Updated 1st May 2018
As an organisation registered in Great Britain, INAS complies with the European General Data Protection Regulation (GDPR) and is registered with the Information Commissioners Office (ico.org.uk) in Great Britain.
INAS is committed to protecting information and your privacy. This statement is made in order to comply with best practice regarding Data Protection and to inform on INAS’ data processing practices which will govern the processing of personal data.
As a membership organisation, INAS also expects and encourages all Member Organisations, Local Organising Committees and other organisations who conduct activity on behalf of INAS to comply with the relevant local legislation and good practice in their area.
2 How does INAS collect information?
INAS will obtain personal information in a number of ways. This might include:
- when registering as a member organisation representative
- when applying for athlete eligibility
- when entering an event, competition, conference or meeting
- when elected to or applying for, an official position within the organisation
- when making a donation, general enquiry or complaint
- when participating in a research programme or activity
- when involved in mandatory programmes such as anti-doping
- when visiting INAS social media pages
3 What information does INAS collect?
The types of information INAS collects will be relevant and proportional to the purpose for which it is being collected and may include names, addresses, dates of birth, gender, email addresses, telephone numbers, sport history, medical information relating to classification and eligibility, medical conditions that may affect safe participation in events, credit/debit card or bank account information, work history/qualifications and experience, and information regarding any criminal record. For athletes, INAS will also collect medical and psychological information to so support an eligibility application.
4 How does INAS use personal information?
INAS will use personal information:
- to provide the information or service a person has requested
- to uphold the principles of athlete classification and eligibility
- to ensure compliance with doping control and uphold the principles of fair sport
- to ensure the successful and safe delivery of events and competition
- for administration and membership management purposes
- to further INAS’ charitable aims and to comply with the law.
- as part of research programmes
INAS will not share personal information with other third-party organisations including corporate and media partners that we may work with, unless we have a persons specific consent.
However, in certain circumstances, and where it is an essential part of providing the service requested (for example event entry or managing athlete eligibility and classification) INAS may share personal information with specific partner organisations, member organisations and legal authorities
INAS will never sell personal details or the information we hold.
INAS will publish certain athlete information (name, nationality, date of birth, gender, sport and registration status) in the INAS Master List which is an essential service.
5 Data Controller
The INAS Executive Officer will be the person with responsibility for data protection and management within the organisation.
6 Data Storage and External Processors
INAS uses third party organisations to store and manage data, for example cloud-based services. We will only use reputable suppliers and ensure that all such services are compliant with the GDPR and that appropriate security measures are implemented.
Where personal information is used by Local Organising Committee, we will require that organisation to develop suitable data protection policies, and to destroy all information held (unless needed for any insurance or legal purposes) within 12 months of the conclusion of that event except where consent to retain data has been given.
7 The INAS website, use of ‘cookies’ and analytics?
‘Cookies’ are small pieces of information sent to a computer and stored on a hard drive when visiting the INAS website.
Analytics information allows INAS to track visitors to the INAS website and social media channels.
Both cookies and analytics information collected by INAS is non-identifiable, i.e. we cannot identify an individual person, however in line with good practice we will only collect cookies where a visitor has given us permission to do so when entering the site.
A visitor can change their cookie preferences at any time by amending the settings in their web browser.
INAS will retain analytics information for up to 3 years from the most recent visit.
8 Data Retention
INAS takes appropriate measures to ensure that the information we hold is kept secure, accurate and up to date and kept only for so long as is necessary and for the purposes for which it is used.
When data is destroyed, it will be destroyed securely in accordance with best practice at the time of destruction.
For some legal processes and essential services (such as information regarding athlete eligibility, doping control and competition results) it is necessary for INAS to retain data indefinitely.
Information relating to officers and staff will be retained for the legally necessary period or five years after the person has left, whichever is the longer
9 Under 18-year olds
The parent/guardian’s, or the persons representative*, will normally need to give permission before INAS can hold information concerning anyone under the age of 18.
10 Informed consent
The parent/guardian’s, or the persons representative*, will normally need to give permission before INAS can hold information concerning anyone who is above the age of 18, but is without legal capacity to give informed consent.
In many cases the representative will be the INAS member organisation representative.
12 Right of access and rectification
Individuals have the right to ask for a copy of the information held (for which INAS may charge a small administration fee) and to have any inaccuracies corrected. Such requests should be made in writing to the data controller.
13 Right to be ‘forgotten’
Subject to the provisions regarding essential services described above, individuals have the right to request INAS to delete all personal information we hold about that person any time. This request must be made in writing to the data controller.
14 Changes to this policy