Privacy Notice and GDPR Compliance
Posted: Thu May 24, 2018 8:31 am
RUGBY REBELS PRIVACY STATEMENT
What is the purpose of this document?Rugby Rebels is committed to protecting the privacy and security of your personal information and will only process personal information about you in accordance with data protection principles, which are explained below.
This Privacy Notice describes how Rugby Rebels collects and uses personal information about you, during and after your relationship with the website, and applies to all users. This privacy notice has been developed to meet the requirements of the General Data Protection Regulation (GDPR) and any subsequent UK legislation relating to data protection. We recognise that Rugby Rebels is a global website with users who are not based in the EU. However, in the spirit of fairness the data protection rights enjoyed by EU citizens will be extended to all Rugby Rebels users.
As a social media platform, Rugby Rebels is aware of its responsibilities to ensure fairness to non-members whose personal information may be published by a user; this statement will address concerns that might arise from non-users and provide a means to have them addressed, recognising the right to free speech and the GDPR legal basis of public interest.
Definitions
Personal Data Any information identifying a Data Subject or information relating to a Data Subject that Rugby Rebels can identify (directly or indirectly) from that data alone or in combination with other identifiers which Rugby Rebels possesses or can reasonably access.
Personal Data includes Sensitive Personal Data. Personal Data can be factual (for example, a name, email address, location or date of birth) or an opinion about that person's actions or behaviour
Sensitive Personal Data Information revealing racial or ethnic origin, political opinions, religious or similar beliefs, trade union membership, physical or mental health conditions, sexual life, sexual orientation, biometric or genetic data, and Personal Data relating to criminal offences and convictions.
GDPR Principles
• Rugby Rebels will adhere to the principles relating to Processing of Personal Data set out in the Data Protection Legislation which require Personal Data to be:
• Processed lawfully, fairly and in a transparent manner (Lawfulness, Fairness and Transparency);
• Collected only for specified, explicit and legitimate purposes (Purpose Limitation);
• Adequate, relevant and limited to what is necessary in relation to the purposes for which it is Processed (Data Minimisation);
• Accurate and where necessary kept up to date (Accuracy);
• Not kept in a form which permits identification of Data Subjects for longer than is necessary for the purposes for which the data is Processed (Data Retention);
• Processed in a manner that ensures its security using appropriate technical and organisational measures to protect against unauthorised or unlawful Processing and against accidental loss, destruction or damage (Data Security).
What personal information does Rugby Rebels hold about you?
Rugby Rebels will collect, store, use and share those categories of personal information about you listed in the Schedule to this Privacy Notice. Only that information which is strictly necessary to ensure the continued orderly operation of the website will be collected and stored.
Informing Rugby Rebels of changes to your personal information.
All site users have the ability to amend their user profile. If for any reason this causes a problem, please contact the Data Protection Manager or an administrator who will be able to assist.
If you believe that Rugby Rebels has personal information relating to you which is inaccurate and you do not have the rights to change it, please contact the Data Protection Manager and we will ensure that it is corrected.
In what circumstances will Rugby Rebels use information about you?
Rugby Rebels will use personal information for the following requirements:
• The efficient operation of the website;
• To ensure that moderation issues relating to the rules of the website are managed;
• To comply with law enforcement when instructed to do so.
Does Rugby Rebels require my consent?
Rugby Rebels uses the minimum level of personal data to operate the site. We have a legitimate interest to use this information to ensure that the site remains functional and that it is a friendly environment for individuals to engage with and your explicit consent is not required to use personal information in this way.
If any additional processing uses are planned, your explicit consent will be obtained as appropriate.
In what circumstances will Rugby Rebels use particularly sensitive personal information?
Rugby Rebels will not require you to provide an sensitive personal information during your relationship with the website.
Which third-parties process my personal information?
Rugby Rebels is hosted on servers provided by GoDaddy.com. We have taken steps to assure ourselves that their security is sufficient and their employees have no reason to access personal information relating to Rugby Rebels users.
GoDaddy.com
14455 N Hayden Road
Scottsdale, AZ
USA
What about other third parties?
We do not routinely share personal information with third parties, but will cooperate with law enforcement in the event that such assistance is required. We will notify you if there is any intention to undertake any activities which involve the sharing of personal data, excepting those relating to law enforcement.
Transferring information outside the EU
Rugby Rebels uses a data processor for the purposes of hosting the website. This processor is named above and is located in the United States. This company is affiliated to the Privacy Shield agreement with the EU.
How long will Rugby Rebels use my information for?
Rugby Rebels will only retain your personal information for as long as necessary to fulfil the purposes we collected it for. We regard our relationship with you as having ended when:
• Your membership of the site is permanently cancelled; or
• You inform us that you wish to have your account deleted; or
• There has been a period of inactivity exceeding 12 months.
