Data Protection Policy


Introduction

The Irish Amateur Wrestling Association CLG. (IAWA) is committed to protecting your privacy and complying with Irish Data Protection Commissioners guidelines. This Statement of Data Protection applies to how the Irish Amateur Wrestling Association CLG manages and governs personal data collection and usage. By agreeing to these terms, you consent to the data practices described in this statement.

Privacy and data protection rights are very important to the Irish Amateur Wrestling Association. As such the Irish Amateur Wrestling Association CLG operates under the Data Protection Act 1988 – 2003 and all personal data will be maintained in accordance with the obligations of that Act. Data Protection is the safeguarding of the privacy rights of individuals in relation to the processing of personal data, in both paper and electronic format. The Data Protection Acts 1988 and 2003 (the “Data Protection Acts”) lay down strict rules about the way in which personal data and sensitive personal data are collected, accessed, used and disclosed. The Data Protection Acts also permit individuals to access their personal data on request, and confer on individuals the right to have their personal data amended if found to be incorrect.


The types of personal information that IAWA may be required to handle include information about:

Members, present and past, and where applicable their guardians;

Current, past and prospective employees, officers, board and committee members, volunteers, IAWA representatives, advisers, consultants, contractors and agents;

Registered athletes being individuals who are members of National Programmes or who compete and represent Ireland at a national level;

Those individuals who have undertaken training or qualifications through the IAWA or partner organisations;

Coaches, Instructors and course providers registered with the Irish Amateur Wrestling Association Suppliers and sponsors; and others with whom it communicates.

The personal information, which may be held on paper or on a computer or other media, is subject to certain legal safeguards specified in the Data Protection Act 1988 – 2003 and other regulations. The Act imposes restrictions on how the IAWA may process personal information, and a breach of the Act could give rise to criminal and civil sanctions as well as bad publicity.

This document outlines the Irish Amateur Wrestling Association’s policy to help ensure that we comply with the Data Protection Acts. Inquiries about this Data Protection Policy should be made to: The Secretary, Irish Amateur Wrestling Association, 54 Elm Mount Drive, Beaumont, Dublin


Purpose of this policy

This policy is a statement of the Irish Amateur Wrestling Association’s commitment to protect the rights and privacy of individuals in accordance with the Data Protection Acts. These principles specify the legal conditions that must be satisfied in relation to the obtaining, handling, processing, transportation and storage of personal information.

This policy is a condition of employment and therefore any employees, in addition to all others who obtain, handle, process, transport and store personal information including board and committee members, volunteers, IAWA representatives, advisers, consultants, contractors and agents will adhere to the rules of the policy. Any breach of the policy will be taken seriously and may result in disciplinary action. Negligent or deliberate breaches could also result in personal criminal liability.

Any employee, board or committee member, volunteer, IAWA representative, adviser, consultant, contractor or agent who considers that the policy has not been followed in respect of personal information about themselves or others should raise the matter with the IAWA President in the first instance.


The Irish Amateur Wrestling Association Data usage statement

Personal data may only be processed for the specific purposes notified to the data subject when the data was first collected, which may include, but is not limited to,

The collation of data to produce statistics which will be supplied to, amongst others, government agencies,

To research, develop and manage new and existing programmes and projects for the strategic development of wrestling and grappling sport and for promoting wrestling and grappling sports generally.

For communicating with individuals about their membership and/or their involvement in programmes, projects, competitions, courses and other activities including the promotion of all Irish Amateur Wrestling activities.

Providing information to individuals about matters related to Irish Amateur Wrestling and Grappling activities regarding Wrestling and Grappling administration and its sponsors or for any other purposes specifically permitted by the Act.

Record certification, course participation, event participation, membership and to provide instructor data on website.

Use of name and address data for identity verification, anti-fraud and anti-money laundering services. To perform accounting and other record-keeping functions.
To provide personnel, payroll and pension administration service

This means that personal data must not be collected for one purpose and then used for another. If it becomes necessary to change the purpose for which the data is processed, the data subject must be informed of the new purpose before any processing occurs.


Data Protection Principles

We shall perform our responsibilities under the Data Protection Acts in accordance with the following eight Data Protection principles:

  • Obtain and process information fairly
  • We shall obtain and process personal data fairly and in accordance with statutory and other legal obligations.
  • Keep it only for one or more specified, explicit and lawful purposes
  • We shall keep personal data for purposes that are specific, lawful and clearly stated. Personal data will only be processed in a manner compatible with these purposes as defined in the Canoeing Ireland data usage statement.
  • Use and disclose only in ways compatible with these purposes we shall use and disclose personal data only in circumstances that are necessary for the purposes for which we collected the data.
  • Keep it safe and secure
  • We shall take appropriate security measures against unauthorised access to, or alteration, disclosure or destruction of personal data and against its accidental loss or destruction.
  • Keep it accurate, complete and up-to-date
  • We adopt procedures that ensure high levels of data accuracy, completeness and that data is up-to-date.
  • Ensure it is adequate, relevant and not excessive
  • We shall only hold personal data to the extent that it is adequate, relevant and not excessive.
  • Retain for no longer than is necessary
  • We shall only hold onto data for as long as it is required by the Canoeing Ireland data usage statement.
  • Give a copy of his/ her personal data to that individual, on request

