General Data Protection Regulation information (GDPR)

This page contains information relating to the introduction of the General Data Protection Regulation (GDPR) on 25th May 2018. It continues to be expanded, with further documents added and existing documents updated as necessary. The purpose of the GDPR is to provide a set of standard data protection laws across the EU, making it easier for you to understand how your data is being used and to give you greater control over its use. The EBU undertakes to collect and use your personal data in compliance with the GDPR. We use this data for the administration of your membership, the communication of information and the organisation of events. We only share your contact details with English Bridge Education & Development (EBED) and your county of affiliation; we provide a minimal amount of data for use by scoring programs to ensure that they correctly identify members. The below documents and policies (which will be expanded in the coming weeks) give further information. If you have any further queries please contact EBU General manager, Gordon Rainsford - gordon@ebu.co.uk.

Communication with members

• Letter in April English Bridge magazine (also circulated by post to members without an email address, and who did not receive the magazine
• Email to all members (sent 27/4/18)

Clubs are welcome to use the content of either of these, and incorporate it into any emails they circulate to their members.

EBU Policy

• EBU Privacy Policy (updated 20/4/2020 to include information about members’ online player names) - PDF version; webpage

EBED Privacy Policy

Data processor and data controller arrangements

• List of changes to documents (added 14/3/19)
• Information about contracts for clubs and counties (updated 8/3/2019)
• Terms of affiliation including data processing agreement (updated 14/3/2018)

Information/documents for clubs/counties

• Information on Data Protection for Clubs and Counties (updated 14/3/2019)
• Simplified action list for Clubs - thanks to Sandra Nicholson, Summertown BC for sharing this (added 9/5/18)
• Club privacy policy notice - template (updated 7/3/2019)
• County privacy policy notice - template (updated 7/3/19)
• Club membership joining form - template (updated 25/4/18)
• Information on 'Personal data security breaches'; Personal data security breach log
• Should your club or county register with the ICO? Check on their website
• Information on 'consent' (added 6/2/18)
• Information on 'legitimate interests'; 'Legitimate interests' assessment (both added 26/3/18)
• CCTV information and template - from the Sport & Recreation Alliance (added 18/5/18)
• Questions & answers (added 7/2/18, updated 18/5/18)

Please note that the data protection regulations may differ slightly in the Channel Islands and the Isle Man. They will mostly be similar, but will be overseen by different bodies (i.e. not the ICO). Please seek advice as necessary from the relevant body.

General information

• Information Commissioner's Office (ICO) guide to the GDPR
• ICO information on contracts between Data Controllers and Data Processors
• ICO GDPR guidance: Consent (added 28/2/18)
• ICO's guide to encryption

All documents added prior to 29/1/18 (when clubs were first contacted by email about the GDPR) except where stated