/TRI CLUB DENMARK'S PRIVACY, COOKIE & GDPR POLICY
In light of the new EU law on the General Data Protection Regulation (GDPR), also called the Personal Data Regulation in Danish, /tri club denmark has prepared this website so that you, as a member (or prospective member), can see how we handle and collect data about you . The personal data regulation formally enters into force on 25/05/2018 and covers all companies and associations. The law entails regulations which must act as a safeguard against data leaks and misuse of personal information. They focus in particular on access to and use of data and information that can potentially identify individuals, and include more specifically:
The laws are quite comprehensive, even for smaller associations, like /tri club denmark. We have tried with this page to explain how we as a club collect, register, systematize, store, use, pass on, merge and delete data on the entire club's IT setup:
It is important to understand the distinction between common personal data, and personal data with a higher degree of protection. /tri club Denmark only has personal data with a higher degree of protection in terms of Child certificates, which only the board has access to. Child certificates contain, among other things, CPR number and any criminal circumstances, which must be treated with extra caution.
Note that we at /tri club denmark are also members of Nordhavn IF, where we share a clubhouse with several other clubs. Here we use a central locking and administration system (NOX), where we store the following data below (as long as you are a member – in other words, the data below is removed when you are no longer a member of /tri club denmark):
*All log files are encrypted with 256-bit AES encryption between central and client. The log files contain who logged in, and changes to states in the system (connections/disconnections, etc.) as well as any changes by users. Log files are used for statistical purposes, as well as to secure the club's facilities against theft, against abuse, against theft, etc. A maximum of 100,000 can be stored. log lines which are deleted in a first in/first out principle. If a club member wishes, we can delete all 100,000 entries (it cannot be deleted for the individual user separately). We refer to the NOX GDPR section for further clarification: GDPR Compliance in NOX (page 11)
DATA PROCESSING AGREEMENT
The Danish Triathlon Federation has ordered all triathlon clubs to use Klubmodul to register their members in. When you register as a /tri club denmark member, it takes place in Klubmodul, with name, address, phone number, payment card information, etc. As the club uses an external partner, there is a data processing agreement between /tri club denmark (Data controller) and Klubmodul (Data processor). /tri club denmark synchronize data (username, password, name) in the club's WordPress solution, which runs the website www.tri-club.dk.
Like many websites, we use "cookies" to collect information. A cookie is a small data file that we transfer to your computer's hard drive for registration purposes. We can use both "session" cookies and "persistent" cookies on the website. Session cookies will be deleted from your computer when you close your browser. Persistent cookies remain stored on your computer until deleted or until they reach a specific expiration date. We use session cookies to see which pages you visit on the website and to prevent fraud and increase website security. We use persistent cookies to be able to recognize you when you visit the website and to keep track of your preferences in relation to your use of our website.
/tri club denmark can easily register its members in a member register. The individual member has the right to access information about himself. Membership lists must not be published on the association's website, but the association's own members must know the membership list.
MANAGERS AND COACHES
/tri club denmark can register its managers and coaches with the necessary information. Information about managers and coaches can be processed, regardless of whether they are paid or unpaid. Employment contracts, CPR numbers, salary information, bank accounts, etc. can be processed. This can be done without consent, because the regulation provides specific processing authorization for this. Some of the information is sensitive, so it should be treated with care. This applies in particular to the CPR number (see next section). Managers and trainers must be informed about the treatment in connection with employment. The association can put an overview of managers and coaches on the website.
SOCIAL SECURITY NUMBER
The association may not register the CPR number of its members, but can easily register the date of birth. For managers and coaches, the CPR number can be processed when necessary in relation to tax legislation and when obtaining child certificates.
Child certificates must be obtained for coaches and managers who deal with children and young people under the age of 15. The association can keep the documentation that a child certificate has been obtained as long as the person in question works for the association. This must be disclosed
towards the person concerned. Child certificates with annotations must be forwarded to the main organisations. The main organizations have published special guidance on processing child certificates, which can be found on DIF's and DGI's website. See more in this guide on how child certificates must be processed.
