GDPR compliance for the Gloucestershire Squash Association (GSA) league system

Gloucestershire Squash Association takes data privacy very seriously with the following guiding principles:

  •   The absolute minimum of personal data is stored on the GSA system.

  •   Personal data that you don't want anyone else to have is stored encrypted in the database.

  •   Personal and sensitive data is not accessible to anyone other than the user themselves or admins apart from

    the contact details required for the box leagues which can only be seen by other box players.

  •   We only contact you with Gloucestershire Squash Association information and its associated Squash business.

  •   We do not pass your personal data to any party unrelated to the game of squash, other parties may include

    Squash Levels, England Squash, your Squash Club, County team managers and/or captain.

    Compliance with GDPR requires the following:

  1. We know what personal data we have, how it is stored and control it effectively.

  2. WS have strong security measures in place to protect personal data.

  3. We use an encrypted (https) connection with your browser.

  4. We store sensitive data encrypted.

  5. We have a filter on accesses to the site that can identify attacks and block them.

  6. We will tell you about any breach of your data - though as it's stored encrypted, the data could not be used

    outside of the Gloucestershire league system.

  7. You can find out what personal data we have for you - this is listed below.

  8. If your personal data is incorrect, we can correct it for you, or as a member you can access your own data.

  9. We can tell you what we do with your personal data. The answer is very little. We show your name and use

    your date of birth (not displayed) to calculate your age group. Nearly all the processing is done on your

    playing results, which is not personal data.

  10. We can tell you how long we will keep your data. The answer is for as long as we hold results for you. This

    leads to the point (11) below...

  11. You can ask us to remove your data from the system and be 'forgotten'. This unfortunately has side-effects

    for Squash Levels as all your opponents will notice their result are missing so we prefer the option below (12)

    which achieves the same goal but without the side-effects.

  12. You can ask us to withhold your data and be 'invisible'. Your data will still be on the system, but your name

    and results do not appear. However, No profile, No rankings. So, you cannot be found. Your opponent’s still

    have their results and level adjustments so their levels will still work.

  13. We can tell you who we share your sensitive and personal data with. The answer is no-one outside of Squash

    administration. Though your name, which is not specifically shared, is on open view within Squash levels along with everyone else's. Your name can be withheld on request as described above (12).

Personal Data

We do not keep detailed personal data. This is the full list of what you may have provided for us:

  1. Your name. This comes in with your results though you can change it and/or lock it, so it's not overridden. This is the one piece of personal data that is not hidden.

  2. Your email address if you register with us. We also hold your email address if you enter it as part of your contact details for the boxes.

  3. Your password. This is encrypted on your browser even before it is sent to the league system. The WS system never sees your password.

  4. Your phone number if you enter it as part of your contact details for the boxes.

  5. Your NGB ID (ES membership number).

  6. Your date of birth is stored encrypted and is only available to Admins, Squash levels and County Captains.

  7. Your IP address is recorded as part of the website usage tracking. Tracking data is kept for up to 30 days and

    is auto-deleted after that. There is a mapping between IP address and user name but only the system admin can access it. This is sometimes needed if your access becomes blocked in the event you trigger a 'robot behaviour' block.

Please Note: Your Squash results are not considered personal data. They are available in the public domain on other websites so there's little GSA can do to keep them private.

Consent:

There are two types of consent we will be asking for:

Users - that you are OK with our policy as defined above. If a user is not willing to give consent, then we will need to rescind their membership and remove their personal data.
Admins - that you agree to meet the same strict constraints in order to maintain the policy as defined above. If an admin is not willing to give consent, then we will need to rescind their admin privileges. They can still be a user.

The consent tick boxes will be available to tick preferences so please look for the box that is appropriate. You will need to act as the default will now be non-consent. We hope you are fine will all of this and tick all the necessary boxes. This is now necessary to comply with EU GDPR regulations.

Clubs and boxes using the ‘Club Locker’ system

There is a special case for clubs who run boxes electronically with a lap top or tablet. This is great as it replaces the old sheets on the notice board and brings your club into the 21st century. However, it does mean that personal contact details are still available. The old league sheets had the same problem, the benefit now is that only box members will have the password to attain the contact info.

It's possible to hide contact details (though that rather defeats the object), GSA recommend clubs to ask their players for their consent to use their details. The GSA admins are already covered by the consent which will be as described above.

Find out more about GDPR

WS is highly unlikely to be a target for political skulduggery so in any event, misuse of personal Squash info is improbable! More about GDPR see: https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the- general-data-protection-regulation-gdpr/