For the purposes of the General Data Protection Regulation ("GDPR") and UK data protection laws, the controller is Forest Row Lawn Tennis Club (the "Venue") of Forest Row Memorial Pavillion, Shalesbrook Lane, Forest Row, East Sussex RH18 5LS.
About this document
Under the GDPR, we are required to tell you on what lawful basis we hold data about you. There are several we can choose from. The lawful basis on which we choose to hold your data is called legitimate interests. This is, where you use people’s data in ways they would reasonably expect and which have a minimal privacy impact, or where there is a compelling justification for the processing. The compelling justification is that your Committee of the Forest Row Lawn Tennis Club consists of volunteers who want to run the communication between the Committee and members efficiently. We do not want to go back to a paper-based system where for every message we need to send you a message by post, drive to the bank to hand in a check etc. With over 200 members, the job becomes unwieldy.
How we collect your information
We may collect your personal data in a few limited ways, namely:
- directly from you, when you fill in an application for membership, when you make enquiries on our website, when you provide information via the Venue’s club management software or court booking system, or when you interact with us during your time as a member in various other ways (for example, where you enter a competition, renew your membership, sign up for a course or lessons);
- from someone else who has applied for membership on your behalf (for example a family member or your tennis coach who has provided us with your contact details for that purpose);
- from the LTA (for example, where the LTA passes on your details to us in connection with a complaint or query you have raised about our Venue).
The types of information we collect
We may collect the following types of personal data about you:
- contact and communications information, including your contact details (including email address(es), telephone numbers and postal address(es) and records of communications and interactions we have had with you);
- financial information, including Direct Debit details;
- certain other information which you volunteer when making use of your membership benefits (for example, when making court bookings or making use of other Venue facilities). We may also collect data about your health or medical conditions, where you have volunteered this, for example so that we can cater for you when you attend a Venue social event or a course/camp.
How we use personal data
Personal data provided to us will be used for the purposes set out at the time of collection and, where relevant, in accordance with any preferences you express. More generally, we will use your personal data for the following purposes:
- administration of your Venue membership, including:
- informing you about court / facilities opening hours;
- taking payment of membership fees;
- fulfilment of orders for goods and services, including court bookings;
- administration of the Wimbledon ballot, where this is necessary for the performance of a contract (including any written terms and conditions relating to your membership) with you;
- research and statistical analysis about who is playing tennis in our Venue;
- communication about our Venue activities that we think may be of interest to you;
- promoting our Venue and promoting goods and services of third parties (for example, equipment suppliers, operators of coaching courses, and organisers of tennis events) where we think this will be of interest to you; where this is necessary for our legitimate interests (or the legitimate interests of a third party), and/or where we have your consent, as applicable.
Your marketing preferences
We will always respect your wishes in respect of what type of communications you want to receive from us and how you want to receive them. There are some communications, however, that we need to send you regardless of your marketing preferences in order for us to fulfil our contractual obligations to you as a member of our Venue. Examples of these essential service communications are:
- records of transactions, such as payment receipts or Direct Debit confirmations (as applicable).
- membership related mailings such as your membership renewal reminder, notices of formal meetings and information about Venue closures and holiday opening hours.
You are in control of how we communicate with you. You can update your choices and/or your contact details yourself by logging into Clubspark and by contacting us at:
Telephone: 07590 673 598
Post: Woodcote, Park Road, Forest Row RH18 5BX
Sharing your information with others
We do not sell or share your personal data for other organisations to use other than as set out below. Personal data collected and processed by us may be shared with the following third parties, where necessary:
- our volunteers, for the purposes of administering your membership and giving you access to the membership benefits to which you are entitled.
- our contractors and suppliers, including coaches and any provider of membership management services.
- the LTA to invite members of our club to take up a British Tennis Lite Membership.
How long your information is kept
We keep your personal data only for as long as necessary for each purpose we use it. For most membership data, this means we retain it for so long as you have a valid Venue membership and for a period of six years after your last interaction with us (for accounting, tax reporting and record-keeping purposes).
Under certain circumstances, by law you have the right to:
- request access to your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
- request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below).
- object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal data for direct marketing purposes.
- request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it. You can also withdraw your consent, where this is the basis for our processing your data (without affecting the lawfulness of our previous processing based on consent).
- request the transfer of your personal data to another party.
Please note that the above rights are not absolute, and we may be entitled to refuse requests where exceptions apply.
Contact and complaints
- by email: firstname.lastname@example.org;
- by telephone: 07590 673 598;
- or by post: Woodcote, Park Road, Forest Row RH18 5BX.
If you are not satisfied with how we are processing your personal data, you can make a complaint to the Information Commissioner. You can find out more about your rights under applicable data protection laws from the Information Commissioner’s Office website: www.ico.org.uk.
