Cancel Confirm
Shopping Bag 0 Search

Privacy Policy

SPRA Privacy Statement

We are committed to safeguarding the privacy of our membership; this policy sets out how we will treat your personal information.

What information do we collect?

You agree and consent that, in becoming a member of the Scottish Police Recreation Association, it may collect, store and use certain kinds of personal information about you.

This will include:

  • Information that you provide to us for the purpose of registering and maintaining your membership of the Association. This will include your name, SPRA number, Register/Payroll/Collar/Pension number, email address(es), physical address (home and work) and telephone number(s). It may also, subject to the type of membership and/or nature of activity undertaken by you, include your date of birth, bank details and/or gender;
  • Information that you provide to us for the purpose of purchasing goods or items from us, subscribing to our website services, email notifications and/or newsletters;
  • Information about your computer and your visits to and use of the Association website, such as your IP address, geographical location, browser type, referral source, length of visit and number of page views;
  • Information relating to any transactions carried out between you and us;
  • Any other information that you choose to send to us.

Data Use Statement

Using your personal data – Association Use

We may use your personal information to:

  • Maintain and update our internal records and administer your membership of the Association, including Lottery Membership and/or participation in our Sections;
  • Facilitate membership payment arrangements with Police Scotland/SPA payroll (or your bank);
  • Support any contract you have entered into (which is dependent upon your Association membership), (e.g. Gym or Golf Club membership);
  • Administer the Association website;
  • Facilitate provision of any goods or item you have purchased or otherwise requested via our website, on-line, office(s) and/or shop;
  • Improve the products and services we provide, with this including improving your browsing experience by personalising the website;
  • Share information with you on Association Services and/or benefits;
  • Send you email notifications (which you have specifically requested);
  • Transfer tracking information to Mailchimp to recognise if you have already been invited to subscribe to our newsletter;
  • Anonymised data may be shared with funding partners (to secure or maintain sponsorship);
  • Anonymised data may be analysed to monitor Association trends (membership and/or benefit uptake);

We will not, without your express consent, provide your personal information to any third parties for the purpose of direct marketing.

In other words, we will retain and manage your personal data, with this extending to and including payroll and/or bank details where provided, to administrate your membership and/or support any services provided by the Association, or otherwise subscribed to by you as part of your membership. This includes ensuring that you remain a member of the Association when you attempt to login to 'members-only' pages on the Association website or where you reserve services or access benefits which are dependent upon your membership of the Association.

Other disclosures

In addition to the disclosures reasonably necessary for the purposes identified elsewhere in this privacy policy, we may disclose information about you:

  • to the extent that we are required to do so by law;
  • in connection with any legal proceedings or prospective legal proceedings;
  • in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk); and
  • to Section office Bearers and/or Police Scotland/SPA to facilitate your membership of the Association or entitlement to participate in Section activities or meet any obligations arising therefrom.

Except as provided in this privacy policy, we will not provide your information to third parties.

General Data Protection Regulations (GDPR) - Lawful Basis

The requirement to have a lawful basis in order to process personal data is not new. It replaces and mirrors the previous requirement to satisfy one of the ‘conditions for processing’ under the Data Protection Act 1998 (the 1998 Act). The GDPR does however place more emphasis on being accountable for and transparent about our lawful basis for processing.

Lawful bases for processing are set out in Article 6 of the GDPR. At least one of these must apply whenever we process personal data:           

(a) Consent: the individual has given clear consent for us to process their personal data for a specific purpose.

(b) Contract: the processing is necessary for a contract we have with the individual, or because they have asked us to take specific steps before entering into a contract.

(c) Legal Obligation: the processing is necessary for us to comply with the law (not including contractual obligations).

(d) Legitimate Interests: the processing is necessary and legitimate where we use people’s data in ways they would reasonably expect and which have a minimal privacy impact, or where there is a compelling justification for the processing.

  • The SPRA operates under the lawful basis of ‘Consent’ (evidenced in permissions/acknowledgements provided by/secured from individuals as part of their initial application for membership and/or continuing subscription to / ongoing participation or receipt of Association Benefits or Services, including lottery subscriptions);
  • In specific circumstances, ‘Contract’, ‘Legal obligation’ and/or ‘Legitimate Interests’ may also apply, (for example, facilitating particular discount arrangements or corporate memberships such as Glasgow City Council Gym Club or a particular Golf club membership; according with Employment law (for SPRA staff) or other HMRC reporting requirements; recording sales transactions or sharing (marketing) information with you on Association Benefits, or processing, or publishing your data as an extension of lottery participation).

Using your personal data – Section Use

If you choose to become a member of an SPRA Section, the Section will collect certain information about you. This will include your name, SPRA number, email address, physical address and telephone number(s). They may also, subject to the nature of activity undertaken, require your date of birth and/or gender any affiliated club(s) that you are a member of, or coaching or officiating licenses you hold. This collection is separate to any information you have shared as part of becoming a member of the Association and is held by the Section.

