West Wicklow RFC – Data Protection (GDPR) Policy

Written By Wren Fernandes

Aligned with IRFU Governance Guidelines

1. Purpose

The purpose of this policy is to ensure that Blessington Rugby Club complies with the General Data Protection Regulation (GDPR) and Irish Data Protection legislation. It explains how personal data is collected, stored, used, and protected for all members, volunteers, staff, and stakeholders.

2. Scope

This policy applies to all personal data held by Blessington Rugby Club, including:

  • Players (minis and youth)

  • Coaches and volunteers

  • Committee members

  • Parents/guardians

3. Data We Collect

We may collect the following personal data:

  • Name, address, phone number, email

  • Date of birth (especially for youth players)

  • Emergency contact information

  • Medical / health information (for participation and safeguarding)

  • IRFU registration data

  • Payment and financial information

4. Purpose of Processing

We process personal data for legitimate club purposes, including:

  • Membership administration and registration

  • Safeguarding and welfare of youth members

  • Team selection, training, and match participation

  • Communication with members and parents

  • Financial administration (payments, fees, donations)

5. Lawful Basis

Personal data is processed on the basis of:

  • Consent (e.g., membership registration forms)

  • Legal obligation (e.g., safeguarding reporting)

6. Data Sharing

  • Data may be shared with the IRFU for registration, competition, or compliance purposes.

  • Personal data is never shared publicly without consent.

  • Sensitive data (health, safeguarding) is shared only with relevant personnel.

7. Data Retention

  • Membership and financial records: minimum 7 years (for accounting purposes)

  • Safeguarding records: in line with IRFU and legal requirements

  • Other personal data: only as long as necessary for club purposes

  • Data no longer required will be securely destroyed

8. Rights of Members

Members, parents, and volunteers have the following rights under GDPR:

  • Access their personal data

  • Correct inaccurate data

  • Request deletion of data (subject to legal or IRFU requirements)

  • Restrict or object to processing

  • Withdraw consent where applicable

Requests should be submitted to the Club Secretary.

9. Security Measures

  • Personal data is stored securely.

  • Access is restricted to committee members or authorised personnel

  • Passwords and encrypted storage used for digital records

10. Breach Notification

  • Any suspected data breach must be reported immediately to the Club Secretary

  • Breaches will be managed in line with GDPR requirements

  • Where necessary, affected individuals and the Data Protection Commission may be notified

11. Consent for Youth Members

  • Parents/guardians provide consent for collection and use of their child’s data

  • Sensitive information (e.g., medical or safeguarding details) requires explicit parental consent

12. Review

This policy will be reviewed annually by the Blessington Rugby Club Committee or sooner if GDPR requirements change.

Approved by: Wren Fernandes (Public Relations Officer) Date: 15/06/26

Wren Fernandes
Previous

West Wicklow RFC Photo and Video Policy