In order to enforce longer term moderation decision, an IP address may be retained indefinitely.
Automatic Processing and Mass Marketing
Rugby Rebels does not engage in any automatic processing of personal data or mass marketing.
How do I leave Rugby Rebels?
You can send an email to unsubscribe@rugbyrebels.co at any time.
What communications will Rugby Rebels send me?
Rugby Rebels will not routinely send you any communications, unless you request a response from a site administrator or moderator.
However, the following communications may be sent:
• Email confirming personal information following initial registration to the site. We do this to ensure that the email address entered is valid;
• Emails relating to suspensions or permanent bans. We do this to communicate the outcome if moderator reviews following complaints and to ensure you are fully informed of that decision and the appeals process;
• Following any significant security incident, we will contact you by any means available if there has been a breach involving your personal data. We will do this to ensure that your personal security is not compromised further;
• Emails when the account has been inactive for a period approaching 12 months. We do this to provide fair warning that your account will be deleted if not used.
How do I leave Rugby Rebels?
You can send an email to unsubscribe@rugbyrebels.co at any time.
How do I submit a Data Subject Access Request?
A Data Subject Access Request should be submitted, preferably by email, to the site Data Protection Manager. Rugby Rebels will provide a response, via email unless otherwise requested, within one calendar month. If the complexity of the request requires additional time, you will be notified via email of any delay within one calendar month.
There is a dedicated email address for Data Subject Access Requests which is:
access@rugbyrebels.co
Users requesting access should note that Rugby Rebels will attempt to contact you, via the Rugby Rebels website, to ensure that the request is legitimate. The timeline to respond to an access request commences once the legitimacy fo the request has been established.
What about personal data which Rugby Rebels doesn’t formally collect?
Rugby Rebels strongly encourages all users not to post personal information on the website relating to themselves, and absolutely forbids the posting of personal data relating to another living person (unless they consent). If any personal data concerning a user is published on the website which they object to, the moderation team should be alerted to remove it immediately, or contact the Data Protection Manager.
The discussion of public figures and information about them which is in the public domain is permitted on Rugby Rebels under the Public Interest provisions of Article 6. This does not extend to private individuals. The decision of the site’s Data Protection Manager and moderation team on who constitutes a ‘public figure’ is final.
All users are reminded that defamatory statements concerning public figures or posts which otherwise breach the board’s rules are strictly forbidden.
Who is the Rugby Rebels Data Protection Manager?
Mr Martyn Winters.
Your rights of access, correction, erasure, and restriction
Under certain circumstances and subject to limitations, by law, you have the right to:
• Request access to your personal information (commonly known as a "data subject access request"). This enables you to receive a copy of the personal information Rugby Rebels holds about you and to check that the site is lawfully processing it.
• Request correction of the personal information that Rugby Rebels holds about you. This enables you to have any incomplete or inaccurate information the site holds about you, corrected.
• Request erasure of your personal information. This enables you to ask Rugby Rebels to delete or remove personal information where there is no good reason for the site continuing to process it.
• Object to processing of your personal information where Rugby Rebels is relying on a legitimate interest (or that of a third party) and there is something about your particular situation which makes you want to object to processing on this ground.
• Request the restriction of processing of your personal information. This enables you to ask Rugby Rebels to suspend the processing of personal information about you, for example, if you want the site to establish its accuracy or the reason for processing it.
• Request the transfer of certain personal information to another party.
How can you exercise your rights?
By contacting the Rugby Rebels Data Protection Manager. There is usually no administration fee chargeable. However, if requests are repetitive then Rugby Rebels do reserve the right to charge an appropriate administration fee or to refuse the request.
What can I do if I’m unhappy with the response received from Rugby Rebels?
You have the right to complain to the Supervisory Authority. For UK users this is the Information Commissioners Office (ICO). Users in other EU countries can complain to their relevant Supervisory Authority who will engage with the ICO on their behalf. Non-EU citizens do not have a formal route to lodge a complaint with a Supervisory Authority.
Changes to this Privacy Notice
Rugby Rebels reserves the right to update this Privacy Notice at any time, and we will provide you with a new privacy notice when we make any substantial updates.
If you have any questions about this Privacy Notice, please contact the Data Protection Manager:
Data.manager@rugbyrebels.co
This Privacy Notice is issued by Rugby Rebels
Schedule
Rugby Rebels will collect, store and use the following personal data about you:
• Personal contact details such as name, title, addresses, telephone numbers, and personal email addresses;
• IP addresses;
• Date of birth;
• Rugby Rebels will use information provided by you in order to manage complaints against the site’s rules.