The purpose of this document

The International Tang Soo Do Federation (UK) is committed to protecting the privacy and security of your personal information. This privacy notice describes how we collect and use personal information about you in accordance with data protection law, including the General Data Protection Regulation (GDPR) and the Data Protection Act (DPA) 2018.

 

The ITF (UK) is a data controller. This means that we are responsible for deciding how we hold and use personal information about you.

 

We are required under data protection legislation to notify you of the information contained in this privacy notice. It is important that you read this notice, together with any other privacy notice that is provided on specific occasions when we are collecting or processing personal information about you, so that you are aware of how and why we are using your information.

 

The ITF (UK) will only share your information with third parties where we are legally allowed to do so.

 

Data protection principles

We’ll comply with data protection law. This says that the personal information we hold about you must be:

  1. Used lawfully, fairly and in a transparent way.
  2. Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
  3. Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
  4. Accurate and kept up to date.
  5. Kept in a form that identifies you for only as long as necessary for the purposes we have told you about.
  6. Kept securely.

 

The kind of information we hold about you

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

There are special categories of more sensitive personal data which require a higher level of protection.

We process data about:

  • customers and clients
  • suppliers and service providers
  • advisers, consultants and other professional experts
  • complainants and enquirers
  • agents and representatives
  • relatives, children, guardians, dependents and associates
  • offenders and suspected offenders
  • Officers and volunteers

We collect, store and use the certain categories of personal information about you such as:

  • personal contact details such as name, title, addresses, telephone numbers, and personal email addresses
  • gender
  • date of birth
  • details of declared medical conditions that impact strenuous physical activity

We’ll also collect, store and use certain special categories of more sensitive personal information such as information about criminal convictions, allegations and offences, where relevant in relation to our functions.

How your personal information is collected

We collect personal information directly from you in circumstances such as:

  • when you register for membership
  • when you make an application to test
  • when you apply for a DBS check
  • when you register for tournaments or any other officially sanctioned Federation event
  • whenever you contact us

 

How we use your information

We’ll only use your personal information when the law allows us to. Most commonly, we’ll use your personal information where:

  • we need to comply with a legal obligation
  • it’s necessary for the performance of a task carried out in the administration of the Federation
  • it’s necessary for the purposes of the prevention, investigation, detection or prosecution of criminal offences

In some circumstances we’ll ask you for your consent to use your personal information, but your consent is not required if any of the above apply.

 

Situations in which we’ll use your personal information

We need all the categories of information to enable us to carry out our administrative functions. However, we’ll only collect and use your personal data when it is necessary to do so for the purposes of one or more of our functions.

We’ll also process your personal data in the following circumstances:

  • when carrying out any of our lawful functions
  • to check the data we hold about you is accurate and up to date
  • to help us confirm your identity when you contact us or access our services
  • to provide and improve services to you
  • to produce statistics
  • to conduct research which benefits our functions
  • to contact you in relation to our functions and activities

 

How we use particularly sensitive personal information

Special categories of particularly sensitive personal information require higher levels of protection. We need to have further justification for collecting, storing and using this type of personal information.

We will, if necessary, process special categories of personal information in the following circumstances:

  • where we need to carry out our legal obligations and it is in line with our data protection policy
  • where it is in line with our data protection policy, it is substantially in the public interest to do so and necessary for:
    • performing our functions
    • the prevention, investigation, detection or prosecution of criminal offences
    • preventing or detecting unlawful acts
  • where we have your explicit consent to do so - we do not require your explicit consent where any of the above apply

 

Information about criminal convictions

We’ll only use information relating to criminal convictions or alleged criminal behaviour where the law allows us to do so. This can arise when it is necessary for us to carry out our official functions.

We’ll only collect information about criminal convictions or allegations of criminal behaviour where it is appropriate and where we are legally able to do so.

We’re allowed to use your personal information in this way where it is in line with our data protection policy.

 

Data sharing

We will, in some circumstances and where the law allows, share your data with third parties, including:

  • third-party service providers
  • public authorities and law enforcement agencies both in the UK and overseas
  • overseas parent / affiliates
  • insurance providers
  • other financial institutions

We’ll also share your data with other persons with your consent when you authorise us to do so, such as organisers of external tournaments / events. We require third parties to respect the security of your data and to treat it in accordance with the law.

We will in some circumstances transfer your personal information outside the EU. If we do, we’ll seek to ensure a similar degree of protection in respect of your personal information.

 

When we may share your personal information with third parties

We’ll share your personal information with third parties where:

  • required or allowed by law
  • you authorise us to do so
  • it is necessary for the performance of our functions

We’ll also share your personal information with the police and other law enforcement agencies where it’s necessary to do so for the prevention, investigation, detection or prosecution of criminal offences, and trading standards and other regulatory authorities when it is necessary for the purposes of their regulatory functions.

This will, in some circumstances, involve sharing special categories of personal data and, where relevant, data about criminal convictions or allegations.

 

Use of third-party service providers

We use or work with contractors and other third-party service providers who will process personal data on our behalf.

 

Those third parties are usually our data processors and can only process your personal data on our instructions or with our agreement.

 

The security of your data with third-party service providers

All our third-party service providers are required to take appropriate security measures to protect your personal information in line with our policies.

