Information Sharing Agreement between the Croquet Association and its Member Clubs
1. Purpose of the Agreement
This document provides the basis for an agreement between The Croquet Association (CA) and its member clubs to share some personal details of club members. It has been written following advice from the Information Commissioner's office.
All playing members of CA-Member Clubs will have the option, at no cost to themselves, to become members of the CA, the sport's governing body. To facilitate this, clubs must share information about those members with the CA.
The primary benefit of sharing this data between the CA and clubs is that those members will be CA members and receive the benefits of CA membership as defined by the CA Council. It will also help to ensure that the clubs' subscriptions to the CA are accurately calculated on the basis of number of club members.
Secondly, when it has been trialled, the CA is intending to offer an online database facility to member clubs that may be used by the clubs to maintain their own membership data. This information may include people who will not be members of the CA, and may also include data of interest to the club but not necessarily to the CA, as identified by the club.
2. CA Membership Purposes
This part of the agreement is limited to the data sharing between clubs and the CA to facilitate club members to become CA members. It does not cover any other kind of membership. The agreement covers the sharing of information between the CA and clubs that are identified as holding relevant information for the purposes of ensuring that accurate membership records are maintained.
Information will be personal in nature and may only be shared where a club member wishes to be a CA member. See Section 4 below about consent.
2.2 Purposes of Sharing Information
Under the terms of this agreement, information may be shared for the purpose of maintaining accurate membership records and enabling croquet club members to receive CA-member benefits, which may include the following:
- Tournament Entry
- Maintenance of handicap data
- Maintenance of qualification (coaching/refereeing/handicapper) data
- Access to the Members' Area of the CA Website
- Inclusion in the secure online directory
- Access to the online Fixtures Book
- Access to the online Croquet Gazette
This is not an exhaustive list as new or changed member benefits and qualifications may be identified and these will be incorporated into this agreement during the monitoring and review process.
2.3 Information Sharing Requirements
|Purpose||Type of Information||Recipients||Data Controllers|
|Administer membership records; tournament entries; coach, referee, handicapper lists; notified availability for selection events||Specific member information, not anonymised||Club officials, CA staff and officials, relevant tournament managers, other members|
2.4 Information to be Shared
We require the following minimum set of data from the club for anyone who is or wishes to be a CA member:
- Postal Address
- Croquet Handicaps
- For club members that have a primary club elsewhere, an indication that this is the case
- An indication of whether the member has consented to having their details visible in the CA Members directory:
- To members of your or any croquet club of which they are a member
- To all Members of the CA
In addition, for members who the club is claiming as young people:
- Date of birth
Note that the CA will retain date of birth once known, even after the member ceases to have young person status. It may also collect and hold date of birth directly from individuals for other purposes, such as qualifying for senior or veteran events.
The CA also asks clubs to provide the following:
- email address
- telephone numbers
This greatly helps the CA with communication to its members, and also increases the options available to them - for example members will not be able to log into the CA website without an email address and therefore cannot access the electronic gazette and other information.
Other information that will be held by the CA where known:
- Skype Address
- Coaching Qualifications
- Referee Qualifications
- Handicapper Qualifications
- Croquet-relevant special-needs such as Colour Vision Deficiency
To complete the information provided, we will also need the number of playing members a Member-Club has that do NOT have a primary club elsewhere, and who do NOT want their information shared with the CA. This then enables us to calculate the club's subscription.
2.5 Use of Information
The information will be held by the CA in a database that is linked to the CA's website to facilitate:
- Accurate assessment of club subscriptions
- Tournament and coaching course entry
- Accessing secure membership area
- Accessing Croquet Gazettes
- Accessing CA Documents
- Use of the CA Directory (members-only and in a secure area)
- Members maintaining their own personal data including profile
3 Handling Club Specific Data
This part of the agreement covers the use of CA Database facilities by clubs for their own purposes. The data to be held will be defined by and be the responsibility of the club concerned.
3.2 Use of Information
All information held under this part of the agreement will be kept confidential between the clubs and CA officers, except that name and handicap only will be visible on the CA directory of members. It will not otherwise be used by the CA except for statistical analysis, with any published results being strictly anonymised. It will be the club's responsibility to maintain the data, including removing any data no longer required. The Club is the Data Controller and the CA is the Data Processor.
