20.0 Data Protection and Handling Procedures
The British Aikido Association is required by law to comply with the Data Protection Act 1998 and any subsequent amendments. The Association therefore complies with the national guidelines in relation to data protection.
The Executive Committee (EC) of the Association appoints the Association’s Data Protection Officer (DPO). The officer is responsible for apprising the EC and any other appropriate officers as indicated by the EC of any changes in requirements under the Act and for ensuring that procedures are in place for meeting legal requirements.
20.2 Central database
20.2.1 Central database – working methods
20.2.2 The central records of the BAA are kept on a computer database, maintained by the appointed Registrar.
20.2.3 Only officers stipulated by the EC, who have need to access information within the database in order to carry out their duties, may have access to some or all of the information on the database.
20.2.4 Any officer who is given access to information in the database must have successfully completed a Criminal Records Bureau (CRB) check.
20.2.5 Information which may be entered into the database will be from:
(a) personal membership application forms, including those for temporary membership, signed by the applicant (or by the parent/legal guardian if the applicant is under the age of 18 years)
(b) club membership application forms, signed by the applicant
(c) professional indemnity (PI) insurance application forms, signed by the applicant
(d) examination or assessment forms submitted by the appropriate officer e.g. coaching (from CLO), grading and examiners (from Gradings Officer), competition officials (from R&J Officer).
20.2.6 Forms (a) will include a statement:
It is a requirement of the Data Protection Act 1998 that persons give their written authorisation to have their details recorded. By signing this application form, you are giving permission for your personal details to be recorded in the databases of the British Aikido Association. These databases are not distributed to any other third party and are not used for non Aikido related functions. Failure to sign the application will mean you cannot be a member of the British Aikido Association. For persons under the age of 18 please ensure a parent or legal guardian signs on your behalf.
20.2.7 Forms (b) and (c) will carry a similar statement, less the final sentence as coaches leading clubs and those applying for PI insurance must be over 18 years of age.
20.2.8 Annual membership renewals – if required a renewal form is completed and amendments are transferred into the database.
20.3 Central database – archive and deletion
20.3.1 The records of an individual or club will be transferred by the Registrar into an ‘archive’ section of the database if, after 90 days, no renewal of membership has been received.
20.3.2 The records of an individual or club will be deleted by the Registrar from the database 7 years after archiving if no renewal has been received.
20.3.3 Paper records of membership applications will be held by the Registrar for 2 years. Applications before that date will be transferred to central archive (currently with the General Secretary) and will be destroyed after a total of 7 years.
20.3.4 Grading records will not be destroyed but will be maintained by the Gradings Officer and the General secretary.
20.3.5 Course information and assessment information for examiners and competition officials are destroyed after being added to the computer record.
20.3.6 Personal information supplied for competitions is destroyed one year after event.
20.4 Web – working methods
20. 4.1 As information published on the web is available worldwide, no data generated from the database will be used for this purpose.
20. 4.2 Data will only be collected on forms specifically warning persons that the data may be posted on the web.
20. 4.3 The ‘webmaster’ will post information onto the site.
20. 4.4 The ‘web administrator’ (currently the General Secretary), on behalf of the EC, will be responsible for reviewing all information to be posted, for reviewing the site on a regular basis and for forwarding new and changed information to the ‘webmaster’ to be actioned.
20. 4.5 The BAA offers each affiliated club one page on its web site. The information published is that which is submitted to the General Secretary on the form for that purpose.
20.4.6 When its annual membership is due for renewal each club will be invited to submit or change the information held using the form. Changes may be made in the interim and must also be supplied on the form.
20.4.7 In the case of the BAA wishing to post other information on individuals e.g. competition results, courses, officials, photographs of individuals, a separate form will be used.
20.5 Web – archives and deletion
20.5.1 Forms will be destroyed upon a replacement form being received or 90 days following the expiry of a club’s affiliation renewal.
20.5.2 The one-page club information on the web site will be removed if the club ceases to exist, if the club official asks for it to be removed, or 90 days following non-renewal of club membership.
20.5.3 Club information removed from the web site will be deleted from all electronic records after 12 months (giving time to allow for the club restarting or re-applying).
20.5.4 Information received by the web-master will be deleted/destroyed once posted on the web.
20.5. 5 All forms will be held by the web administrator (General Secretary) and will be destroyed when the electronic information is removed.
From a perspective of duty of care, individual clubs are requested to include on their club membership forms an emergency contact name and telephone number for each club member as well as any known ailments that may affect practice.
Although this information is not requested by the BAA on Association personal membership application, it will be required from participating individuals at BAA-authorised events.
Individual clubs may have their own web sites. BAA policy is that no personal information is published on these sites other than data that is already in the public domain. Individual clubs must seek permission from individuals to display any information.
20.7 Data security
20.7.1 Computer systems containing personal information on behalf of the Association must be secure and password protected.
20.7.2 The database must be password protected.
20.7.3 A back-up copy of the database is supplied to the General Secretary.
20.7.4 A back-up copy of the database is supplied to the CLO.
20.7.5 Other authorised officials will be supplied with minimal information as necessary to enable them to complete their tasks e.g. Treasurer will be sent financial and club contact information, competition organiser on request the status of membership of a participating competitor at a BAA-authorised event.
20.7.6 All paper records containing personal information must be secured in a cupboard or cabinet.
20.7.7 All personal information held in paper form is destroyed by shredding. CDs are broken.
20.8 Access to personal information
Under the Data Protection Act, individuals are entitled to see the records relating to them.
Such a request should be submitted in writing to the BAA’s General Secretary and enclosing a stamped self-addressed envelope. The Association will supply the information within 30 working days of receipt of the request.
20.9 Amendments to the procedure
This procedure will undergo regular review on a three-year cycle.