GAC – Data Protection Policy

Data Protection Policy

This statement discloses the privacy policy for www.derrynoosegac.com, the official website of the Derrynoose GAC. This also applies to the data protection policy of Derrynoose GAC for any members who register on www.derrynoosegac.com herein, referred to as the website.

Derrynoose GAC (here in Derrynoose) is committed to protecting your privacy and ensuring a secure online experience. In general, you can view this site and all the latest news and results without telling us who you are or revealing any information about yourself. Sometimes, however, the Derrynoose needs to monitor website usage to help it to develop the website and our services.

Collection of Personal Information

The Derrynoose may offer certain functions and services which, if you choose to use them, will require information from you in order to work, such as your name, email, address and mobile telephone number. The Derrynoose will endeavour to let you know before your personal information is collected from you on the internet. If you complete on-line registration on the internet your personal data will be collected and stored on the website which is hosted by Heart Internet Ltd.1 Personal data will also be stored on the GAA registration management system, herein called the database which is hosted by ServaSport Ltd.2 Personal data will be held each respective servers for member who consent to on-line registration.

Use of Personal Information

Primary Purposes

We use personal information for these primary purposes:

• To make the site easier for you to use by not making you enter your personal information more than once

• To help us create and deliver content most relevant to you

1 2 Castle Quay Castle Boulevard Nottingham NG7 1FW

2 ServaSport Ltd Wellington Buildings, 2-4 Wellington Street Belfast BT16HT

1

Derrynoose GAC – Data Protection Policy

• To process payment details for the online store (see below)

• To process registration for users who wish to become a member of Derrynoose (see below)

Derrynoose will not use (or pass to any third party) contact data on children under the age of 14 for any commercial mailing purposes.

Payment Details

We use personal information for processing payments on the on-line store.

If you wish to us the On-line shop on Derrynoose website, we may need to collect personal information such as name, address, contact number and e-mail address. This is to ensure that your on-line order is processed. Payments can be made through a third-party intermediary PayPal (Europe) S.à.r.l. “PayPal”. Derrynoose is not responsible for the privacy policy of “PayPal” and it is up to the user to read their privacy policy. PayPal share payment details with Derrynoose in order to ensure that the on-line order has been successfully completed.

Registration

Personal Information will be collected and stored by Derrynoose in order to process registration. This information will be used for the following purposes:

• To process registration personal data for the contractual purpose of registering (or re-registering) and maintaining Membership

• Derrynoose will collect personal data including name, address, date of birth and contact information (if necessary)

• The personal data will be used by the Club and the GAA for the contractual purpose of registering (or re-registering) and maintaining my Membership

• The Personal Data will be retained by the Club and the GAA for such period as my Membership subsists

• Personal Data will also be used for administrative purposes to maintain my Membership including registrations, team-sheets, referee reports, disciplinary matters, Injury Reports, transfers, sanctions, permits and for statistical purposes

• Derrynoose does not collect or store confidential personal data such as medical records on registration documentation, files or database.

2

Derrynoose GAC – Data Protection Policy

Marketing

Your contact details maybe used for marketing purposes, including informing members of up-coming social events, ticket sales, fundraisers and the sale of Derrynoose merchandise. However, members must consent to marketing, and your personal data, mobile or e-mail will only be used for marketing purposes if the member gives explicit consent.

Consent will be obtained for each separate processing activity and in the case of marketing a member can opt-out of marketing and still be eligible to become a member of the club.

Minor’s personal data will not be used for marketing purposes, the age of consent to marketing is 18 years old. If a minor’s parent or guardian wishes to receive marketing updates, the parent or guardian must become a member of the club. The club will never directly contact a minor, in relation to club activities, without the explicit consent of the parent or guardian.

Derrynoose may also use your personal information for general statistical purposes. We also keep track of the domains from which users visit and analyse this data:

• For trends and statistics and to evaluate the efficiency of our website and our internet infrastructure

• To ensure that services offered (such as, but not limited to, chat and forums) are not abused

We may also use your information for detection of fraud and market research purposes.

Business relationships

Derrynoose website contains links to other websites. Derrynoose is not responsible for the privacy practices or the content of external websites.

