top of page

DATA PROTECTION POLICY

1. Introduction and legal context

1.1. Spirit Elite Cheer Squad (SE) collects, processes and stores information about its athletes, registered teachers, and hirers (referred to in this policy as Data Subjects) in order to operate its business and comply with the requirements of the Data Protection Act 1998 (DP Act).

1.2. The SE Data Protection Policy and Procedures is part of the SE’s overall Information Strategy.

1.3. The SE Data Protection procedures adopt and comply with the Data Protection Principles as set out in the DP Act which are that personal data shall:

    1. be processed fairly and lawfully and where it is clear to data subjects what SE is doing with their personal data.

    2. be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes;

    3. be adequate, relevant, and not excessive in relation to the purpose or purposes for which it is processed;

    4. be accurate and, where necessary, kept up to date;
    5. not be kept for longer than is necessary for that purpose or those purpose;

    6. be processed in accordance with the data subjects’ rights;

    7. have in place appropriate technical and organisational measures against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal information;

    8. not be transferred to a country or territory outside the EEA unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.

1.4. All employees who process or use personal information on behalf of SE must ensure that they follow these principles always.

1.5. To ensure that this happens, the SE staff has developed this Data Protection Policy and Procedures.

1 “Processed” refers to collecting, using, disclosing, retaining or disposing of personal data 2 “fairly” refers to being open and transparent 3 EEA refers to Austria, Belgium, Bulgaria, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Liechtenstein, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain and Sweden.

2. Scope

2.1. This policy and procedures will operate at SE and applies to all employees. The policy is based on UK legislation.

2.2. This policy and procedures applies to all personal data which is collected, processed and stored about data subjects.

3. Aims & Objectives


3.1. The key aims and objectives of this policy are to:

1. protect the rights of individuals by ensuring that all personal data held is used appropriately and lawfully.

2. ensure that all collection, processing, storage and sharing of personal data by SE complies with the eight data protection principles and key legislative requirements.

3. maintain the confidence of data subjects.

4. Responsibilities

4.1. Rebecca Carr the Head Coach of SE is the SE Data Controller and are responsible for the fair and legal processing of data.

4.2. They are responsible for handling the day to day matters related to the data held by their respective department(s).

4.3. It is the responsibility of the Data Controllers to ensure that the personal information is accurate and up to date, and then make any relevant changes. SE cannot be held responsible for errors, unless we have been informed of changes to data.

4.4. All employees and hirers are responsible for ensuring that any information that they provide to SE in connection with their employment/hiring is accurate and up to date and that the directors are informed of any changes via appropriate methods. SE cannot be held responsible for errors, unless we have been informed of changes to data.

4.5 Those employees who are responsible for collecting, processing, storing and sharing information about data subjects must comply with the DP Act, this Data Protection Policy and Procedures and the RAD Records Management Policy and Procedures.

5. Publication & implementation

5.1. The Data Protection Policy & Procedures is also available on the SE website for the general public, employees, freelance workers, students and customers.

6. Training

6.1. In addition to induction, SE employees are given relevant training in Data Protection procedures on a bi-annual basis (or more frequently if legislative or other changes require).

7. Policy Ownership & Review


7.1. This policy is owned by the SE Data Controller.

7.2. The SE has a Data Protection Committee and the effectiveness of this policy is the responsibility of that Committee

7.3. The Data Protection Policy & Procedures will be reviewed on a bi-annual basis (or more frequently if legislative or other changes require) by the Data Protection Committee.

8. Authority & signature ____________Rebecca Carr – Head Coach ____________________ 25/10/2017 review on 27/10/2018 

bottom of page