Privacy Policy

Welcome to Sport for Development Coalition’s (SFDC or the Coalition) privacy policy.

1) Definitions 

  1. Personal data means any information about an individual from which that person can be identified. It can be stored electronically or on paper and includes images and audio recordings as well as written information. 

  2. This privacy policy aims to give you information about how we, as an organisation, ensure we protect the rights and privacy of individuals, and comply with the law, when collecting, storing, using, amending, sharing, destroying or deleting personal data. 

2) Responsibility 

  1. Overall and final responsibility for data protection lies with the Board of SFDC, which is responsible for overseeing activities and ensuring this policy is upheld. 

  2. Sport and Recreation Alliance is a legal entity acting for and on behalf of SFDC. Where necessary, your personal data may be shared automatically with Sport and Recreation Alliance.

  3. All supporters are responsible for observing this policy, and related procedures, in all areas of their work for the group. 

3) Overall policy statement 

  1. SFDC needs to keep personal data about its committee, supporters, partners and supporters in order to carry out its activities. 

  2. We will collect, store, use, amend, share, destroy or delete personal data only in ways which protect people’s privacy and comply with the retained EU law version of the General Data Protection Regulation ((EU) 2016/679) (UK GDPR) and other relevant legislation. 

  3. We will only collect, store and use the minimum amount of data that we need for clear purposes, and will not collect, store or use data we do not need. 

  4. We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows: (i) Identity Data includes names, gender, age, racial or ethnic origins and health data; (ii) Contact Data includes email address, postcode, telephone number; (iii) Organisational Data includes details of organisation to which you are affiliated and the length of time to which you have been connected with the organisation; (iv) Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website; and (v) Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences. 

  5. We will only collect, store and use data for: (i) purposes for which the individual and/or supporter organisation has given explicit consent, or (ii) purposes that are in our organisation’s legitimate interests, or (iii) contracts with the individual whose data it is, or (iv) to comply with legal obligations, or (v) to protect someone’s life, or (vi) to perform public tasks. Our legitimate interests mean the interest of the organisation in conducting and managing the organisation to better understand, develop and advocate for sport for development and to enable us to give you the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests.  

  6. We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.  

  7. Under certain circumstances, you have rights under data protection laws in relation your personal data. You have the following rights: (i) Request access: we will provide individuals with details of the data we have about them when requested by the relevant individual (subject access request). We will respond to all subject access request and other requests within one month. (ii) Request correction: we will correct any incomplete or inaccurate data we hold about an individual. (iv) Request erasure: we will delete or remove your personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data from our records. (v) Object to processing: you have the right to object to processing of your data where we rely on our legitimate interests and it impeaches your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. (vi) Request restriction: you may ask us to suspend the processing of your personal data in certain circumstances. (vii) Request the transfer: you may ask for the transfer of your personal data to a third party. (viii) Withdraw consent at any time: where we are relying on consent, you can withdraw your consent at any time. (ix) Right to complain: you have the right to complain to the Information Commissioner’s Office (ICO) for any breach of your rights by us and other organisations.  

  8. We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for. We may retain your personal data for a longer period where we need to keep it for legal reasons. 

  9. We will endeavour to keep personal data up-to-date and accurate. 

  10. We will store personal data securely.  

  11. We will keep clear records of the purposes of collecting and holding specific data, to ensure it is only used for these purposes. 

  12. We will not share personal data with third parties without the explicit consent of the relevant individual, unless legally required to do so. Where we share your personal data with third party, we require all third party to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our data sharing agreement.  

  13. We will endeavour not to have data breaches. In the event of a data breach, we will endeavour to rectify the breach by getting any lost or shared data back. We will evaluate our processes and understand how to avoid it happening again. Serious data breaches which may risk someone’s personal rights or freedoms will be reported to the Information Commissioner’s Office within 72 hours, and to the individual concerned. 

  14. To uphold this policy, we will maintain a set of data protection procedures for our committee and employees to follow. 

4) Review 

  • This policy will be reviewed every two years.

Data protection procedures 

1) Introduction 

  1. SFDC has a data protection policy which is reviewed regularly. In order to help us uphold the policy, we have created the following procedures which outline ways in which we collect, store, use, amend, share, destroy and delete personal data.

  2. Sport and Recreation Alliance is a legal entity acting for and on behalf of SFDC. Where necessary, your personal data may be shared automatically with Sport and Recreation Alliance.

  3. These procedures cover the main, regular ways we collect and use personal data. We may from time to time collect and use data in ways not covered here. In these cases we will ensure our Data Protection Policy is upheld. 

2) General procedures 

  1. Data will be stored securely. When it is stored electronically, it will be kept in password protected files. When it is stored online in a third party website (e.g. Google Drive) we will ensure the third party comply with the UK GDPR. When it is stored on paper it will be filed carefully in a locked filing cabinet. 

  2. When we no longer need data, or when someone has asked for their data to be deleted, it will be deleted securely. We will ensure that data is permanently deleted from computers, and that paper data is shredded. 

  3. We will keep records of consent given for us to collect, use and store data. These records will be stored securely. 

3) Mailing list 

  1. We will maintain a mailing list. This will include the names and contact details of people who wish to receive updates and information from SFDC. 

  2. When people sign up to the list, we will explain how their details will be used, how they will be stored, and that they may ask to be removed from the list at any time. We will ask them to give consent to receive updates and information and will only send them messages which they have expressly consented to receive through signing up. 

  3. We will not use the mailing list in any way that the individuals on it have not explicitly consented to. 

  4. You can ask us to remove you from our mailing list at any time. We will provide information about how to be removed from the list with every mailing. 

  5. We may use mailing list providers who store data within the EU. Whenever we transfer your personal data outside of the UK, we will ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented: (i) we will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data; or (ii) we may use specific contracts approved for us in the UK which gives personal data the same protection it has in the UK.  

4) Contacting supporters 

  1. We will maintain a list of contact details of our supporters.  

  2. People will be removed from the list if they have ceased to be a supporter of SFDC. 

  3. When contacting people on this list, we will provide a privacy notice which explains why we have their information, what we are using it for, how long we will keep it, and that they can ask to have it deleted or amended at any time by contacting us. 

  4. To allow supporters to work together, it is sometimes necessary to share individual’s contact details at a given supporter organisation with other individuals within the organisation or wider Coalition. We will only do this with explicit consent in accordance with our data sharing agreement. 

5) Contacting individual supporters 

  1. The board and working groups who govern the Coalition and deliver our collective action need to be in contact with one another in order to run the organisation effectively and ensure its legal obligations are met. 

  2. Board and working group contact details will be shared among the board or working group. 

  3. The board or working groups will not share each other’s contact details with anyone outside of their group, or use them for anything other than SFDC’s business, without explicit consent.

6) Review 

  • These procedures will be reviewed every two years.