By becoming a Member, you consent that Forest Row Lawn Tennis Club, holds the following personal data about you:
- first name
- last name
- telephone number
- type of membership
We need these data to run our club. For instance, to inform Members of events, to form Weald League teams, to post shoe tags to home addresses, to know when a Junior Member becomes a Student or Senior Member. Each Member has online access to their own personal data. Each Member can change, update and delete their own personal data at any time. Indeed, each Member is therefore in charge of their own online personal data, and thus also responsible to update their own data when any of it changes.
Opt in and opt out
Each Member can opt in (and opt out) to receive newsletters, announcements of events, and to participate in the annual Wimbledone tickets ballot. Below we explain how to opt in or out.
1. go to clubspark.lta.org.uk/ForestRowLawnTennisClub
2. sign in (top right corner), make sure you use your sign-in details that you registered with. If you can't remember, I won't know them either, sorry.
3. click on your name (top right corner)
4. click on your name under CHANGE THE USER (if more users appear)
5. click on "Edit Profile" in the wide grey bar with your name on it
6. verify/update all your personal details (not mandatory, but wise to do)
7. click on "Your privacy and consents"
8. opt in to what you want to receive from us, or opt out from what you do not want to receive from us
9. click on "UPDATE MY PREFERENCES"
10. you're done.
We make your name available to the Forest Row Sports Ground Association ("FRSGA")---of which our tennis club is a member---so that the FRSGA can meet the club licensing requirements for the bar. The licence requires FRSGA to keep a list of the names of all members of the four sports clubs (the senior and junior football clubs, the cricket club and the tennis club) behind the bar. We do not make your personal data available to anyone else, unless forced to do so by law.
Your data are held on the computers of ClubSpark, a free online membership management service for clubs that are members of the Lawn Tennis Association. ClubSpark only holds your data and does not pass them to anyone. The ClubSpark service:
- allows a Member to update their consents from their account area
- allows a Member to delete their record
- prevents anyone creating an account if he or she is under the age of 13
- makes it easier to identify Junior Member information within the system
- ensures that any Junior Member product being purchased on the system is only done so by the Member’s parent or guardian.
What does ClubSpark do to keep my data secure?
The security of your data is of the upmost importance to us. Our platform is hosted on Microsoft Azure, which runs in geographically dispersed datacenters that comply with key industry standards, such as ISO/IEC 27001:2005, for security and reliability. They are managed, monitored, and administered by Microsoft operations staff that have years of experience in delivering the world’s largest online services with 24 x 7 continuity.
In addition to datacenter, network, and personnel security practices, Microsoft Azure incorporates security practices at the application and platform layers to enhance security for application developers and service administrators.
Security for the Hosting Environment
The Microsoft Azure platform environment is composed of computers, operating systems, applications and services, networks, operations and monitoring equipment, and specialised hardware, along with the administrative and operations staff required to run and maintain the services. The environment also includes the physical operations centres that house the services and which themselves must be secured against malicious and accidental damage.
Key Architecture Design Points
The Microsoft Azure platform is designed to provide “Defense in Depth,” reducing the risk that failure of any one security mechanism will compromise the security of the entire environment. The Defense in Depth layers include:
- Filtering Routers: Filtering routers reject attempts to communicate between addresses and ports not configured as allowed. This helps to prevent common attacks that use “drones” or “zombies” searching for vulnerable servers. Although relatively easy to block, these types of attacks remain a favorite method of malicious attackers in search of vulnerabilities. Filtering routers also support configuring back end services to be accessible only from their corresponding front ends.
- Firewalls: Firewalls restrict data communication to (and from) known and authorized ports, protocols, and destination (and source) IP addresses.
- Cryptographic Protection of Messages: TLS with at least 128 bit cryptographic keys is used to protect control messages sent between Microsoft Azure datacenters and between clusters within a given datacenter. Customers have the option to enable encryption for traffic between end users and customer VMs.
- Software Security Patch Management: Security patch management is an integral part of operations to help protect systems from known vulnerabilities. The Microsoft Azure platform utilises integrated deployment systems to manage the distribution and installation of security patches for Microsoft software.
- Monitoring: Security is monitored with the aid of centralised monitoring, correlation, and analysis systems that manage the large amount of information generated by devices within the environment, providing pertinent and timely monitoring and alerts.
- Network Segmentation: Microsoft uses a variety of technologies to create barriers for unauthorised traffic at key junctions to and within the datacenters, including firewalls, Network Address Translation boxes (load balancers), and filtering routers. The back-end network is made up of partitioned Local Area Networks for Web and applications servers, data storage, and centralised administration. These servers are grouped into private address segments protected by filtering routers.