Privacy Policy

The General Data Protection Regulation superseded the Data Protection Act 1998 on 25 May 2018. This new European law gives increased privacy rights to individuals whose data is being collected. Its purpose is to protect the rights and privacy of individuals and to ensure that personal data is not processed without their knowledge or consent. The main principles of GDPR are as follows:

1. Lawfulness, Fairness & Transparency

2. Purpose Limitation

3. Data Minimisation

4. Accuracy

5. Storage Limitation

6. Confidentiality & Integrity

Below we have outlined how Catalyst Allstars adheres to the above principles. We are committed to this policy of protecting the rights and privacy of individuals, members, volunteer staff and others in accordance with GDPR. In the event of any breach of GDPR or this Data Protection Policy, internal disciplinary procedures will apply, and the individual may be subject to legal proceedings. As a matter of good practice, any organisations and individuals working with the team, and who have access to any personal information for whatever reason, will be expected to have read and comply with this policy.

1. LAWFULNESS, FAIRNESS & TRANSPARENCY

Catalyst Allstars is a data controller; we determine the purpose and the means of processing personal data. Without personal data we would not be able to function as a sports team. Detailed below are the reasons we may need to collect and process personal data relating to you, or your child: 

• Legal – we have the following legal obligations for processing data which include but are not limited to health and safety, insurance and child protection

• Contractual – which allows Catalyst Allstars to provide members with the services associated with our programme such as sending requests for payment, registers, and entrance to events

• Legitimate interests – which is when the processing is necessary for Catalyst Allstars’ legitimate interests such as, but not limited to, marketing

• Consent – when the individual has given clear consent for us to process their personal data for a specific purpose, for example taking photographs for the Catalyst Allstars website

Members

Personal information will be collected through our third party system, Class Manager. We may hold the following types of information on our members (including parents of minor athletes), but please note that this list is not exhaustive:

• Name

• Date of birth

• Address 

• Telephone number(s)

• Email address(es)

• Emergency contact details (may be more than one person)

• Details of financial transactions processed online through Class Manager, via bank transfer, or in person

• Medical information provided to us by you, or recorded by us in the event of an injury

• Attendance at training sessions / events

• Team placements of individual athletes

• Any notes / comments about athletes progress, or skills (may not be recorded electronically)

• Communications where athletes/guardians are mentioned by name

• Athlete measurements for uniforms

Non-members (enquiries)

For any enquiries that come direct through our website contact form or to our central email address ([email protected]), we require a name and email address in order to reply to the enquiry. This applies to both potential members and to third party organisations contacting us, e.g. apparel companies, event organisers.

Sharing data

Catalyst Allstars will not share your personal data with any third party companies for marketing purposes. The only instance in which we will share information, outside of the third party processing outlined about, is to enter competitions; these companies may include, but are not limited to:

• Legacy Cheer and Dance Ltd.

• Incredibly Cool Events Ltd.

• British Cheerleading Association

• Future Cheer Ltd.

• Cheer City Ltd.

The personal information we may pass onto event providers are as follows:

• Athlete name

• Athlete date of birth

• Athlete/guardian email address – in the instance of a waiver needing to be signed

• Any other information reasonably requested by the event provider

Some of these event providers, while registered in the UK, are physically located outside of the EU (e.g. Legacy Cheer and Dance Ltd.), and although Catalyst Allstars will take particular care to ensure all providers are compliant with GDPR and/or have a sufficient Privacy Policy in place, as the data subject, you may wish to check this yourself. Except in these circumstances, or in the event of entering an international competition, in which you agree to participate, no personal data will be shared outside of the EU, without your explicit consent.

2. PURPOSE LIMITATION

Catalyst Allstars will not use personal data for a purpose other than those outlined above, and those agreed by data subjects (members, staff and others). If the data held by us is requested by external organisations for any reason, this will only be passed if data subjects (members, staff and others) consent. We would also require that external organisations state the purpose of processing, agree to use the data only for those purposes, and to ensure timely deletion, and that they comply with GDPR and this Data Protection Policy. 

There are two main exceptions to the above, law enforcement and emergency medical treatment. Where information is required by law enforcement agencies, the legal basis for this will be considered to supersede this policy, and data may be shared without your prior consent or knowledge. Likewise, if an athlete becomes unwell or injured at training, or an event, and emergency medical treatment is required, the athlete’s best interests are considered to supersede this policy, and data will be shared to ensure they may receive the care they require. In both of these instances, we will endeavour to seek your consent prior to sharing the data, but in time-sensitive situations, this may not be possible.

3. DATA MINIMISATION

Catalyst Allstars will monitor the data we hold for our purposes, ensuring that we hold enough to fully support our members’ roles within the team, but that this is not excessive. If data given or obtained are found to be excessive for our purposes, they will be immediately deleted or destroyed.

4. ACCURACY

It is imperative that all data is accurate and kept up to date. Within our new member system, Class Manager, all personal information will be entered by the member, therefore minimising the risk of details being inputted incorrectly by staff. The member will also have easy access to their data to update it at their will. It is the responsibility of individuals to ensure the data held in this system is accurate and up-to-date. We advise members to check their personal information at least yearly, and make any necessary changes.

5. STORAGE LIMITATION

Catalyst Allstars will not store data for longer than is deemed necessary. All athletes’ personal data will be deleted or destroyed one year after their membership has lapsed. If an athlete returns at a later date, they will be asked to provide their information again.

In regards to images of athletes, any material that has been shared online (e.g. on our website, social media, or otherwise) will remain live, even if the athlete is no longer a member. However, no additional photos will be published online after they have left. All photos/videos held of the sole athlete will be deleted, while group shots may be maintained for promotional purposes. An athlete or guardian may request that historical images or videos are taken off social media by contacting us ([email protected]). We will always honour this request within a reasonable timescale. This applies only to images/videos taken and stored by the staff at Catalyst Allstars – for material taken at competitions or other events, the member should contact the copyright holder.

6. CONFIDENTIALITY & INTEGRITY

Catalyst Allstars want to assure you that your data is as secure as can be. Our new member system, Class Manager is held on secure severs and uses SSL encryption when transmitting information from users computers to the server. All personal data stored by members is only accessible by staff members who have been given access. In the event that a staff member leaves Catalyst Allstars, their access will be revoked immediately, revoking their right to access personal data on our members. Security will also be heightened by regularly changing the password for any joint accounts. 

All payments made through Class Manager are processed through secure payment providers. Debit/credit card transactions are dealt with by Stripe; one of the most reputable and secure payment platforms in the world. Direct Debit transactions are dealt with by GoCardless; they use military grade encryption to keep financial information safe and they are registered with the FCA. GoCardless accesses the Direct Debit network through its sponsor bank, The Royal Bank of Scotland. 

No paper copies of sensitive personal information will be held by any of member of staff. Staff are permitted to use only first name and/or initials with regards to routine choreography, skills tracking, or other activities on paper/computer software, which are not processed through Class Manager. All class registers will be taken via Class Manager.