Join British Cycling

Data Privacy

Team Milton Keynes data privacy policy document – Version 2 approved at Teammk Committee 30 September 2018


This document sets out the overview club policy on managing member’s data privacy and will be published on the website.

1.  Control of members’ data

Team Milton Keynes is not a Data Controller but is a Data Processor on behalf of British Cycling as the data Controller.  The club policy for managing data is therefore based on the requirements of a Data Processor.  

2.  How members’ data is stored

The Team Milton Keynes membership system used is hosted and system managed by British Cycling so that the club has on-line access to members’ data files.  Club members consent to their data being used by the club as part of the membership application process via the British Cycling system.    Some members’ data is currently held on computer systems and paper files by individual officials and administrators with authority to use members’ data.    

3.  How member’s data is used

The club will only use member’s data for the purpose of operating club activities to inform members of club events, training sessions, distribute club Newsletters and for managing individual membership processes.

4.  Reporting and sharing results and participation

Club member information may be shared on the club website, social media pages or in emails sent by the club. This data will only be shared in the event that either they are a club volunteer, have participated in a race or challenge event or have recorded a major achievement. This data will be limited to their name, race results (if applicable) and details of achievement.  Limited further information may be included; for example participation in a juniors’ race or a women’s race.

5.  Access to member’s data

The club will maintain a list of club officials and administrators that have access to member’s data to operate club activity.  This list will be reviewed and agreed by the club committee annually.

6.  Application of club policy

All club officials and administrators with access to members’ data will be required to sign a policy schedule confirming how data may be used and managed to adhere to club Data Privacy policy

7.  Marketing communications

The club will not supply any members’ data to any other organisations for marketing communications.

8.  Consent for Children

The club will maintain records of parental consent for participation in club activities in accordance with the national organisation guidelines, British Triathlon, Cycling Time Trials and British Cycling

9.  Retention Policy

Members’ records will be retained for 12 months after they leave the club unless there have been any disputes between the member and the club.  In the case of a dispute a member’s record will continue to be retained for the time needed to conclude any dispute.  This applies to all paper as well as digital data.

10.  Medical Records

The club will hold medical records for children as noted on parental consent forms.  These are used to refer to in the event that a child has a medical condition.

11.  Removal of data

The club will put in place a procedure and method of secure destruction of data records.  This applies to paper and digital records.  The club will appoint a confidential shredding company to collect paper data.

12.  Storage of data

Club Officials with access to members’ data will be required to adhere to secure storage methods for both digital and paper records.  The club will put in place a fully digital based record system to replace all paper records.

13.  Asset Data Register/ Log

A register will be maintained of what data is held by individual officials and for what uses.  The register will be reviewed by the committee annually.

14.  Subject Access Requests

A process for enabling members to submit and fulfil requests for personal data held will be created and published. 

15.  Club Forum

The club will operate a closed Forum which club members over the age of 18 can access.  Access links for the Forum are sent to members as they join and will be removed within seven days of non-renewal of membership.  Members should be aware that they may be mentioned by other members in Forum posts.  All Forum posts will be regularly reviewed.  Any posts that are considered inappropriate will be deleted.  


1.  List of club officials with approval to access data and the reason for access.  To do

2.  Guidelines for officials and administrators for managing and secure handling of members’ data.  To do

3.  Procedures for secure destruction of data – To do

4.  Asset register/ log for data – To do.

5.  Subject Access Requests procedure – To do

Road Map to implement





Target date to complete


Data Privacy Plan

Create implementation plan


Approved by Teammk Committee 30/9/2018




Club Policy

Agree policy document and publish on

Approved by Teammk Committee 30/9/2018





Set up Data Privacy page





Data register

Maintain a register of data held by officials

First survey undertaken.  Update again and approve



Club Access

List officials with access to data

First survey undertaken.  Update again and approve




Create data handling guidelines

To do



Data Destruction

Procedures for managing data destruction

To do



Subject Access Requests

Procedure for members to request details of data held

To do



Cloud Storage

Set up storage facility and create plan to move all records to the cloud file

To Do