 

We do not allow our third-party service providers to use your personal data for their own or other purposes.

We only permit them to process your personal data for specified purposes and in accordance with our instructions or with our agreement.

 

Transfer of information outside the EU

The ITF (UK) is an affiliated body of the International Tang Soo Do Federation based in the USA. When relevant and necessary we’ll transfer the personal information we collect about you outside the EU for those purposes.

When we do so we’ll ensure that we’ll meet our obligations under the GDPR and DPA2018.

 

Data security

We have put in place measures to protect the security of your information.

 

Our third-party service providers will only process your personal information on our instructions or with our agreement, and where they have agreed to treat the information confidentially and to keep it secure.

 

We treat the security of your data very seriously. We have strict security standards, and all our officers and other people who process personal data on our behalf get regular training about how to keep information safe.

We have put in place appropriate technical, physical and managerial procedures to safeguard and secure the information we collect about you.

 

In addition, we limit access to your personal information to those persons who have a business or legal need to do so.

 

We have taken measures to ensure an adequate level of security for personal information processed via our website.

 

We have put in place procedures to deal with any suspected data security breach and will notify you and the regulator of a suspected breach where we are legally required to do so.

 

Data retention

How long we’ll use your information

We aim to retain your personal information for only as long as it is necessary for us to do so for the purposes for which we are using it.

 

In some circumstances we’ll anonymise your personal information so that it can no longer be associated with you, in which case we will use such information without further notice to you.

 

Rights of access, correction, erasure, and restriction

You have a number of rights in relation to the processing of your personal information by the ITF (UK). These are outlined below.

 

Your responsibility to inform us of changes

It is important that the personal information we hold about you is accurate and current. You need to keep us informed if your personal contact information changes.

 

Your rights in connection with personal information

Under certain circumstances, by law you have the right to:

  • request access to your personal information (commonly known as a subject access request) - this enables you to know what personal information we hold about you and to check that we are lawfully processing it.
  • request correction of the personal information that we hold about you - this enables you to have any incomplete or inaccurate information we hold about you corrected
  • request erasure of your personal information - this enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. This does not apply where we are legally obliged to process your personal information or where the processing is necessary for performing our functions. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing
  • object to processing of your personal information where you have grounds to object which relate to your particular situation, in which case we will stop processing the personal data unless we can demonstrate compelling legitimate grounds for the processing, which override your interests, rights and freedoms
  • request the restriction of processing of your personal information - this enables you to ask us to suspend the processing of personal information about you, for example if you want to establish its accuracy or the reason for processing it

We do not have to comply with your requests to the extent that they are likely to prejudice the prevention or detection of crime, the apprehension or prosecution of offenders.

We can also restrict those rights when we are conducting a criminal investigation and it is a necessary and proportionate measure to avoid obstructing an official or legal inquiry, investigation or procedure, or avoid prejudicing the prevention, detection, investigation or prosecution of criminal offences or the execution of criminal penalties.

 

No fee usually required

You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we are allowed under the law to charge a reasonable fee if your request for access is manifestly unfounded or excessive. Alternatively, we can refuse to comply with the request in such circumstances.

 

What we need from you

We sometimes need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights).

This is another appropriate security measure to ensure that your personal information is not disclosed to any person who has no right to receive it.

 

When the ITF (UK) will respond to a request

We’ll act upon the request without undue delay and at the latest within one month of receipt. We may extend the time to respond by a further 2 months if the request is complex or we have received a number of requests from the same person.

 

However, in those circumstances we will let you know without undue delay and within one month of receiving your request and explain why the extension is necessary.

 

If you wish to exercise your rights in connection with personal information, other than to make a subject access request, you should contact your instructor or any Federation officer.

 

Right to withdraw consent

We usually process personal data because we are required to do so because it’s necessary for the purposes of our functions.

 

In the circumstances where you have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time.

 

We’ll have told you how to withdraw your consent when you provided it and you should follow that process. If not, contact the Federation’s Data Protection function specifying how and when you provided your consent, and for what purpose.

 

Once we’ve received notification that you have withdrawn your consent, we’ll no longer process your information for the purpose or purposes you originally agreed to, unless we have another legal basis for doing so in law.

 

Contact the ITF(UK) or make a complaint

The Federation does not have an appointed a Data Protection Officer to oversee compliance with its data protection obligations but it is managed by the senior officials. If you have any questions about this privacy notice or how the ITF (UK) handles your personal information, contact us at CustomerServices@tangsoodo.uk or consult with your class instructor.

 

You also have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues.

 

Contact the ICO

You can contact the Information Commissioner:

Alternatively, you can write to:

 

The Information Commissioner 
Wycliffe House 
Water Lane 
Wilmslow 
Cheshire 
SK9 5AF 

 

The Information Commissioner’s website has more information about data protection and your rights.

 

Changes to the privacy notice

We keep our privacy notices under regular review. If there are any changes we will update this page to tell you, for example, about any new uses of personal data.

 

Check this page to make sure you are aware of what information we collect, how we use it and the circumstances we may share it with other organisations. From time to time, we may also tell you in other ways about the processing of your personal data.

 

This privacy notice was last updated on 1st August 2019.