PSA PLAYER PRIVACY NOTICE

This Privacy Notice applies to all our current and former PSA members.

General

We collect and process personal data relating to our players in order to enable us to manage our relationships with these individuals and manage the administration of the PSA World Tour. We are committed to being transparent about how we collect and use that data and to meet our data protection obligations in accordance with the General Data Protection Regulations (GDPR).

The Data Protection Principles

We will comply with the data protection law, including the six principles of GDPR which are:

  • to process data lawfully, fairly and in a transparent manner;
  • to collect data for specified, explicit and legitimate purposes, and not process it in a manner that is incompatible with these purposes;
  • to ensure that data is adequate, relevant and limited to what is necessary in relation to the purpose for which it is processed;
  • to ensure that data is accurate and, where necessary, kept up to date and accurate;
  • to ensure that data is kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed;
  • to ensure that data is processed in a manner that ensures appropriate security of the data, including protection against unauthorised or unlawful processing and accidental loss, destruction or damage.

What information do we collect?

We collect and process a range of information about you. This includes;

  • your name, address and contact details, including email address and telephone number, date of birth and gender;
  • your biography information, including height, weight, place of birth, place of residence, profession, achievements, interests, sponsors, coaches and social media account handles;
  • information about medical or health conditions, including whether or not you have a disability for which we need to make reasonable adjustments;
  • the terms and conditions of your membership;
  • details of your membership history with PSA, including start and end dates;
  • details of your PSA career, including match statistics and prize money earnings;
  • details of your bank account and national insurance number;
  • information about your emergency contacts;
  • details of periods of leave taken by you, including, sickness absence, family leave and the reasons for the leave;
  • details of any disciplinary or grievance procedures in which you have been involved, including any warnings issued to you and related correspondence;
  • details of trade union membership and any other professional memberships or associations;

We collect this information in a variety of ways. For example, data is collected through application forms, match data, obtained from your passport or other identity documents such as your driving licence, from forms completed by you, from correspondence with you or through meetings and other processes.

We will seek information from third parties about you with your consent only. This may include, for example, references supplied by former employers, advice from occupational health providers and information from criminal record checks permitted by law.

Data is stored in a range of different places, including on our secure, encrypted database, our secure cloud-based storage folders and other IT systems including our email system.

Why do we process personal data?

We will only process your data where we have a legitimate ground to do so. We need to process data to enter into a contract with you as a member of the Professional Squash Association.

In some cases, we need to process data to ensure that we are complying with our legal obligations. For example, we are required by law to check that we need to deduct tax, to and to comply with health and safety laws.

In other cases, we have a legitimate interest in processing personal data before, during and after the end of the member relationship. Processing member data allows us to:

  • maintain accurate and up-to-date member records and contact details, including details of who to contact in the event of an emergency
  • promote members and the sport of squash, which is in the interest of both the member and general public
  • maintain accurate historical sporting records
  • monitor the impact and performance of the PSA
  • operate and keep a record of disciplinary processes
  • operate and keep a record of absences
  • operate and keep a record of other types of leave
  • ensure effective business administration
  • ensure effective tournament management
  • pay prize money
  • provide assistance with obtaining visas
  • provide references on request for current or former employees
  • maintain and promote equality.

Some special categories of personal data, such as information about health or medical conditions, is processed to carry out employment law obligations such as those in relation to employees with disabilities and for health and safety purposes.

Data that we use for these purposes is confidential and is collected with the express consent of members, which can be withdrawn at any time.

Members are entirely free to decide whether or not to provide such data and there are no consequences of failing to do so.

Who has access to data?

Your information will be shared appropriately and confidentially internally, including with members of finance, Directors, your manager and IT staff if access to the data is necessary for performance of their roles.

We also share may your data with third parties with your express consent; by entering a PSA tournament you agree to us sharing your relevant personal data with the named promoter and members of the tournament committee for the purposes of organising the tournament. We may also share your data with third parties in the context of a sale of some or all of our business. In those circumstances the data will be subject to confidentiality arrangements.

We also share your data appropriately and confidentially with third parties that process data on our behalf. This includes benefit providers, IT Consultants, airline / travel agents. We may also need to share your details with overseas authorities to obtain international visa requirements. The purpose for sharing this data is to enable us to effectively administer our working relationship with you and carry out the terms of our contractual obligations.

We require our third-party partners to respect the security of your data and to treat it in accordance with the law. They must act only in accordance with our instructions and they agree to keep your personal data confidential and secure. We assess our third-party partners to ensure that they are compliant with their GDPR processes and their processing obligations on our behalf.

Where we transfer your data to countries outside the European Economic Area we will ensure a similar degree of protection of your information and where necessary we will put in place measures to ensure that your data does receive the adequate level of protection to which you are entitled under GDPR.

How do we protect data?

We take the security of your data seriously. We have internal policies and controls in place to ensure as far as we can that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by its employees in the performance of their duties.

Where we engage third parties to process personal data on our behalf, they do so on the basis of written instructions and under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data.

For how long do we keep data?

We will only retain your personal data for as long as necessary to fulfil the purpose for which we collected it. To determine the appropriate retention period for personal data we consider the amount, nature and sensitivity of the data as well as the purpose for which it was collected.

Your rights

As a data subject, you have a number of rights. You can:

  • access and obtain a copy of your data on request;
  • require the organisation to change incorrect or incomplete data;
  • require the organisation to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing;
  • object to the processing of your data where the organisation is relying on its legitimate interests as the legal ground for processing; and
  • ask the organisation to stop processing data for a period if data is inaccurate or there is a dispute about whether or not your interests override the organisation's legitimate grounds for processing data.

If you would like to exercise any of these rights, please contact PSA office.

If you believe that we have not complied with your data protection rights we encourage you to raise your concerns with one of the Directors as soon as is practical.

You also have the right to complain at any time to the Information Commissioners Office (ICO), the UK supervisory authority for data protection.

What if you do not provide personal data?

You have some obligations under your membership contract to provide us with data. In particular, you are required provide us with up to date contact details, address, date of birth, country of representation, emergency contact details, medical information in good faith, and bank account details. This must be provided to enable us to enter a contract of membership with you. If you do not provide other information, this will hinder our ability to administer the rights and obligations arising as a result of the relationship efficiently.