Such information is collected under the lawful basis of ‘Consent’, although in specific circumstances, ‘Contract’, 'Legal Obligation' or ‘Legitimate Interests’ may also apply, (for example, facilitating Governing body memberships or affiliation fees).

The Section will retain and manage your information to administrate your membership of that Section. In this regard, their use of your data is likely to include the following activities:

Training and competition entry

-      Sharing data to validate your Association membership status (& any funding entitlement);

-        Sharing data with section/club coaches or officials to administer training sessions (where required as a condition of participation or to meet Health & Safety, etc);

-      Sharing data with team managers to enter events (where required as a condition of entry);

-      Sharing data with facility providers to manage access to the facility or check delivery standards;

-      Sharing data with leagues, associations and other competition providers for event entry purposes (where required as a condition of entry).

Funding and reporting purposes

-       Anonymised data may be shared with funding partners (to secure or maintain sponsorship);

-      Anonymised data may be analysed to monitor Section trends.

Membership and Section management

-      Processing section membership and/or event forms and/or payments;

-      Validation of Association and/or Section membership;

-      Sharing data with SPRA and Section members to provide information about club activities, awards, membership renewals and/or invitations to competition  and social events;

-      Publishing of race and competition results;

-      Website management and social media access.

Marketing and communications 

-        Sending information about promotions and offers from sponsors/other;

-        Sending Association and/or Section newsletters.

Controlling information about you

When you fill in a form or provide your details on our website, you will see one or more options allowing you to opt-in to receive marketing communications from us by email, telephone, text message or post.

If you have agreed that we can use your information for marketing purposes, you can change your mind easily, via one of these methods:

  • Sign in to our website and change your opt-in settings
  • Unsubscribe to our emails through the Unsubscribe button at the bottom of our emails

We will never lease, distribute or sell our mailing list or your personal information to third parties. Any personal information we hold about you is stored and processed under our data protection policy, in line with the Data Protection Act.

Security of your personal data

We will always hold your information securely.

To prevent unauthorised disclosure or access to your information, we have implemented strong physical and electronic security safeguards.

We also follow stringent procedures to ensure we work with all personal data in line with the Data Protection Act.

Transferring information outwith the European Economic Area (EEA)

If you book and/or otherwise our facilities at Lochinch Sports Pavilion, in addition to using our own systems, we are likely to record your information using a third-party booking software.

Data receiver

SPRA have subscribed to a commercial supplier – ‘Skedda’ – to support this aspect of our operations. Skedda have entered into a data-processing agreement with Microsoft to ensure that international data transfers and processing are done in accordance with the GDPR requirements.

Country or countries to which your data is to be transferred

The "main" hosting provider for Skedda is Microsoft ("Azure"), who operate with resources located outside of the EEA, in the USA and in Singapore.

Why we need to make a ‘restricted transfer’

These systems, by their nature, tend to be ‘cloud-based’ and as such may be hosted outwith the EEA. The recording of such information in this manner is therefore technically a ‘restricted transfer’ of information outwith the EEA. Further information regarding their operations can be found at www.skedda.com.

What type of data will be ‘transferred’?

Only such information as is required to support your booking will be recorded and/or subject to ‘transfer’. This may include your name (as provided to us), your contact details (and/or those of any organisation which you represent) and the timings of any booking and the services sought by you during the period of that booking.

Skedda specifically limit the retention periods for certain types of information as follows:

  • Booking audit logs (concerning the users responsible for creating, updating, charging and deleting bookings): maximum of 90 days
  • Booking information (concerning the storage of the actual booking information like scheduled time, holder, price, title and notes) made for your Associated Venues: maximum of seven years past the booking conclusion time
  • Server and analytics logs: maximum of 90 days
  • Database backups: maximum of 35 days

Your right to withdraw consent

As part of booking our facilities at Lochinch, you provide the Association with explicit consent to manage your information in the above manner. You may withdraw that consent, in which event the Association will take appropriate action. It may also decline to accept and/or continue to process your booking

Possible risks

You require to recognise that your data is being ‘transferred’ to a country outwith the EEA. Skedda have entered into a data-processing agreement with Microsoft to ensure that international data transfers and processing are done in accordance with the GDPR requirements.

The Association considers the use of this product, related agreements and consequent data transfer necessary to safeguard your legitimate interests as a data subject.

(ICO – International Transfers: Checklist: Appropriate Safeguards)[ https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/international-transfers/#]

Such a transfer is only made consequent to you explicitly agreeing to same (as an extension of our Terms & Conditions of such areservation).

Policy amendments

We may update this privacy policy from time-to-time by posting a new version on our website. You should check this page occasionally to ensure you are happy with any changes.

Your Rights

Your rights in relation to your personal information are:

  • You have a right to request access to the personal information that we hold about you by making a ‘subject access request’;
  • If you believe that any of your personal information is inaccurate or incomplete, you have a right to request that we correct or complete your personal information;
  • You have a right to request that we restrict the processing of your personal information for specific purposes; and
  • If you wish us to delete your personal information, you may request that we do so.

