Oakham Rugby Football Club (“the Club”) is committed to protecting the personal data of all players, parents/guardians, coaches, volunteers, members, sponsors, and supporters. This policy sets out how we collect, use, store, and share personal data in line with:

The UK General Data Protection Regulation (UK GDPR)

The Data Protection Act 2018

The RFU’s guidance on data protection for grassroots rugby clubs

Our aim is to ensure transparency, fairness, and security in all data processing activities.

2. Data We Collect

We may collect and process the following categories of personal data:

Players & Members: Name, date of birth, contact details, emergency contacts, medical information (where required for player safety), playing history, registration numbers, payment records.

Parents/Guardians (for youth players): Names, contact details, consents.

Coaches, Volunteers & Officials: Contact details, DBS/ safeguarding checks, qualifications, role history.

Supporters & Sponsors: Contact information, business details, financial transactions related to sponsorship or fundraising.

Visitors & Event Attendees: Ticketing, booking, or attendance records.

3. How We Use Data

Personal data is used only for legitimate club purposes, including:

Registration of players and teams with the RFU and competition organisers

Communication of fixtures, training, events, and club news

Ensuring player safety, including access to emergency contact and medical details

Safeguarding and welfare compliance (including DBS checks)

Membership administration and fee collection

Managing sponsorships, fundraising, and community initiatives

Meeting legal and regulatory obligations

We will not use personal data for unrelated purposes without consent.

4. Lawful Basis for Processing

The Club processes data under the following lawful bases:

Contract: To deliver membership services and player registration

Legal obligation: For safeguarding, health & safety, and financial reporting

Legitimate interests: Running the Club efficiently and communicating with members

Consent: For photographs, marketing, or optional communications

5. Data Sharing

RFU & Leagues: We may share player registration details and match information as required by competition rules.

Emergency Services: Where necessary for health and safety.

Sponsors & Partners: Only where explicit consent has been provided.

Third-Party Providers: For services such as payment processing, email platforms, or safeguarding checks – all providers are required to comply with UK GDPR.

We will never sell personal data.

6. Data Retention

Players & Members: For the duration of membership, and up to 3 years after membership ends.

Youth Players: Until the individual turns 21, in line with safeguarding requirements.

Financial & Sponsorship Records: 6 years, to comply with HMRC requirements.

Safeguarding Records: As per RFU and statutory guidance.

7. Security

We take data security seriously and apply appropriate technical and organisational measures including:

Password-protected systems and encrypted databases

Limited access for authorised club officers and coaches only

Secure handling of paper-based records, which are stored in locked facilities

8. Individual Rights

All members have the following rights under UK GDPR:

To be informed about how their data is used

To access their data (Subject Access Request)

To rectify inaccurate data

To request erasure (where applicable)

To restrict or object to processing

To request portability of their data

Requests can be made to the Club Data Protection Officer (details below).

9. Safeguarding & Youth Data

For all players under 18, data will only be collected and processed with parental/guardian involvement. Special care is taken with medical information and safeguarding records. Any photography, social media, or promotional use of images requires explicit parental/guardian consent.

10. Data Breaches

Any suspected or actual data breach will be investigated immediately by the Club Data Protection Officer (DPO) and reported to the RFU and the Information Commissioner’s Office (ICO) where legally required.

11. Contact Details

Data Protection Officer – Oakham RFC
Contact: Ben Stephens Email
Address: Oakham Rugby Football Club, Showground Way, Off Burley Rd, Oakham, Rutland. LE15 7TW

12. Review of Policy

This policy will be reviewed annually, or sooner if required by RFU guidance or changes in legislation.
Last updated: August 2025