Privacy Policy

Who we are

Our website address is: https://cricketleaders.org.uk.

What personal data we collect and why we collect it

We collect, store, and process the following personal information about you and your child 

  • your child’s gender. 
  • your child’s age/date of birth. 
  • Your child’s school
  • your home address, email address and phone number. 
  • where you make purchases from us (all through our 3rd party agents); 
  • your marketing preferences, including any consents you have given us. 
  • how you have reached our digital platforms and the internet protocol (IP) address you have used; (ClubPay Ltd only)
  • your subscription or membership status. 
  • information collected in any forms you complete. 
  • images in video and/or photographic form and voice recordings; (all with your consent)

Most of the personal information we process is provided to us directly by you for one of the following reasons:

  • To process membership data 
  • For medical emergencies
  • For safeguarding purposes

We use the information that you have given us in order to:

  • register your child onto our young leaders in cricket programme
  • arrange suitable training events
  • provide our Tutors with the necessary emergency contact details for your child

We may share this information with our other IT providers, by registering for the programme, you are agreeing for this to take place.

Data Protection: The Club/School/District will use the information provided on this form (together with the other information it obtains about the player) (together “information”) to administer his/ her cricketing activity at the Club/School/District and in any activities in which he/she participates through the Club/School/District and to care for and supervise activities in which he/she is involved.

In some cases, this may require the Club/School/District to disclose this information to County Boards, Leagues and to the England and Wales Cricket Board. In the event of a medical issue or child protection issue arising, the Club/School/District may disclose certain information to doctors or other medical specialists and/or to police, children’s social care, the Courts and/or probation officers and, potentially to legal and other advisors involved in an investigation.


The England and Wales Cricket Board (ECB) may use the information together with other information held about you including education and history as a cricket official and/or as a member of the cricketing community (together information) to:

  • Administer membership of ECB ACO including keeping your affiliated County ACO informed of your membership status
  • Administer your attendance and completion of courses
  • Administer your benefits to ensure you get the most from your membership

The ECB will hold your information in a database which may be searched by County ACO’s/Boards each of which may use it to:

  • Verify your qualification and qualification criteria
  • Provide pre and post course administration

For the full ECB privacy notice, please click the link below
ECB Privacy Notice

Contact forms

The data from any forms on the site will be used for the purposes of administering the course including providing relevant information to our partners and also for developing the programme in the future.

We use Google’s reCAPTCHA service to minimise spam form submissions. You can find out more about Google’s current privacy policy here.

Cookies

If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Analytics

Currently there is no analytics tracking on the website.

Who we share your data with

We use a number of partners who require a limited amount of your
information to process, either your registration or to purchase merchandise.

Those providers will retain the information you give for purely those
purposes.

The partners are:

  • Google Sheets to process volunteering hours.
  • NXT SPORTS* to enable you to purchase from their online shop
  • Spond Ltd* to register you onto their App
  • ClubPay Ltd* to register for the programme

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where we send your data

Visitor comments may be checked through an automated spam detection service.

Additional information

How we protect your data

Your information is securely stored in a password protected database.
We keep the information we have collected from you for 3 (three) years from the registration date. We will then dispose of your information by cleaning any personal identifier information and then removing the data from our servers.

Data Protection Policy

Glossary of terms

In this policy, the following words and phrases have the following meanings:

Personal data

Any information relating to a natural person (the “Data Subject”) who may be identified directly or indirectly from that information

Sensitive data

A special category of personal data relating to a data subject’s racial or ethnic origin, their politics, their religious beliefs, their physical or mental health, their sexual orientation, or their trade union affiliation

Data Controller

The organisation which collects and determines the use of personal data

Processing

Any operation performed on personal data such as collection, storage,
retrieval, transfer or transmission, dissemination, deletion/destruction, or adaption and alteration

Consent

The consent of a data subject means any freely given, specific, informed and unambiguous indication by statement or clear affirmative action, signifying agreement to the processing of their personal data

Data breach

A breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of or access to personal data

Introduction

Cricket Leaders CIC (Cricket Leaders) which for the purposes of this document includes the delivery referred to as The Young Leaders in Cricket Programme (YLIC), has a legal obligation to comply with
all appropriate data protection legislation, primarily the EU General Data Protection Regulation (GDPR), but also such legislation as the Privacy and Electronic Communications Regulations (PECR).

Cricket Leaders also has a duty to comply with guidance issued by the Department of Health, the NHS executive, NHS Information Authority, Information Commissioner’s Office, and other relevant advisory groups.
Cricket Leaders needs to collect and use certain types of information about Individuals or Service Users (“data subjects”) who come into contact with Cricket Leaders, in order to carry out its functions. This personal information will be collected and dealt with appropriately whether collected on paper, stored in a computer database, or recorded on other material, and there are safeguards to ensure this in the GDPR.

Cricket Leaders is the Data Controller as defined by the GDPR, which means that it determines what purposes personal information held will be used for. It is also responsible for notifying the Information Commissioner of the data it holds or is likely to hold, and the general purposes that this data will be used for.

Cricket Leaders may need to share data with other agencies such as, but not necessarily limited to, a local authority, regulated health service providers, police, Inland Revenue and other Government bodies.

Data Protection Principles

The Individual/Service User will be made aware in most circumstances how and with whom their information will be shared. However, there are circumstances where the law allows disclosure of personal data (including sensitive data) without the data subject’s consent.

