GDPR: Privacy Notice
BGA Privacy Notice: Questions and Answers
· What personal data does the British Go Association (BGA) collect, and what is it used for?
· What is the European Go Database?
· Who is your data shared with?
· Where does this data come from?
· Who is responsible for ensuring compliance with the relevant laws and regulations?
· Who has access to your data?
· What is the legal basis for collecting this data?
· How you can check what data we have about you?
· Does the BGA collect any “special” data?
· How can you ask for data to be removed, limited or corrected?
· How long we keep your data for, and why?
· What happens if a member dies?
· Can you download your data to use it elsewhere?
What personal data does the British Go Association (BGA) collect?
The data we routinely collect includes members’ names, addresses, email addresses and, for those aged under 21, Month and Year of Birth. We collect this data directly from our members and via our affiliated clubs.
We also store data from those contacts who have given the BGA their information, when making enquiries, registering for events or registering as potential members.
For some of our members we may have additional information such as committee memberships, teaching qualifications, or DBS checks done with your knowledge and permission. We will also keep information relating to disciplinary matters and sanctions.
Juniors are asked to provide Year/Month (but not date) of birth so that we know if they are eligible to enter age-limited events or gain concessions based on age. This information is deleted upon them attaining the age of 21.
For those who are on committees, have won prizes or awards, have represented the UK in international play, or have a biography for any other reason, we may have photographs of them. We also have more general photos and some videos of Go players where individuals are not specifically identified.
We collect the results of tournament games you play, which are used in maintaining the European Go Database and our Ratings List.
What is the European Go Database?
The European Go Database is a database of all tournament games played within Europe. It is managed by the European Go Federation, which is also subject to the GDPR (it is domiciled in the Netherlands).
The BGA submits all tournament results to the database.
The only personal data which is submitted to the database is the person's full name, grade at which they entered the tournament, country of affiliation and club. If the event is restricted in some way (e.g. by age or gender) it will be possible to deduce such additional information.
Some British tournaments use a semi-automatic tournament entry system which uses information from the European Go Database.
What is this personal data used for?
We use members’ data for the administration of your membership; the communication of information, including sending the British Go Journal to those who choose to have printed copies of it; and the organisation of tournaments and other events.
Tournament results are shared with the European Go Database. This information includes your name, current strength and affiliated club.
Your personal data is not provided by us for use by any organisations other than those indicated above, even if connected with Go.
Where does this data come from?Data for most of our members comes direct from members. You will have provided your personal data directly to us when you joined the BGA, or when you provided information to update your membership record.
Tournament results are provided to the BGA electronically by the sponsoring organisation – usually a local go club. This is normally done by uploading the results file directly from the draw program software to the BGA website. The results are also sent to the European Go Federation for inclusion in the European Go Database.
Any personal data stored in digital form is on an off-line computer, and is not accessible (even with a password) via the internet.
Our main membership database is held by the Membership Secretary, and is available to other BGA officials on a need-to-know basis.
Any other personal data is kept in the form of off-line documents (which may be hard or soft copy) stored by individual BGA Officials.
Who is responsible for ensuring compliance with the relevant laws and regulations?
Under the GDPR (General Data Protection Regulation) we do not have a statutory requirement to have a Data Protection Officer. The person who is responsible for ensuring the BGA discharges its obligations under the GDPR is the President (email President AT britgo dot org). He is responsible for maintaining a log of data breaches and notifying the Information Commissioner's Office and any members affected as necessary, in accordance with our legal obligations.
Members of Council, its constituent committees and other officials are given access to members’ data for any legitimate purpose to do with their roles as officers of the organisations or members of their committees but may not pass it on to any other organisation.
Sub-contractors of the BGA may be given access to data for specific tasks, such as mailing copies of the British Go Journal on our behalf. They are not allowed to use it for any other purpose.
What is the legal basis for collecting this data?The BGA only collects personal data that is necessary for the purposes of its legitimate interests as a membership organisation.
For some data, such as that relating to financial matters, the basis for its collection and retention is to comply with our legal obligations.
How you can check what data we have about you?
If you want to see the basic membership data we hold about you, you can request a copy from our Membership Secretary.
You can contact us with a “Subject Access Request” if you want to ask us to provide you with any other information we hold about you. If you are interested in any particular aspects, specifying them will help us to provide you with what you need quickly and efficiently. We are required to provide this to you within one month.
There is not usually a fee for this, though we can charge a reasonable fee based on the administrative cost of providing the information if a request is manifestly unfounded or excessive, or for requests for further copies of the same information.
Does the BGA collect any “special” data?
The GDPR refers to sensitive personal data as “special categories of personal data”.
We do not record any data in these categories.
How can you ask for data to be removed, limited or corrected?
There are various ways in which you can limit how your data is used.
• You could maintain your BGA membership with your correct name but with limited contact details. However, we do need to have at least one method of contacting you. You could for example simply maintain an up-to-date email address, but of course this would limit what we are able to provide you with in the way of written information, so you would not be able to get the British Go Journal in printed form or any other member benefits that require a mailing address.
• You may choose not to receive information emails from the BGA (we do not send any out on behalf of other organisations).
• You may ask that any photograph of you that appears on the website be deleted by contacting the Web-master.
How long we keep your data for, and why?
We normally keep members’ data after they resign or their membership lapses for a period of 18 months. This is because we find members sometimes later wish to re-join the Association. Data is normally deleted after 18 months. We will delete any former member’s contact details entirely at any time on request.
Since underlying statistical data, like tournament results, continues to be necessary in relation to the purpose for which it was originally collected and processed, tournament results are not deleted.
Historical ranking lists and prize lists are required for archiving purposes and names cannot be removed from them. Similarly, archived news articles, whether on the website, or in the BGA's magazines (both printed and online), will only be deleted in exceptional circumstances.
Other data, such as that relating to accounting matters, is kept for at least the legally required or recommended period – 7 years for financial transactions.
What happens if a member dies?
Members' personal data is normally deleted when we receive information that the member has died. Tournament results, and references within newsletters, etc. are not deleted. If requested by their next-of-kin to delete data we will do so on the same basis as when requested to remove data by a former member.
Can you download your data to use it elsewhere?
No
If you have any comments, please email the webmaster on web-master AT britgo DOT org.