We adopt procedures to ensure that data subjects can exercise their rights under the Data Protection legislation to access their data. Access to data is available upon a written request and on payment of the appropriate fee of €10. Request should be made by post to Irish Amateur Wrestling Association, 54 Elm Mount Drive, Beaumont, Dublin, or by email to The Secretary at irishwrestling@outlook.ie

Responsibility

Overall responsibility for ensuring compliance with Data Protection Acts rests with the Irish Wrestling Association. However, our responsibility varies depending upon whether we are acting as either a data controller or a data processor. All employees and contractors of the Irish Wrestling Association who separately collect, control or process the content and use of personal data are individually responsible for compliance with the Data Protection Acts. The Data Protection Co-Ordinator is the Irish Wrestling Association’s Secretary, and co-ordinates the provision of support, assistance, advice, and training within the Irish Wrestling Association to ensure that the association is in a position to comply with the legislation.


Data Security

The IAWA must ensure that appropriate security measures are taken against unlawful or unauthorised processing of personal data, and against the accidental loss of, or damage to, personal data. Data subjects may apply to the courts for compensation if they have suffered damage from such a loss. The Act requires The IAWA to put in place procedures and technologies to maintain the security of all personal data from the point of collection to the point of destruction. Personal data may only be transferred to a third-party data processor if he/she agrees to comply with those procedures and policies, or if he/she puts in place adequate measures himself. Maintaining data security means guaranteeing the confidentiality, integrity and availability of the personal data, defined as follows:-

  • Confidentiality means that only people who are authorised to use the data can access it.
  • Integrity means that personal data should be accurate and suitable for the purpose for which it is processed.
  • Availability means that authorised users should be able to access the data if they need it for authorised purposes. Personal data should therefore be stored on the IAWA’s central computer system instead of individual PCs.

Secruity Procedures Include:

Log On System. All IT systems have a log on system which allows only authorised personnel access to personal data. Passwords on all computers are changed frequently and must not be disclosed to others.

Secure lockable desks and cupboards. Desks, cupboards and rooms are kept locked if they hold confidential information of any kind and can only be accessed by certain individuals. (Personal and financial information and child protection data is always considered confidential and additional security measures are in place for such information.)

Methods of disposal. Paper documents should be shredded. Electronically stored information should be physically destroyed when no longer required.

Equipment. Data users should ensure that individual monitors do not show confidential information to passers-by and that they log off from their PC when it is left unattended.

International Transfers

Personal data should not be transferred to a country outside the European Economic Area unless the country to which the personal data is being transferred provides adequate safeguards. In many cases this will necessitate the data subject consenting to the personal data being transferred.

Practical Pointers;

To maintain data security and compliance with the law, data users should:

When sending emails to more than one data subject (whether by a distribution list or otherwise), consider ‘blind copying’ each data subject so that each data subject’s contact details are not disclosed to the other data subjects.

Ensure that no information is published on the Irish Wrestling Association website in respect of a data subject unless the information is already in the public domain or that data subject has been informed and it is reasonable to do so or they have consented to such publication. Exercise care when disclosing information about someone else. Only do so if the other person has consented or it is reasonable in all the circumstances to comply with the request without the consent of the other person.

Dealing with Subject Access Requests

A formal request from a data subject for information IAWA holds about them must be made in writing. Employees, board or committee members, volunteers, IAWA representatives, advisers, consultants, contractors and agents who receive a written request should forward it to the Secretary immediately. The IAWA should respond to the request within 40 calendar days and has the right to charge a fee (presently no more than €10) for this service.

When receiving telephone enquiries, employees, volunteers, board or committee members, The IAWA representatives, advisers, consultants, contractors and agents should be careful about disclosing any personal information held on the IAWA systems.

In particular they should:

Check the caller’s identity to make sure that information is only given to a person who is entitled to it. A common sense approach should be taken when verifying the identity of the caller. For example, if you personally know the individual and are satisfied that they are calling this ought to be sufficient. If you do not know the caller, you could ask to return their call and ensure that the number given tallies with that on the membership database record for the person.

Suggest that the caller put their request in writing where the employee, board or committee member, volunteer, The IAWA representative, adviser, consultant, contractor or agent is not sure about the caller’s identity and where their identity cannot be checked. Alternatively, the individual should be asked to attend in person (and especially if the information is of a sensitive nature).

Refer to the Secretary General for assistance in difficult situations (for example, where any request might involve disclosing someone else’s personal data). Employees, board or committee members, volunteers, IAWA representatives, consultants, advisers, contractors and agents should not be bullied into disclosing personal information.

Procedures and Guidelines

The Irish Wrestling Association is firmly committed to ensuring personal privacy and compliance with the Data Protection Acts, including the provision of best practice guidelines and procedures in relation to all aspects of Data Protection.

Review

This Data Protection Policy will be reviewed regularly in light of any legislative or other relevant developments.

This Data Protection policy is available on the the Irish Wrestling Association Intranet.

The Irish Wrestling Association welcomes your comments regarding this Statement of Data Protection. If you believe that the Irish Wrestling Association has not adhered to this Statement, please contact The Irish Wrestling Association at irishwrestling@outlook.ie. We will use commercially reasonable efforts to promptly determine and remedy the problem.

PDF: Data Protection Policy