At England Squash, we take the protection of data seriously and are dedicated in ensuring that we comply with all of our legal obligations. We are also committed to supporting those who work with us to ensure that they are aware of their own obligations to how best to achieve compliance.
We've recently reviewed our data protection policies, procedures and guidance and, with the help of data protection experts, have updated all of our privacy notices, policy documents, data collection notices and data sharing agreements. This means that at various points on this site, you might be asked to update your data or agree to various terms and conditions when accessing our data.
As well as giving you full details of our own data protection policies and processes, this page includes brief guidance and resources to help our partners, including clubs/venues and county associations understand their obligations and comply with the relevant regulations and legislation.
Our data protection and privacy notices
We also now have agreements in place for any organisations (mainly clubs and county associations) and individuals who access England Squash personal data. Once these agreements are signed with the relevant parties, it means that more of our data can be shared with the organisations that need it to help England Squash to administer the sport.
- Data Sharing Agreement for clubs sharing personal data with England Squash
- Data Processing Agreement for county associations accessing England Squash's personal data
- Data Processing Agreement for tournament organisers
- Data Processing Agreement for Programme Leaders
- England Squash website terms and conditions
On 25 May 2018 the General Data Protection Regulation (GDPR), a new EU regulation covering the use of data protection came into force. GDPR sets out legal guidelines for the collection and processing of personal information and replaces the Data Protection Act 1998.
To assist the sport sector in dealing with the implementation of GDPR, the Sport and Recreation Alliance have been commissioned by Sport England to produce a GDPR toolkit. This includes helpful information, resources and templates (including guidance notes) to assist sports organisations to ensure they are compliant, and these are categorised to be relevant for organisations of different size. We recommend that all clubs and county associations access the relevant 'club' and 'regional' sections of the toolkit to ensure that they are compliant.
- Sport and Recreation Alliance GDPR Toolkit
- GDPR advice from the Information Commissioner's Office (ICO)
COVID-19 Test and Trace
The Government is asking providers of grassroots sport and gym/leisure facilities to keep a record of customer and visitor information, for a limited time period, for the purposes of a COVID-19 contact tracing scheme (known as Test and Trace). On 18 September 2020, this became a mandatory requirement for all sport and leisure venues.
We therefore advise all clubs and venues to familiarise themselves with the advice provided by the Information Commissioner's Office (ICO) when collecting or handling data for this purpose. We also advise clubs and venues to review the Government advice regarding data collection for Test and Trace.
Clubs/venues collecting data for Test and Trace will need to be aware that:
- A record of all visitors to the premises will need to be kept (including staff and volunteers). Clubs/venues should choose the data collection method most appropriate for their needs (considering the protection of individuals' personal data and the risk of transmission through physical contact), but we have provided a template contact register which can be adapted to club/venue needs. A record of ALL visitors is required, so data from automated access systems may be insufficient.
- Data should only be retained for as long as it is needed and can ONLY be used for the purposes for which it is collected (i.e. contact tracing). Government advice suggests a data retention period of 21 days (to cover a 14 day COVID-19 incubation period plus an additional 7 days to allow time for testing and tracing). Once this period has elapsed, data should be securely destroyed.
- Since personal data is being collected/processed for a new purpose, and the basis for this processing will be of 'Legitimate Interest', clubs/venues will need to carry out a Legitimate Interest Assessment (LIA). We have provided the ICO's template LIA which also includes guidance on how to complete each section.
- Data subjects will need to be informed of the new purpose for holding and/or processing their data. This applies even if no new personal data are collected. Clubs/venues may choose to either update their main privacy notice, or implement an additional privacy notice for this purpose - we have provided a template privacy notice for contact tracing.
- Individuals have the right to choose to opt out of taking part in Test and Trace. This means that you must provide the opportunity for players/visitors to opt out, and clearly communicate how individuals can do this.
We have also produced templates of some of the key documents clubs/venues participating in data collection or handling data for contact tracing will need to complete.
Guidance for affiliated clubs and county associations
Clubs and county associations are vital to delivering Squash on a daily basis at venues around the country. Of course, in order to run your organisation and deliver events, competitions and other sessions that contribute to the sport, you need to handle some personal data about players, volunteers, parents and spectators. Our aim at England Squash is not only to help make you aware of what your obligations are, but to help you understand how you can ensure that your activities are fully compliant with all the relevant regulations.
In order to help you with this, we have developed a simple guide to provide relevant information for clubs and counties.
As outlined in the guide, a good starting point to ensure compliance is to understand the seven data protection principles. These are:
- Lawfulness, transparency and fairness
- Purpose Limitation
- Data Minimisation
- Storage Limitation
- Integrity and Confidentiality
There are a number of areas in which data protection regulations apply. Some of the key ones for clubs and county associations are:
Collecting, storing and sharing data
This is perhaps the most obvious area, and one that affects almost all clubs and county associations. It is important to understand not only what data you collect and why you collect it, but how this data should be shared - whether amongst volunteers or employees within your organisation or with others. In addition, you will need to understand how you should securely store personal data once it has been collected, and how long it should be kept for.
All this might sound intimidating, but it doesn't need to be - the England Squash guidance should be a helpful starting point for your organisation to understand what it needs to do!
Sharing data with England Squash
Sharing data with England Squash should only be done under the same conditions as anyone else - you will need to ensure that you have the permission of the data subject before you share their data with any other organisation. This includes using the England Squash website to share details of your members with us.
This is very important as you will need to confirm that you have the member's permission to share their personal data with us before you can add their details to your members list on englandsquash.com. However, to help you out we have created a sample membership form which enables you to collect the appropriate permission from your members. This membership form forms part of a range of Club Membership Resources which you will find helpful in managing your club's England Squash affiliation.
Accessing data on englandsquash.com
In order to access data collected by England Squash on englandsquash.com via your club or county admin dashboard, you will need to opt-into a Data Sharing Agreement (for clubs) or Data Processing Agreement (for counties and others accesing our data). This is a legal requirement we have implemented to ensure that you understand your obligations when dealing with England Squash data. The key point to note is that it ensures that clubs and county associations are aware of the reason they have been given access to the data - to administer squash activities on England Squash's behalf. The aim is also to ensure that you understand the permissions that England Squash have from its data subjects - in other words the data should not be downloaded and used for marketing purposes by any clubs or county associations.
In addition to the England Squash guidance, we have provided a number of other external resources below, which you should find useful.
You may also find the Club Membership Resources helpful too. These are available to all englandsquash.com club admins (log in required), and along with full guidance on how to adminster your club's England Squash affiliation, include useful resources such as the sample membership application form.
In this section you will find an overview of some useful resources to help your organisation with data protection
- England Squash Guidance for Clubs and County Associations
- England Squash Membership Pack (for clubs) | Log-in required
- Sample Club Membership Application Form
- Sport and Recreation Alliance GDPR Toolkit
- ICO Homepage
- ICO Guide to Data Protection
- ICO Guide to the GDPR
- ICO YouTube Channel
- ICO Training Videos
- ICO Guidance on collecting data for contact tracing
- GOV.UK Guidelines for collecting data for Test and Trace
- COVID-19: Template privacy notice for clubs and venues (for contact tracing)
- COVID-19: Template Legitimate Interest Assessment (for contact tracing)
- COVID-19: Template contact register