REALSPORT DATA PROTECTION CODE OF PRACTICE FOR USERS
KEEPING YOUR RECORDS
RealSport complies with the Data Protection Act 1998 and this policy describes our procedures for ensuring that personal information about users is processed fairly and lawfully.
What personal data do we hold?
If you subscribe to RealSport, We need to hold personal information about you, in our CRM System operated and controlled by Mooloop Ltd.. This personal data includes:
- Personal details such as your name, your age, your address, telephone number, and other information you provide to us
- Information that we have provided or proposed to provide to you
- Details of promotional information and target advertising based upon your likes, hobbies, and interests
Why do we hold information about you?
Our CRM system keeps comprehensive and accurate personal data about you in order to provide you with offers and promotions of our own, which best suit your tastes, and to provide to other like-minded associates of ours who can offer you similar or other such goods and services which best suit your tastes, so long as you consent to the same.
How do we process the data?
We will process personal data that we hold about you in the following way:
Our CRM system will retain your personal data and information about you after you cease to be a user of our services, for at least 6 years.
Security of information:
Personal data about you is held in the Zoho CRM system, in a virtual cloud space, and/or in a manual filing system. The information is not accessible to the public. Only authorised members of staff, maintenance and audit technicians with appropriate confidentiality agreements, have access to it under the supervision of the Controller. Our computer system and virtual cloud space has secure audit trails and we back up information routinely.
Disclosure of information:
Disclosure will take place on a ‘need to know’ basis, so that only those individuals/organisations who need to know in order to provide you with target-based goods and services to your taste, will be given such information, should you consent to the same. Only that information that the recipient needs to know will be disclosed.
In very limited circumstances or when required by Law or a Court Order, personal data may have to be disclosed to a 3rd party. In all these situations, disclosure that is not covered by this Code of Practice will only occur when we have your specific consent.
Where possible you will be informed of these requests for disclosure.
You have the right of access to the data that we hold about you and to receive a copy. Access may be obtained by making a request in writing and the payment of a fee for access of up to £10 (for records held on computer) or £50 (for those held manually or for computer- held records with non-computer radiographs). We will provide a copy of the record within 40 days of receipt of the request and fee (where payable) and an explanation of your record should you require it.
If you do not agree
If you do not wish personal data that we hold about you to be disclosed or used in the way that is described in this Code of Practice, please notify the Controller. You have the right to object.
Security Policy & Privacy
We take appropriate technical and organisational measures to protect against unauthorised or unlawful processing of your personal information, including encrypting your information to applicable industry standards.
During your visit to our site we may gather certain personal information that is necessary to set up your account, for the purposes of billing, delivery of your goods and queries. We only keep your information for as long as is necessary to process your order, process any applicable refunds, respond to any complaints/feedback or to provide you with promotional information you have subscribed to.
Ordinarily we do not have access to your financial information which is securely transferred directly to our card processing agents and who process it on our instructions.
We supply your information electronically to our couriers who need your details to deliver your orders
When you register your details with us, you have the option to subscribe to future promotions and special offers. You may unsubscribe from this by pressing the unsubscribe button.
We do not transfer your information outside the European Economic Area (“EEA”) unless you are a user located outside the EEA in which case we may need to transfer your information to deliver your goods, process payment/refunds, or to send you promotional information you have subscribed to.
Our website can recognise past users by using cookies. Cookies personalise your visits to our website to meet your individual preferences. You can disable cookies by adjusting your internet settings.
This Website contains links to other websites with their own privacy policies, we are not responsible for the privacy policies of these websites.
When you supply your information to us you accept the risks associated with the Internet and will not hold us responsible for any loss of your information unless we have breached our duty of care to you.
RealSport INFORMATION SECURITY POLICY:
All Staff employment contracts contain a confidentiality clause
Access to personal data is on a ‘need to know’ basis only. Access to information is monitored and breaches of security will be dealt with swiftly by JumpLead who is a Controller for the purposes of the Data Protection Act 1998
We have procedures in place to ensure that personal data is regularly reviewed, updated and deleted in a confidential manner when no longer required.
- Physical security measures
Personal data is only taken away from our registered offices and trading address (‘the premises’), in exceptional circumstances and when authorised by the Controller. If personal data is taken from the premises it must never be left unattended in a car or in a public place.
Records are kept in a lockable fireproof cabinet, which is not accessible to anyone other than the Controller
Records are also kept in a secure passworded virtual space, only accessible by the Controller, Administrators, and Maintenance parties under Support Agreements with suitable confidentiality agreements
Efforts have been made to secure the premises against theft with the use of intruder alarms, CCTV, lockable windows, and doors.
There is in place a continuity plan in case of a disaster. This includes procedures set out for protecting and restoring personal data
- Information held on computer
Appropriate software controls are used to protect computerised records, for example the use of passwords and encryption. Passwords are only known to those who require access to the information, are changed on a regular basis and are not written down or kept near or on the computer for others to see
Daily and weekly back-ups of computerised data are taken and stored in a fireproof container, off-site. Back-ups are also tested at prescribed intervals to ensure that the information being stored is usable should it be needed.
Staff using computers either in or off of the premises will undertake computer training to avoid unintentional deletion or corruption of information
Precautions are taken to avoid loss of data through the introduction of computer viruses.
This statement has been issued to existing staff with access to personal data at or off-site the premises, and will be given to new staff during induction. Should any staff have concerns about the security of personal data within the practice they should contact the Controller.