Data Protection Policy
Reading Rockets (including associated organisations: Reading Rockets Ltd, Reading Rockets Basketball Club, Rockets Sport and Educational Foundation, Reading Rockets Coaching Services, Just Hoops, MJ Basketball Academy) is committed to complying with data protection law and to respecting the privacy rights of individuals. The policy applies to all of our staff, workers, directors, volunteers and consultants.
This Data Protection Policy sets out our approach to data protection law and the principles that we will apply to our processing of personal data. The aim of this Policy is to ensure that we process personal data in accordance with the law and with the utmost care and respect.
The Principles of the General Data Protection Regulations (Under Article 5):
- processed lawfully, fairly and in a transparent manner in relation to individuals;
- collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;
- adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
- accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
- kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals; and
- processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
Reading Rockets’ full Data Protection Policy can be found below.
Processing of Data/Privacy Notices
We are committed to respecting your privacy. Our privacy notices explain how we may use personal information we collect before, during and after your links with us. The notices explain how we comply with the law on data protection, what your rights are and for the purposes of data protection we will be the controller of any of your personal information.
There are privacy notices for the following groups:
We may update these privacy notices from time to time. When we change these notices in a material way, we will update the version date at the bottom of the final page. For significant changes to this notice we will try to give you reasonable notice unless we are prevented from doing so. Where required by law we will seek your consent to changes in the way we use your personal information.
The links to our Privacy Notices can be found at the bottom of this page
Virus Protection Awareness
We make every effort to check and test material at all stages of production. It is always wise for you to run an anti-virus program on all material downloaded from the Internet. We cannot accept any responsibility for any loss, disruption or damage to your data or your computer system which may occur whilst using material derived from this website.
Any breach of this policy will be treated seriously and may also constitute a breach of the General Data Protection Regulations (May 2018). Any suspected breach of this policy or data breach will be dealt with by Reading Rockets’ Data Protection Compliance Manager (DPCM) or a nominated lead investigator. Reading Rockets may take action against any member who has breached Reading Rockets’ Data Protection policy in accordance with Reading Rockets’ Disciplinary Procedures.
If a suspected data breach is found, Reading Rockets’ Data Breach policy will be followed:
- Incident received/reported
- The Data Protection Compliance Manager (DPCM) or appointed lead investigator will firstly determine if the breach is still occurring. If so, the appropriate steps will be taken immediately to minimise the effect of the breach.
- An investigation will be undertaken by the DPCM or appointed lead investigator immediately and wherever possible within 24 hours of the breach being discovered/reported.
- The investigation will need to take into account the following:
- The type of data involved and its sensitivity
- Any protections that currently in place
- What’s happened to the data (has it been lost or stolen)
- Could the data be put to any illegal or inappropriate use
- Who the individuals are, number of individuals, potential affects on those data subjects
- Are there any wider consequences to the breach
- The DPCM or appointed lead investigator will determine who needs to be notified of the breach.
- Any legal/contractual requirements?
- Whether notification would assist the individual affected – could they act on the information to mitigate risks?
- Whether notification would help prevent the unauthorised or unlawful use of personal data?
- Would notification help Reading Rockets meet its obligations under the Data Protection regulations.
- If a large number of people are affected, or there are very serious consequences, whether the Information Commissioner’s Office (ICO) should be notified. Not every incident warrants notification and over notification may cause disproportionate enquiries and work.
- Notification to the individuals whose personal data has been affected by the incident will include a description of how and when the breach occurred, and the data involved. Specific and clear advice will be given on what they can do to protect themselves and include what action has already been taken to mitigate the risks. Individuals will also be provided with a way in which they can contact Reading Rockets for further information or to ask questions on what has occurred.
- Once the initial incident is contained, the DPCM or appointed lead investigator will carry out a full review of the causes of the breach; the effectiveness of the response(s) and whether any changes to systems, policies and procedures should be undertaken.
To reduce the risk of any data breach occurring, Reading Rockets has taken the following steps to reduce any risk:
- Reading Rockets will ensure that its name and address will be on all paperwork as appropriate and will identify the use to which any information requested will be put.
- Data held will be used responsibly and within the limits described in the regulations.
- The type of data collected will be reviewed at least annually.
- Any error will be rectified as soon as possible after Reading Rockets becomes aware of it.
- Financial records are kept for seven years or as long as is dictated by the law.
- Any paper records are destroyed when they are no longer required. This is done through a confidential shredder based within the Rockets’ offices.
- Reading Rockets’ offices are only accessible to authorised persons.
Individuals and organisations on which Reading Rockets holds information have the right to:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling.
More information with regards to each individual right can be found on the ICO website –
Responsibilities of Staff and Management
The management and staff of Reading Rockets are responsible for the processing of data in accordance with the regulations and for upholding the principles outlined in this policy for the processing and maintenance of data regarding its members.
All personnel are expected to observe data protection good practice at all times and to ensure that the personal data they make available for processing is kept accurate, up to date and secure.
Rockets’ Data Protection Compliance Manager is Liz Edwards and she can be contacted by e mail – firstname.lastname@example.org.