Our Privacy promise
We will always tell you what data we’re collecting about you and how we use it. We will be clear, open and honest with you. We will never sell your data. We will only share it with third parties with your specific consent.
We are committed to following industry best practices to ensure your data is stored safely and securely. We protect the confidentiality, accuracy and availability of the information we collect about you.
We will always give you control over the communications you receive from us. You can choose the communication subjects you receive and whether you want to stop receiving communications
Information we collect about you
- Personal and contact information when you send us affiliation details (clubs & schools), enter a competition, sign up for an event/service or play/train in Somerset Cricket Board organised activities. This may include your (and your dependants) name, postal address, email address, telephone number(s), title, date of birth, gender and medical information.
- Copies of documents you provide to adhere to our safeguarding policies regarding working with children and vulnerable adults.
- Transaction details (not payment card details) including payments from you for Somerset Cricket Board activities.
- If we need to make a payment to you we will also collect your bank account information in order to make BACS payments via online banking
How and why we use your personal data
Below we set out all of the ways we use your personal data, and why. We have also identified what our legitimate interests are for doing so. If we plan to use personal data for a new purpose, we will check that this is compatible with our original purpose or we will get specific consent for the new purpose.
When we store data, reasonable measures are taken to protect personal information from access by unauthorised persons. This information will be stored, archived and backed up as part of internal systems which are hosted by cloud service providers. Files containing personal data will be protected by passwords.
In order to maintain the accuracy and relevancy of information, we perform checks every 12 months and this may include making contact with the subjects of the data to check details.
How long we keep your personal data
We will only keep your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
At the end of that retention period, your data will either be deleted or anonymised (so that it can no longer be associated with you) for research or statistical purposes.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances you may be entitled to ask us to delete your data: see ‘Your Rights’ below for further information.
Your personal information is owned by you. If you have any questions or issues with the way in which we are using your data you have the following rights:
- You can ask to see what data we hold on you (right of access)
- You can ask for information to be corrected
- You can ask to receive a copy of the data we hold on you (right to portability)
- You can ask us to delete any information we have about you (right to be forgotten)
- You can object to the way in which we use your information
- You can complain to the supervisory authority
If you wish to enact any of these rights then you can do so by emailing our Data Protection Officer at firstname.lastname@example.org. You also have the right to contact the Information Commissioner’s Office.
Where else does data go?
As a principle we do not share any of the personal information that we hold to those who don’t need it for essential management of our programmes and events. Such essential programmes and events are detailed below. However in the course of running our business some additional data does get transferred outside of our organisation:
- When we run programmes and events where we have a duty of care to the attendees/players, we need to pass on sensitive personal data to those managing the programmes and events on the day. This data will be stored and transferred (if necessary) in the safest practical way possible to enable us to continue to run such events and programmes. Events and programmes include coaching sessions, matches, festivals, awards dinners/lunches and Come and Try sessions.
- You may enter details in to third party systems such as PayPal, ClubPay and Cvent for payment purposes. This payment information is not shared with us and we cannot be held accountable for any data losses / breaches which occur within their systems.
- We use ECB’s play-cricket.com to collect and store club contact information. Any leagues or competitions that your club enter who also use play-cricket.com will also be able to access your date. These leagues and competitions should provide you with their GDPR policies at the point of data entry.
- We will occasionally use Cvent as a registration method for events.
- We will occasionally use Office 365 Forms and other online website forms to collect information from you.
- We use Google analytics for the purposes of website analytics and reporting in respect of our analytics and marketing.
Use of our website
Our website uses the cookie provided by Google Analytics to track visitors on our site. You can set your browser not to accept cookies however this may affect operation of the site. Our website contains links to other websites or social media platforms and they have their own privacy policies and terms and conditions, which you should read.
Data Protection Officer,
Somerset Cricket Foundation,
The Cooper Associates County Ground,
St James Street,