/tri club denmark does not need consent to process necessary information about members, managers and coaches. On the other hand, it may be necessary when it concerns information with a higher degree of protection, such as e.g. child certificates. It may also be necessary if the association wants to be allowed to process information after it would otherwise have been deleted.
THE SPORTS ACTIVITIES
/tri club denmark can process information about the members' participation in the sports activities, including exchanging the information with the organization responsible for the tournament or meeting - the regional association, the special association or other tournament officials. The association can also publish its own team lineups and can publish lists of participants in competitions that the association organizes itself.
PHOTOS ON THE WEBSITE
Some images may be published on the /tri club denmark website, others may not. General situation pictures from the sports activities and from the association's social life can, as a rule, be freely posted on the website without consent. Even if the individual people can be recognised. However, if a situation picture can expose or offend a person, the publication requires consent. It can, for example, be the case with pictures from a club party where two people kiss each other.
According to the Bookkeeping Act, /tri club Denmark must keep accounting documents for 5 years from the end of the financial year to which the document relates. This applies, for example, to salary voucher and voucher on paid cost reimbursement.
Health information is sensitive information. This applies, for example, to information that an athlete suffers from asthma or has a cruciate ligament injury. As a rule, /tri club denmark may only process such information with consent, and the information must be deleted immediately when it is no longer necessary. For coaches, relevant health information may be processed pursuant to the employment contract.
TRANSFER TO SPONSORS AND OTHER COMPANIES
/tri club denmark may not pass on member information to a private company that would like to market products to the association's members. Such disclosure will require the consent of the individual member. As a sports association, we also do not send marketing material on behalf of a company to members without each individual member having given their consent in advance. However, we will advertise products through newsletters, Facebook, YouTube, Twitter or in another way in electronic form, without consent.
DELETION OF INFORMATION
/tri club denmark may only store personal data as long as it is relevant, seen in relation to the original factual purpose of having the information. As the data controller, we therefore have the option on an ongoing basis to delete the information that no longer serves the original factual purpose. Information about membership of the association can be stored for administrative reasons for up to 1 year after termination of membership. General information about unpaid coaches and managers can similarly be stored for up to 1 year after the person in question has ceased to work. Relevant information about paid coaches for follow-up and the determination of any claims can always be saved for 5 years after resignation. However, information about sports participation and achievements as well as leadership positions in the association can always be saved as long as they have historical value. Own posts on e.g. The Facebook fan page, or internal pages, are not deleted. But you can delete these yourself when you unsubscribe from the club, or ask the club's administrators to do so. This applies to both own postings and replies to others.
CHILDREN AND TEENAGERS
In some cases, children and young people themselves, i.e. without parental consent, can provide information to a data controller. Typically, an association will therefore legally be able to process information from young people over the age of 15. /tri club denmark can, without parental involvement, pass on personal data about the children when it is necessary for the sake of the sport (to event organisers, tournament management, to equipment suppliers, etc.).
CHANGES TO TERMS AND POLICIES
Having a login to the website is synonymous with being a club member (and having a login to the Club Module). Since we synchronize approx. 1st time per minute between our website and club module, to verify you as a paying member, you cannot be deleted on www.tri-club.dk. The club has the right to store and stores your data for three years from the date of cancellation for use, among other things. subsidy from the municipality.
In all cases, parts of your personal data are stored in accordance with Section 10, subsection of the Accounting Act. 1, for 5 years from the end of the financial year to which the material relates. They are then deleted.
THIRD PARTY WEBSITES
The website may contain links to other websites. We are not responsible for the policies or practices of third party websites regarding personal information.
If you have any questions about this policy or our processing of your personal data, please contact us at email@example.com
/tri club denmark
Nygårdsvej 7A. 3rd floor
2100 Copenhagen Ø
The data controller for the information collected on this website is
Dalbygade 40A, 2nd floor
6000 Kolding and Industry Road 21, 1.
CVR number: 31501512