WHO WE ARE

The objectives of the Sherborne Pilgrims (referred to in this policy as the Pilgrims) are to promote and encourage all forms of Old Shirburnian (OS) sport, and to keep members in touch with one another and with Sherborne School (the School).  All OS who are members of the OS Society (OSS) are entitled to apply for membership.  Members of staff who are members of the OSS may be invited to become an honorary member.  The Pilgrims address is c/o Wickham House, Milborne Port Road, Charlton Horethorne, Sherborne, Dorset, DT9 4NH.

WHAT THIS PRIVACY NOTICE IS FOR

This Privacy Notice is intended to provide information about how the Pilgrims will use (or ‘process’) its members’ and potential members’ personal data.  Data Protection Law gives individuals rights to understand how their data is used.  Members of the Pilgrims are encouraged to read this Privacy Notice in order to understand how the Pilgrims is fulfilling its obligations to its members.  This Privacy Notice applies alongside any other information the School may provide about a particular use of personal data, and it applies in addition to the School’s other relevant terms, conditions and policies, including:

  • any contract between the School and its staff or the parents of pupils;
  • the School’s policy on taking, storing and using images of children;
  • the School’s CCTV and/or biometrics policy;
  • the School’s retention of records policy;
  • the School’s safeguarding, pastoral, or health and safety policies, including as to how concerns or incidents are recorded; and
  • the School’s ICT policies, including its Acceptable Use Policy and Mobile and Remote Working Policy.

Anyone who works for, or acts on behalf of, the Pilgrims (including the Officers of the Club, Committee Members, Sports Managers and Match Managers) should also be aware of and comply with this Privacy Notice.

WHY THE PILGRIMS NEEDS TO PROCESS PERSONAL DATA

The Pilgrims holds its members’ personal data in accordance with its ‘legitimate interests’, which are to carry out its ordinary duties to its membership and to fulfil its objectives. Other uses of personal data will be made in accordance with the Pilgrims’ legitimate interests, or the legitimate interests of another, provided that these are not outweighed by the impact on individuals and provided it does not involve special or sensitive types of data.

RESPONSIBILITY FOR DATA PROTECTION

The membership database is owned by the School.  Sherborne School’s Information Governance and Privacy Compliance Officer will deal with any requests and enquiries concerning the School’s use of your personal data (see section on Your Rights below) and endeavour to ensure that all personal data is processed in compliance with this policy and Data Protection Law.  The School will share relevant personal data with the Pilgrims on request under an Information Sharing Agreement.  The Pilgrims will ensure that the data provided by the School is managed and handled securely.  The responsibility for Data Protection within the Pilgrims is held by the Pilgrims Committee.

TYPES OF PERSONAL DATA PROCESSED BY THE PILGRIMS

This will include by way of example:

  • names, addresses, telephone numbers, e-mail addresses and other contact details;
  • bank details and other financial information, e.g. about members and other people who apply for membership, pay for Pilgrims events or who receive financial support from the Pilgrims to attend, deliver or manage Pilgrims events;
  • School records of members – including sports played, House attended and date of leaving;
  • images of members (and occasionally other individuals) engaging in Society activities.

HOW THE PILGRIMS COLLECTS DATA

Generally, the Pilgrims receives members’ personal data from the School’s database managed by the OSS.  This is shared with the Pilgrims under an Information Sharing Agreement.  Data may also be collected in the ordinary course of interaction or communication with members and in some cases personal data will be collected from publicly available resources.

WHO HAS ACCESS TO PERSONAL DATA AND WHO THE PILGRIMS SHARES IT WITH

The Pilgrims will share personal information in accordance with access protocols (on a ‘need to know’ basis) with:

  • The Officers of the Club;
  • Committee Members;
  • Sports Managers;
  • Match Managers; and
  • Other members when required (such as event managers).

In accordance with Data Protection Law, some of the School’s and Pilgrims’ processing activity is carried out on its behalf by third parties, such as ICT systems, web developers or cloud storage providers. This is always subject to contractual assurances that personal data will be kept securely and only in accordance with the School’s and/or Pilgrims’ specific directions.

