Privacy and Data Protection
OCBC keeps personal information relating to its members to allow it to perform key tasks. Personal data is processed so that member expectations can be met, and legal obligations fulfilled. This data includes member contact information (phone and email addresses), medical records and other personal information required.
Personal data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. This data can be given by the person or their parent or guardian (for a child) or created within the club or come from outside sources.
Data Controllers are the individuals who control and are responsible for the keeping and use of personal information on computer or in structured manual files within the club.
Data Processors are processors of personal information data on the data controller’s behalf.
Data Protection Officer (DPO) is a nominated person who coordinates data protection and ensure that all data collected and stored complies with GDPR both historically (pre-25 May 2018) and current.
Protecting your Data
OCBC has filled a Data Protection Officer role within the club (firstname.lastname@example.org). The DPO has identified each personal data record the club retains in order to fulfil registration with Basketball Ireland, DLBB and DMBB and to allow the club to provide the services you use.
The DPO has identified who within the club controls and protects your data, how it is protected and who has access to that data (data processors).
The DPO has also identified each third party that has access to any of your personal data such as our payment provider (stripe.com) and our email service provider (sendgrid).
Your data will only be used for the purpose(s) you have agreed to. Should OCBC require this data be used for another purpose, your permission will be sought.
OCBC will never share your data with a third party without first getting your explicit consent.
The electronic data OCBC holds is held on encrypted hardware and is password protected where relevant. All website interaction is done using HTTPS to protect your data communications.
Hard copies of data is stored in locked cabinets.
Minimising the Personal Data we hold
OCBC only requests the minimal amount of data required for registration with Basketball Ireland, DMBB and DLBB.
You will be required to provide any medical information to manage any conditions or incident that may arise as part of club activities.
No credit card data you may enter for paying your fees online or online purchases are held by OCBC. Instead this is held by our payment provider, stripe.com, who have extensive protection measures in place to store this data.
How long will we hold your personal data?
OCBC will only hold your data for as long as is required as outlined by the DPO.
Membership fee data may be retained for a period of 5 years.
On leaving the club, you have the right to request that your data be destroyed by contacting email@example.com.
The legal age of digital consent is 13 in Ireland. This means that children over that age can give consent for their data to be processed, children under that age must get parental approval for data processing. The age of the child must be adequately verified first.
Right to your data
You have a right to request a copy of your personal data that is held by the club. This will be delivered to you within 1 calendar month and be free of charge.
You have a right to request that the club amend or erase any inaccuracies within this data. Requests for data access may be made to firstname.lastname@example.org.
OCBC uses sendgrid to send emails relating to invoices and website registration. Basic information (First Name and Email address) is shared with sendgrid to enable this to happen. See https://sendgrid.com/policies/privacy/ for clarification on how sendgrid protect this data.
OCBC uses stripe.com to process any online payments you make. You will interact directly with stripe when making payments and provide Credit Card data, your email address, your name and, if agreed, your phone number. OCBC does not have access to any of this data. See https://stripe.com/ie/privacy on how stripe protect this data.
Notification of Breaches
Should and data breach that impact on your data privacy occur, the Office of Data Protection Committee (ODPC) will be notified as will any individual affected by the breach within 72 hours of identification of the breach.