GDPR, and shall not
be processed in any manner incompatible with those purposes - Shall be adequate, relevant and not excessive in relation to those purposes
- Shall be accurate and, where possible, kept up to date
- Shall not be kept for longer than is necessary
- Shall be processed in accordance with the rights of data subjects under the GDPR
- Shall be kept secure by the Data Controller who takes appropriate technical and other
measures to prevent the unauthorised or unlawful processing or accidental loss or
destruction of, or damage to, personal information - Shall not be transferred to a country or territory outside European Economic Area unless
that country or territory ensures an adequate and approved level of protection for the rights
and freedoms of Individuals/Service Users in relation to the processing of personal
information - Any data used for non-operational analysis purposes will be fully anonymised
Cricket Leaders will, through appropriate management and strict application of criteria and controls: - Observe fully conditions regarding the fair collection and use of information
- Meet its legal obligations to specify the purposes for which information is used
- Collect and process appropriate information, and only to the extent that it is needed to fulfill
its operational needs or to comply with any legal requirements - Ensure the quality of information used
- Ensure that the rights of people about whom information is held, can be fully exercised
under the GDPR. These include:
o The right to be informed that processing is being undertaken
o The right of access to one’s personal information
o The right to prevent processing in certain circumstances
o The right to correct, rectify, block or erase information which is regarded as wrong
or inaccurate information - Take appropriate technical and organisational security measures to safeguard personal
information - Ensure that personal information is not transferred abroad without suitable safeguards
- Treat people justly and fairly whatever their age, religion, disability, gender, sexual
orientation or ethnicity when dealing with requests for information
When collecting data Cricket Leaders will ensure that the Individual/Service User: - Clearly understands why the information is needed
- Understands what it will be used for
- Understands what the consequences are should they decide not to give consent
to processing - Grants explicit consent, either written or verbal, for data to be processed
- Has given consent freely
Cricket Leaders will ensure that: - It has a Data Protection Officer with specific responsibility for ensuring compliance with all
data protection legislation and guidelines - Everyone handling or coming into contact with personal information understands that
they are contractually responsible for following good data protection practice - Everyone handling personal information is appropriately trained and supervised
- It will regularly review and audit the ways it holds, manages and uses personal
information - It makes all personnel aware that a breach of the rules and procedures identified in this
policy may lead to disciplinary action being taken against them
Data Storage
Information and records relating to all data subjects will be stored securely and will only be
accessible by authorised personnel for the performance of their specified roles.
Information will be stored for only as long as it is needed, is relevant, or as required by statute, and
will be disposed of appropriately (e.g. un-recoverable deletion of digital data; shredding of paper
documents)
Right of Access
All Individuals/Service Users have the right to know what information Cricket Leaders holds about
them. In accordance with the GDPR, Cricket Leaders will respond to a Subject Access Request (SAR)
within 1 calendar month, or if the request is particularly complex will advise the requester of the
extended timescale. Cricket Leaders will make no charge for responding to an SAR unless the
request is complex, frivolous, or a repeat. Any charge will be sufficient to cover Cricket Leaders’s
direct cost of handling the request.
Right to be forgotten
All Individuals/Service users have the right to have their data deleted/destroyed, the “Right
To Be Forgotten” (RTBF). Cricket Leaders will comply with an RTBF request without undue
delay unless the data is being retained for statutory purposes or where Cricket Leaders can
demonstrate that retention is necessary within the provisions of the GDPR (e.g. for the
establishment, exercise, or defence of a civil claim).
3
rd
- party data sharing
Cricket Leaders will not, without the explicit consent of the data subject, share personal data
with any 3rd-party unless the sharing is strictly for the performance of Cricket Leaders’s
operational functions (e.g. outsourcing of business functions); unless the sharing is required
by law or statute; or otherwise legitimate without consent as set down in the GDPR.
Breach reporting
In the event of a serious data breach Cricket Leaders will:
- Notify the Information Commissioner’s Office (ICO) of a reportable data breach within
the mandatory 72 hours of any personnel becoming aware of the breach - Will notify without undue delay all data subjects who have been, or could potentially be,
adversely affected by the breach