These are:

  • Carrying out a legal duty or as authorised by the Secretary of State
  • Protecting the vital interests of an Individual/Service User or other person
  • The Individual/Service User has already made the information public
  • Conducting any legal proceedings, obtaining legal advice or defending any legal rights
  • Monitoring for equal opportunities purposes – e.g. gender,race, disability or religion
  • Providing a confidential service where the Individual/Service User’s consent cannot be
    obtained or where it is reasonable to proceed without consent: e.g. where we would wish to
    avoid forcing stressed or ill Individuals/Service Users to provide consent signatures
    Cricket Leaders intends to ensure that personal data is treated lawfully and correctly. To this end it
    will adhere to the principles of the GDPR. Specifically, the GDPR requires that personal information:
  • Shall be processed fairly and lawfully and, in particular, shall not be processed unless specific
    conditions are met
  • Shall be obtained only for one or more of the purposes specified in the GDPR, and shall not
    be processed in any manner incompatible with those purposes
  • Shall be adequate, relevant and not excessive in relation to those purposes
  • Shall be accurate and, where possible, kept up to date
  • Shall not be kept for longer than is necessary
  • Shall be processed in accordance with the rights of data subjects under the GDPR
  • Shall be kept secure by the Data Controller who takes appropriate technical and other
    measures to prevent the unauthorised or unlawful processing or accidental loss or
    destruction of, or damage to, personal information
  • Shall not be transferred to a country or territory outside European Economic Area unless that country or territory ensures an adequate and approved level of protection for the rights and freedoms of Individuals/Service Users in relation to the processing of personal
    information
  • Any data used for non-operational analysis purposes will be fully anonymised
  • Cricket Leaders will, through appropriate management and strict application of criteria and controls:
  • Observe fully conditions regarding the fair collection and use of information
  • Meet its legal obligations to specify the purposes for which information is used
  • Collect and process appropriate information, and only to the extent that it is needed to fulfill its operational needs or to comply with any legal requirements
  • Ensure the quality of information used
  • Ensure that the rights of people about whom information is held, can be fully exercised
    under the GDPR. These include:
    o The right to be informed that processing is being undertaken
    o The right of access to one’s personal information
    o The right to prevent processing in certain circumstances
    o The right to correct, rectify, block or erase information which is regarded as wrong
    or inaccurate information
  • Take appropriate technical and organisational security measures to safeguard personal information
  • Ensure that personal information is not transferred abroad without suitable safeguards
  • Treat people justly and fairly whatever their age, religion, disability, gender, sexual orientation or ethnicity when dealing with requests for information
  • When collecting data Cricket Leaders will ensure that the Individual/Service User:
    • Clearly understands why the information is needed
    • Understands what it will be used for
    • Understands what the consequences are should they decide not to give consent
      to processing
    • Grants explicit consent, either written or verbal, for data to be processed
    • Has given consent freely
  • Cricket Leaders will ensure that:
    • It has a Data Protection Officer with specific responsibility for ensuring compliance with all data protection legislation and guidelines
    • Everyone handling or coming into contact with personal information understands that they are contractually responsible for following good data protection practice
    • Everyone handling personal information is appropriately trained and supervised
    • It will regularly review and audit the ways it holds, manages and uses personal information
    • It makes all personnel aware that a breach of the rules and procedures identified in this policy may lead to disciplinary action being taken against them

Data Storage

Information and records relating to all data subjects will be stored securely and will only be accessible by authorised personnel for the performance of their specified roles.

Information will be stored for only as long as it is needed, is relevant, or as required by statute, and will be disposed of appropriately (e.g. un-recoverable deletion of digital data; shredding of paper documents)

Right of Access

All Individuals/Service Users have the right to know what information Cricket Leaders holds about them. In accordance with the GDPR, Cricket Leaders will respond to a Subject Access Request (SAR) within 1 calendar month, or if the request is particularly complex will advise the requester of the extended timescale. Cricket Leaders will make no charge for responding to an SAR unless the request is complex, frivolous, or a repeat. Any charge will be sufficient to cover Cricket Leaders’s direct cost of handling the request.

Right to be forgotten

All Individuals/Service users have the right to have their data deleted/destroyed, the “Right To Be Forgotten” (RTBF). Cricket Leaders will comply with an RTBF request without undue delay unless the data is being retained for statutory purposes or where Cricket Leaders can demonstrate that retention is necessary within the provisions of the GDPR (e.g. for the establishment, exercise, or defence of a civil claim).

3rd party data sharing

Cricket Leaders will not, without the explicit consent of the data subject, share personal data with any 3rd-party unless the sharing is strictly for the performance of Cricket Leaders’s operational functions (e.g. outsourcing of business functions); unless the sharing is required
by law or statute; or otherwise legitimate without consent as set down in the GDPR.

Breach reporting

In the event of a serious data breach Cricket Leaders will:

  • notify the Information Commissioner’s Office (ICO) of a reportable data breach within
    the mandatory 72 hours of any personnel becoming aware of the breach
  • notify without undue delay all data subjects who have been, or could potentially be,
    adversely affected by the breach

What third parties we receive data from

ClubPay

What automated decision making and/or profiling we do with user data

Industry regulatory disclosure requirements