HOW LONG WE KEEP PERSONAL DATA

The Pilgrims will retain an individual’s personal data while they remain a member of the Pilgrims.  If you have any specific queries about how our retention policy is applied or wish to request that personal data you no longer believe to be relevant is considered for erasure, please contact the Pilgrims. A limited and reasonable amount of information will be kept for archiving purposes: for example, even where you have requested we no longer keep in touch with you, we will need to keep a record of the fact in order to fulfil your wishes (called a ‘suppression record’).

KEEPING IN TOUCH AND SUPPORTING THE PILGRIMS AND THE SCHOOL

The School and the Pilgrims will use the contact details of members to keep them updated about the activities of the Pilgrims and the School including the organisation of Pilgrims events and sending updates and newsletters, by email and by post. Should you wish to limit or object to any such use, or would like further information about them, please contact the Pilgrims in writing. You always have the right to withdraw consent, where given, or otherwise object to direct contact. However, the Pilgrims is nonetheless likely to retain some of your details (not least to ensure that no more communications are sent to that particular address, email or telephone number).

YOUR RIGHTS

Rights of access, etc

  • Individuals have various rights under Data Protection Law to access and understand what personal data is held by the Pilgrims, and in some cases ask for it to be erased or amended or have it transferred to others, or for the Pilgrims to stop processing it – but subject to certain exemptions and limitations.
  • Any individual wishing to access or amend their personal data, or wishing it to be transferred to another person or organisation, should put their request in writing to the Pilgrims.
  • The Pilgrims will endeavour to respond to any such written requests as soon as is reasonably practicable and in any event within statutory time-limits, (which is one month in the case of requests for access to information).
  • The Pilgrims will be better able to respond quickly to smaller, targeted requests for information. If the request for information is manifestly excessive or similar to previous requests, the Pilgrims may ask you to reconsider or require a proportionate fee (but only where Data Protection Law allows it).

Requests that cannot be fulfilled

  • You should be aware the right of access is limited to your own personal data and certain data is exempt from the right of access. This will include information which identifies other individuals or information which is subject to legal privilege (for example legal advice given to or sought by the Pilgrims, or documents prepared in connection with a legal action).
  • You may have heard of the “right to be forgotten”. However, we will sometimes have compelling reasons to refuse specific requests to amend or stop processing personal details; for example, a legal requirement, or where it falls within a legitimate interest identified in this Privacy Notice. All such requests will be considered on their own merits.

Consent

  • Where the Pilgrims is relying on consent as a means to process personal data, any person may withdraw this consent at any time. Please be aware however that the Pilgrims may not be relying on consent but have another lawful reason to process the personal data in question even without your consent.

Whose rights?

  • The rights under Data Protection Law belong to the individual to whom the data relates.

DATA ACCURACY AND SECURITY

The School and the Pilgrims will endeavour to ensure that all personal data held in relation to an individual is as up-to-date and accurate as possible.  Individuals must please notify the School or the Pilgrims by post or email of any changes to information held about them.

An individual has the right to request that any inaccurate or out-of-date information about them is erased or corrected (subject to certain exemptions and limitations under Act).

The Pilgrims will take appropriate technical and organisational steps to ensure the security of personal data about individuals, including policies around use of technology and devices, and access to systems. All Pilgrims committee members and sports/match managers will be made aware of this policy and their duties under Data Protection Law.

QUERIES AND COMPLAINTS

Any comments or queries on this policy should be directed to the School’s Information Governance and Privacy Compliance Officer or to the Pilgrims Honorary Secretary (see above for address).

If an individual believes that the School or Pilgrims has not complied with this policy or acted otherwise than in accordance with Data Protection Law, they should utilise the School’s complaints / grievance procedure and should also notify the School’s Information Governance and Privacy Compliance. Individuals can also make a referral to or lodge a complaint with the Information Commissioner’s Office (ICO), although the ICO recommends that steps are taken to resolve the matter with the School and/or Pilgrims before involving the regulator.