Cookies

Information may be sent to your computer in the form of an Internet "cookie" to allow the Derrynoose servers to monitor your requirements. The cookie is stored on your computer. Derrynoose server may request that your computer return a cookie to it.

These return cookies do not contain any information supplied by you or any personally identifiable information about you.

Such measures are necessary to allow the Derrynoose to measure the usability of the systems, which will help to continually improve user experience of our websites.

Your browser software should however enable you to block cookies if you wish to. For more information about cookies, please visit www.allaboutcookies.org.

3

Derrynoose GAC – Data Protection Policy

Consent

By submitting your personal information to us, you signify your consent to our using the information provided in the manner described above. If we amend our privacy policy, any changes will be published on this web site. If at any time you wish to update the information which we hold about you, or if you wish to stop receiving information from the Derrynoose, please contact us.

Right to be Forgotten

An individual can exercise their right to be forgotten at any time. This can be done by making a subject access requests, in writing, highlight that the individual wants to determine what data the club holds on the individual, and that they would like the relevant data to be deleted. For insurance purposes we may not be able to delete personal data, as the data maybe required to process an on-going insurance claim.

IMPORTANT NOTIFICATION

The following Privacy Information is being provided to you as outlined in the General Data Protection Regulation. It is intended to inform you of how the Personal Information provided on this form will be used, by whom and for what purposes. If you are unclear on any aspect of this form, or want any further information, please contact the GAA’s Data Protection Officer +353 1 8658600 or [email protected]).

Who is the data controller?

Derrynoose is the Data Controller of the Personal Data provided and contact details for the Club are as follows Derrynoose 38 Fergort Rd, Derrynoose, Co (phone: 028 3753 8980 email: [email protected]). Who is the Data Protection Officer for the GAA and the Club? Derrynoose Data Protection Officer is [Joseph Brennan]. You can contact our Data Protection Officer at the contact details above. The Data Protection Officer for the GAA can be contact at +353 1 8658600 or [email protected]. You may contact either Data Protection Officer if you have any questions or wish to make any request in relation to your personal data. We will only use your personal data for this second purpose if you have provided your explicit consent for this by ticking the relevant boxes. Will anyone else receive a copy of my Personal Data? Your Personal Data can be accessed by certain members of the Derrynoose GAC Committee. This will be done in accordance with our data protection policy only.

4

Derrynoose GAC – Data Protection Policy

Below are some Definitions for the purposes of the General Data Protection Regulation:

• ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person; • ‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction; • ‘restriction of processing’ means the marking of stored personal data with the aim of limiting their processing in the future; • ‘profiling’ means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements; • ‘pseudonymisation’ means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person; • ‘filing system’ means any structured set of personal data which are accessible according to specific criteria, whether centralised, decentralised or dispersed on a functional or geographical basis; • ‘controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law; • ‘processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller; • ‘recipient’ means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing; • ‘third party’ means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data; • ‘consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

5

Derrynoose GAC – Data Protection Policy

• ‘personal data breach’ means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed; • ‘data concerning health’ means personal data related to the physical or mental health of a natural person, including the provision of health care services, which reveal information about his or her health status; • ‘representative’ means a natural or legal person established in the Union who, designated by the controller or processor in writing pursuant to Article 27, represents the controller or processor with regard to their respective obligations under this Regulation; • ‘supervisory authority’ means an independent public authority which is established by a Member State pursuant to Article 51; • ‘cross-border processing’ means either: • processing of personal data which takes place in the context of the activities of establishments in more than one Member State of a controller or processor in the Union where the controller or processor is established in more than one Member State; or • processing of personal data which takes place in the context of the activities of a single establishment of a controller or processor in the Union but which substantially affects or is likely to substantially affect data subjects in more than one Member State. • ‘relevant and reasoned objection’ means an objection to a draft decision as to whether there is an infringement of this Regulation, or whether envisaged action in relation to the controller or processor complies with this Regulation, which clearly demonstrates the significance of the risks posed by the draft decision as regards the fundamental rights and freedoms of data subjects and, where applicable, the free flow of personal data within the Union; • ‘international organisation’ means an organisation and its subordinate bodies governed by public international law, or any other body which is set up by, or on the basis of, an agreement between two or more countries.

6