1. Introduction

Accrington Wildcats ARLFC collects and uses personal information about members, players, parents, and volunteers. We are committed to protecting this data in line with the Data Protection Act 2018 and the General Data Protection Regulation (GDPR).

2. What Data We Collect

We collect the necessary data to manage the club and ensure player safety, including:

• Identity: Names, Dates of Birth, Gender.
• Contact: Addresses, Email Addresses, Phone Numbers.
• Medical (Special Category Data): Medical conditions, allergies, and medication requirements relevant to playing Rugby League.
• Vetting: DBS Check status for volunteers.
• Media: Photographs and videos (where consent is given).

3. How We Store Data

We do not rely on unsecured paper records. Our data is stored across three secure, password-protected systems:

1. RFL GameDay

The primary database for player registration. Access is restricted to authorised officers (Secretary, Welfare Officer) and relevant Team Managers.

2. Secure Cloud Storage (Google Drive)

The Club uses a secure, restricted-access Google Drive for administrative documents (e.g., Committee meeting minutes, subs trackers, accident logs).

• Access Control: Access to specific folders is granted strictly on a “Need to Know” basis (e.g., Team Managers can access their own team’s sheets, but not the whole club’s).
• Two-Factor Authentication (2FA) is recommended for all Committee accounts accessing this drive.

3. Mailchimp (Marketing & Newsletters)

Member email addresses are stored in Mailchimp for the purpose of sending Club newsletters and announcements. Mailchimp is a US-based provider that complies with UK data transfer standards.

4. How We Use Data & Communication

4.1 General Administration

We use data to register players with the RFL, process fees, and ensure safety (e.g., sharing medical info with paramedics).

4.2 Team Logistics (WhatsApp)

The Club uses WhatsApp for essential team logistics (kick-off times, venue changes, cancellations).

• Data Visibility: Members acknowledge that by joining a WhatsApp group, their mobile number will be visible to other members of that group.
• Consent: Participation in WhatsApp groups is voluntary. Any member who wishes to leave a group may do so at any time, provided they arrange an alternative method for receiving match-day information (e.g., checking the website).
• Conduct: These groups are subject to the Club’s Social Media Policy.

4.3 Digital Marketing (Mailchimp)

We use email newsletters to keep members informed about events, fundraisers, and club news.

Opt-In/Out: You have the right to unsubscribe from marketing emails at any time by clicking the “Unsubscribe” link at the bottom of any Mailchimp email. This will not affect your receipt of essential operational emails (e.g., regarding your registration or safety).

5. Who We Share Data With

We do not sell data to third parties. We share data only with:

• The RFL & Leagues: For registration and eligibility.
• Medical Services: In emergencies.
• Data Processors: Trusted third-party tools we use to run the club, specifically Google (Storage) and Mailchimp (Email Marketing). We ensure these providers have robust security measures in place.

6. Data Retention

• Membership Data: Kept for the duration of membership.
• Financial Records: Kept for 6 years (HMRC requirement).
• Accident Records: Kept for 21 years (children) or 3 years (adults).
• Google Drive/Mailchimp Archives: Digital records of former members will be archived or deleted annually post-season, unless required for historical records.

7. Your Rights

Under GDPR, members have the right to:

1. Access: Request a copy of the data we hold on them.
2. Rectification: Update incorrect information.
3. Erasure: Request to be “forgotten” (subject to legal/insurance retention rules).
4. Withdraw Consent: Specifically for marketing emails (Mailchimp) or WhatsApp inclusion.

8. Data Breaches