3.3 Sharing of Core Data
Core data on a member is the same data as is defined in section 2.4. Core data on a member is stored only once, even where an individual is a member of several clubs, or a member of a club and the CA. Only organisations (clubs or the CA) that the member has explicitly joined will have access to this information.
This means that if a member belongs to two or more clubs, any one of the clubs may change the core data, and the other clubs will see this change.
3.4 Additional Data
Clubs may define additional data they wish to hold on a member. Any additional data is held privately to the club and is not accessible to any other club or to the CA outside of its officers.
4.1 Sharing with the CA
It is the club's responsibility to seek consent from their members to become members of the CA and hence to share and process information for the purposes identified. Visibility of their details in the online members directory is optional, and thus requires specific consent. Consent must be sought from club members by club secretaries. The EU General Data Protection Regulations (GDPR) require that each club member must explicitly have given their consent. Clubs will need to record when that consent was given and the form of words used. The Croquet Association may, if required, request to see this consent.
If a club member does not agree to becoming a CA member, the club should not send their details to the CA and the club member will not benefit from being a CA member.
4.2 Using the Database for the Club's Own Purposes
Where a club stores information on members for its own purposes, it is normally allowed to do this as a 'legitimate interest' without seeking explicit consent from the member. Clubs should always make information about how they store data available to its members, and notify them if this is to change. Using the CA database for this purpose is no different from any other method of storing membership data in this respect.
5 Data Access and Storage
Data in transit is encrypted using Secure Sockets Layer (SSL). Stored personal data including backups and logs, except for the subject's name, is encrypted and the CA holds the keys.
A member's record may be accessed and altered by nominated and authorised CA club officers, CA staff and officials, and the CA member to ensure that records are accurate. Other CA members may also access data through the secure area of the website for information purposes only and cannot alter records. Examples of this include tournament managers, handicappers, club team captains, referees, and members looking for doubles partners. This list is not exhaustive but access must be limited to croquet-related matters and only through a secure login process. Members, clubs and the CA may not access the data to use it for any other purpose, which includes passing data to non-member third parties or selling data.
Club contacts' details, limited to those which are relevant, are displayed on the CA website.
6 Data Transfer
Data should be transferred electronically between clubs and the CA using the CA website. Clubs that cannot transfer data electronically should send the information on paper to the CA Office using Royal Mail. All information must be labelled with the originator - name of club and person supplying it - and dated.
7 Data Quality
Clubs are responsible for ensuring that all data shared with the CA is accurate and limited only to the information required in this agreement. Clubs should have a process in place to ensure that data is checked for accuracy prior to sharing. Before sharing data, the responsible club officer should check that the information being shared is accurate and up to date to the best of their knowledge. Members whose details have been uploaded will also be able to access and change the data to ensure accuracy and reflect any changes in the data.
8 Information Retention
Information in the online database will be retained for as long as an individual member remains a member of the club or the CA. When an individual ceases to be a member, their records in the online database will be marked as inactive, but retained whilst financial records relating to them are still required. Before being deleted, a copy of the records will be retained for historical and statistical purposes by the CA in an offline database and not used for any other purpose.
9 Data Protection Act
Clubs must ensure that they comply with their own data protection policies where they exist. Clubs that have an exemption from registration with the ICO must still comply with the EU General Data Protection Regulations (or UK ones after the UK leaves the EU on 31st December, 2020) and ensure that they adhere to best data protection practice as outlined on the ICO website.
10 Review of This Agreement
The CA will review and monitor this agreement every three years unless legislation or policy changes dictate otherwise.
New parties to this agreement may be included at any time, the formal arrangements for which will be managed by the CA.
Any proposed amendments or changes to this agreement will be notified to clubs.
11 Roles and Responsibilities
In signing up to this agreement, the signatories agree to the following roles and responsibilities:
|Club Officer||Maintenance and transfer of accurate data|
|CA Staff and Officials||Maintenance and transfer of data, implementing security measures to protect data in online database.|
Version 2, November 2020:
- Clauses 3.3, 3,4 and 4.2, relating to use of the CA's database for maintaining a club's membership records added.
- Clause 2.6 relating to information retention moved to clause 8 and revised.
- Additionally, the agreement has been reviewed, as required by clause 10, resulting in minor updates.
Version 1, September 2017. Initial version.