The Irish Clay Target Shooting Association (“ICTSA”) as a sports governing body needs to gather and use certain personal data and information about individuals, or data subjects, in order to run, administer and promote the sport of clay target shooting.
The ICTSA takes its data protection obligations very seriously and is committed to complying with the law. The policy applies to all of our staff, members, clubs, volunteers, coaches and consultants (“ICTSA Community” or “you” or “your”).
This Data Protection Policy (“DP Policy”) is designed to:
This Policy is a guidance document only. It is not a summary of the law or an exhaustive list of data protection responsibilities.
ICTSA’s Approach to Data Protection Compliance
ICTSA has appointed a dedicated Data Protection Liaison (“DPL”) to oversee compliance with data protection laws for ICTSA.
Each club should appoint a DPL with responsibility for overseeing compliance with data protection laws within that club.
Any queries on data protection should be directed, in the first instance to your club DPL. If the query cannot be resolved at club level, ICTSA’s DPL Conor Mooney can be contacted at email@example.com
ICTSA has taken steps to ensure it is compliant with data protection law including;
The ICTSA has other policies and rules in place that affect the use of personal data and that should be read in conjunction with this DP Policy. We would draw your attention in particular to the following:
Terms And Conditions
Social Media Policy
Data Protection – Shoot Programme
Who is responsible for data protection?
During any given activity involving clay target shooting and the ICTSA Community, personal information may be collected, stored, viewed, archived, deleted, transferred, amended and so on. When we do this, we are processing personal data and we are required to do so in accordance with data protection law.
It is the responsibility of anybody involved in processing or controlling or using this personal data to do so in an appropriate and lawful manner.
Each person in the ICTSA Community is potentially affected. It is your responsibility to make yourself aware of the DP Policy and implement it when processing personal data.
This policy does not form part of any employee's contract of employment and it may be amended at any time. Any breach of this policy will be taken seriously and may result in disciplinary action.
It is important that you notify the Data Protection Liaison or relevant person in your club of any potential breach involving you or anybody in the ICTSA Community.
The Office of the Data Protection Commissioner (“DPC”) is the statutory independent body responsible for enforcing data protection law in Ireland. The DPC has extensive powers, including the ability to impose civil fines of up to Euros 20 million or 4% of group worldwide turnover, whichever is higher. Also, the data protection laws can be enforced in the courts and the courts have the power to award compensation to individuals.
Data protection laws
The General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (“DPA 2018”) (together “data protection laws”). It is anticipated that in the aftermath of Brexit, the UK will adopt laws equivalent to these data protection laws.
The data protection laws require that the personal data is processed in accordance with the Data Protection Principles (see below) and gives individuals rights to access, correct and control how we use their personal data (on which see below).
Key Data Protection Principles
All personal data must be:
See the Schedules below for further detail on these principles.
“Personal Data” means data that relates to a living individual who can be identified from the data. It is limited to information about living people only. In the clay target shooting context, this includes; athletes, coaches, judges, volunteers, parents, members, employees, contractors, suppliers etc… Personal data can include:
“Sensitive Personal Data” – means information containing facts or opinions about a living individual relating to: • Racial or ethnic origin • Political opinions • Religious beliefs • Trade Union Membership • Health • Sex life • Criminal proceedings or convictions
“Data subject” is the living individual to whom the relevant personal data relates.
“Processing” is widely defined under the data protection laws and can include for example collection, modification, transfer, viewing, deleting, holding, backing up, archiving, retention, disclosure or destruction of personal data, including CCTV images. The lawful bases for processing Personal Data are set out in the Schedules below.
“Data controller” is the person who decides how personal data is used, for example we will always be a data controller in respect of personal data relating to our employees.
“Data processor” is a person who processes personal data on behalf of a data controller and only processes that personal data in accordance with instructions from the data controller, for example an outsourced payroll provider will be a data processor.
“Data users” include employees or volunteers whose work involves using personal data. Data users have a duty to protect the information they handle by following this data protection policy at all times.
Special category data
Special category data under the data protection laws is personal data relating to an individual’s race, political opinions, health, religious or other beliefs, trade union records, sex life, biometric data and genetic data.
The special category personal data we would expect to collect would be health data in the context of safely administering the sport of clay target shooting or anti-doping purposes. We are also required, under law, to collect any history of criminal records in the context of Garda vetting. There are separate lawful bases for collecting special category data (as set out in the Schedules below).
Your obligations – “Do’s and Don’ts”
You should always try to apply a practical, logical and common-sense approach to how you use personal data, including the following steps where practical:
Consequences for non-compliance
There are a number of serious consequences for both yourself and us if we do not comply with data protection laws.
These include: For you
For ICTSA or your club:
Data subject rights
Under data protection laws individuals have certain rights in relation to their own personal data. In summary these are:
Not all of these rights are absolute rights, some are qualified and some only apply in specific circumstances. More details on these rights can be found in the Schedules of this Policy.