Purpose
This document explains how you must handle personal data when volunteering for the organisation, particularly when using online systems, email, messaging platforms, or digital tools.
It ensures that all volunteers follow UK GDPR requirements and protect the privacy of individuals whose information the organisation holds.
By signing this document, you confirm that you understand your responsibilities and agree to follow these guidelines.
Personal Data
Personal data is any information that can identify an individual. This includes, but is not limited to:
- Names
- Email addresses
- Telephone numbers
- Home addresses
- Dates of birth
- Photographs or videos where individuals can be identified
- Medical or safeguarding information
- Any combination of information that could identify a person
If you are unsure whether information counts as personal data, you should assume that it does and handle it accordingly.
Your Responsibilities
When you access or handle personal data as a volunteer, you must:
- Use personal data only for legitimate organisational purposes.
- Only access information that you need for your role.
- Keep personal information confidential.
- Ensure that personal data is kept secure at all times.
- Report any concerns or data breaches immediately.
Personal data must never be used for personal purposes or shared with anyone outside the organisation unless authorised.
Use of Personal Data
You may use personal data only for approved activities, such as:
- Communicating with participants or parents
- Organising training sessions, events, or programmes
- Managing registrations or attendance
- Responding to enquiries
You must not use personal information for any purpose unrelated to your volunteer role.
Storing Personal Data
If you store personal data as part of your role, you must follow these rules:
- Use approved organisational systems wherever possible.
- Avoid storing personal data on your personal devices unless necessary.
- Ensure any device used to access data is protected with a password.
- Do not copy, download, or store unnecessary information.
Personal data must not be retained on your systems for longer than 12 months.
All personal data must be securely deleted at the end of the season, or earlier if it is no longer required.
Email and Messaging
When communicating online:
- Use official organisational email accounts where possible.
- Use BCC when sending emails to large groups.
- Do not share personal contact details without permission.
- Avoid discussing sensitive personal information in group chats.
- Ensure messages are sent only to appropriate recipients.
Photos and Media
Photos or videos where individuals can be identified are considered personal data.
You must:
- Only use images where appropriate consent has been provided.
- Avoid sharing images publicly without permission.
- Store any images securely.
Data Breaches
A data breach occurs when personal information is:
- Lost
- Stolen
- Accessed without permission
- Shared with the wrong person
If you believe a data breach has occurred, you must report it immediately to the organisation’s designated data protection lead.
Agreement
By signing this document, you confirm that you:
- Understand your responsibilities when handling personal data
- Agree to follow these data protection guidelines
- Will keep all personal information confidential
- Will report any concerns or data breaches immediately to; Mel Boodt email: financialcontroller@downsnetballclub.co.uk
Failure to follow these guidelines may result in removal of access to organisational systems or volunteer duties.