You can exercise these rights by writing to us at spra@sprapol.co.uk

Any requests received by the SPRA will be considered under applicable provisions of the Data Protection Act. If you remain dissatisfied, you have the right to complain to the Information Commissioner’s Office. www.ico.org.uk

Updating information

You can update your personal information by contacting our office or via the ‘My Account’ Section of the website. These details will be transferred to our secure members’ database with only limited information held on the SPRA website.

How long will we keep your personal information?

We will only keep your personal information for as long as is necessary to provide you with membership services and maintain our organisational recordset. Unless you ask us not to, we will delete your membership details 6 years after you cancel your membership.

We will keep certain personal information in order to confirm your identity and any dealings we had when you were a member of the Association. We need to do this in the event of a claim being raised against the Scottish Police Recreation Association. 

 

SPRA Website Privacy Policy

We are committed to safeguarding the privacy of our website visitors; this policy sets out how we will treat your personal information.

What information do we collect?

We may collect, store and use the following kinds of personal data:

  1. Information about your computer and about your visits to and use of this website, such as your IP address, geographical location, browser type, referral source, length of visit and number of page views
  2. Information relating to any transactions carried out between you and us on or in relation to this website, including information relating to communication you make with us via this web site
  3. Information that you provide to us for the purpose of registering with us
  4. Information that you provide to us for the purpose of subscribing to our website services, email notifications and/or newsletters
  5. Any other information that you choose to send to us.

What is a cookie?

A cookie is a small file placed on your computer's hard drive. It enables our website to identify your computer as you view different pages on our website.

Cookies allow websites and applications to store your preferences in order to present content, options or functions that are specific to you. They also enable us to see information like how many people use the website and what pages they tend to visit.

How we use cookies

We may use cookies to:

  • Analyse our web traffic using an analytics package. Aggregated usage data helps us improve the website structure, design, content and functions.
  • Identify whether you are signed in to our website. A cookie allows us to check whether you are signed in to the site.
  • Test content on our website. For example, 50% of our users might see one piece of content, the other 50% a different piece of content.
  • Store information about your preferences. The website can then present you with information you will find more relevant and interesting.
  • To recognise when you return to our website. We may show your relevant content, or provide functionality you used previously.

Cookies do not provide us with access to your computer or any information about you, other than that which you choose to share with us.

Controlling cookies

Most browsers allow you to refuse to accept cookies. (For example, in Internet Explorer you can refuse all cookies by clicking Tools, Internet Options, Privacy, and selecting Block all cookies using the sliding selector.) This will, however, have a negative impact upon the usability of many websites. We use Google Analytics to analyse the use of this website. Google Analytics generates statistical and other information about website use by means of cookies, which are stored on users' computers. The information generated relating to our website is used to create reports about the use of the website. Google will store this information. Google’s privacy policy is available at: http://www.google.com/privacypolicy.html.

Using your personal data

Personal data submitted on this website will be used for the purposes specified in this privacy policy or in relevant parts of the website. We may use your personal information to:

  1. Update our internal records
  2. Administer the website
  3. Improve the products and services we provide
  4. Improve your browsing experience by personalising the website
  5. Send you email notifications which you have specifically requested
  6. Deal with enquiries and complaints made by or about you relating to the website. We will not, without your express consent, provide your personal information to any third parties for the purpose of direct marketing

Other disclosures

In addition to the disclosures reasonably necessary for the purposes identified elsewhere in this privacy policy, we may disclose information about you:

  1. to the extent that we are required to do so by law;
  2. in connection with any legal proceedings or prospective legal proceedings;
  3. in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk); and
  4. to the purchaser (or prospective purchaser) of any business or asset which we are (or are contemplating) selling. Except as provided in this privacy policy, we will not provide your information to third parties.

Controlling information about you

When you fill in a form or provide your details on our website, you will see one or more options allowing you to opt-in to receive marketing communications from us by email, telephone, text message or post.

If you have agreed that we can use your information for marketing purposes, you can change your mind easily, via one of these methods:

  • Sign in to our website and change your opt-in settings
  • Unsubscribe to our emails through the Unsubscribe button at the bottom of our emails

We will never lease, distribute or sell our mailing list or your personal information to third parties.

Any personal information we hold about you is stored and processed under our data protection policy, in line with the Data Protection Act 1998.

Security of your personal data

We will always hold your information securely.

To prevent unauthorised disclosure or access to your information, we have implemented strong physical and electronic security safeguards.

We also follow stringent procedures to ensure we work with all personal data in line with the Data Protection Act 1998.

Policy amendments

We may update this privacy policy from time-to-time by posting a new version on our website. You should check this page occasionally to ensure you are happy with any changes.

Third party websites

The website contains links to other websites. We are not responsible for the privacy policies or practices of third party websites.

Updating information

You can update your personal information in the ‘My Account’ Section of the website. This will be transferred to our secure internal members’ database with only limited information held on the SPRA website.

Contact

​If you have any questions about this policy or our privacy or data use statement, or treatment of your personal data, please write to us by: email to spra@sprapol.co.uk or by post to SPRA Office, Baird St Police Office, 6 Baird St, Glasgow, G4 0EZ