Update October 2018
|Approval authority||Responsible committee||Approval date||Revision date(s)||Related policies|
|IWAS Executive Board||IWAS Legal and Ethics||For annual review||IWAS Vision and Mission|
IWAS is an Incorporated “not for profit” Charity registered in England and Wales and complies with the European General Data Protection Regulation (GDPR). As such we are exempt from registering with the UK Information Commissioners Office (2019-03-01)
IWAS is committed to protect information and privacy. This policy statement is made to comply with best practice regarding Data Protection and to inform on IWAS’s data processing practices which will govern the processing of personal data.
As a membership organisation, IWAS also expects and encourages all Member Organisations, Local Organising Committees and other organisations who conduct activity on behalf of IWAS to comply with the relevant local legislation and good practice in their area.
2 How does IWAS collect information?
IWAS will obtain personal information in several ways. This might include:
- when registering as a member organisation representative
- when applying for athlete classification
- when entering an event, competition, conference or meeting
- when elected to or applying for, an official position within the organisation
- when making a donation, general enquiry or complaint
- when participating in a research programme or activity
- when involved in mandatory programmes such as anti-doping
- when visiting IWAS social media pages
3 What information does IWAS collect?
The types of information IWAS collects will be relevant and proportional to the purpose for which it is being collected and may include names, addresses, dates of birth, gender, email addresses, telephone numbers, sport history, medical information relating to classification, credit/debit card or bank account information, work history/qualifications and experience, and information regarding any criminal record.
4 How does IWAS use personal information?
IWAS will use personal information:
- to provide the information or service that has been requested
- to uphold the principles of athlete classification
- to ensure compliance with doping control and uphold the principles of fair sport
- to ensure the successful and safe delivery of events and competition
- for administration and membership management purposes
- to further IWAS’s charitable aims and to comply with the law.
- as part of research programmes
IWAS will not share personal information with other third-party organisations including corporate and media partners that we may work with, unless we have a persons’ specific consent.
However, in certain circumstances, and where it is an essential part of providing the service requested (for example event entry or managing athlete classification) IWAS may share personal information with specific partner organisations, member organisations and legal authorities
IWAS will never sell personal details or the information we hold.
IWAS will publish certain athlete information (name, nationality, year of birth, gender, sport and registration status) in the IWAS Wheelchair Fencing Classification Master List and IWAS results systems which is an essential service.
5 Data Controller
The IWAS Chief Executive Officer will be the person with responsibility for data protection and management within the organisation.
6 Data storage and external processors
IWAS uses third party organisations to store and manage data, for example cloud-based services. We will only use reputable suppliers and ensure that all such services are compliant with the GDPR and that appropriate security measures are implemented.
Where personal information is used by Local Organising Committee, we will require that organisation to develop suitable data protection policies, and to destroy all information held (unless needed for any insurance or legal purposes) within 12 months of the conclusion of that event except where consent to retain data has been given.
Where storage of paper documentation is necessary, this is provided by secure lockable cabinets. Data is filed in clear and identifiable systems and there is clearly defined access rights and accessibility. Storage is further secured in lockable rooms and has third party security controls including video cameras and security staff on site.
7 The IWAS website, use of ‘Cookies’ and Analytics?
‘Cookies’ are small pieces of information sent to a computer and stored on a hard drive when visiting the IWAS website.
Analytics information allows IWAS to track visitors to the IWAS website and social media channels.
Both cookies and analytics information collected by IWAS is non-identifiable, i.e. we cannot identify an individual person, however in line with good practice we will only collect cookies where a visitor has given us permission to do so when entering the site.
A visitor can change their cookie preferences at any time by amending the settings in their web browser.
IWAS will retain analytics information for up to 3 years from the most recent visit.
8 Data retention
IWAS takes appropriate measures to ensure that the information we hold is kept secure, accurate and up to date and kept only for so long as is necessary and for the purposes for which it is used.
When data is destroyed, it will be destroyed securely in accordance with best practice at the time of destruction.
For some legal processes and essential services (such as information regarding athlete classification, doping control and competition results) it is necessary for IWAS to retain data indefinitely.
Information relating to officers and staff will be retained for the legally necessary period or five years after the person has left, whichever is the longer
9 Under 18-year olds
The parent/guardian’s, or the persons representative, will normally need to give permission before IWAS can hold information concerning anyone under the age of 18.
10 Informed consent
The parent/guardian’s, or the persons representative, will normally need to give permission before IWAS can hold information concerning anyone who is above the age of 18, but is without legal capacity to give informed consent.
In many cases the representative will be the IWAS member organisation representative.
When requesting consent to provide personal data, including sensitive personal data such as classification and medical evidence, IWAS will clearly state this on any website, document or form.
12 Right of access and rectification
Individuals have the right to ask for a copy of the information held (for which IWAS may charge a small administration fee) and to have any inaccuracies corrected. Such requests should be made in writing to the data controller.
13 Right to be ‘Forgotten’
Subject to the provisions regarding essential services described above, individuals have the right to request IWAS to delete all personal information we hold about that person any time. This request must be made in writing to the data controller.
14 Changes to this Policy