Witchford Archers is a registered charity. We are committed to providing a safe and enjoyable environment for all our members and visitors. We have a number of policies in place to ensure that we meet our legal obligations and provide a safe environment for all our members and visitors.

Data Retention Policy for Witchford Archers Archery Club

1. Purpose: Witchford Archers ("the Club") is committed to ensuring compliance with the General Data Protection Regulation (GDPR) and protecting the privacy rights of its members and stakeholders. This Data Retention Policy outlines the Club's approach to managing personal data in accordance with GDPR requirements.
2. Scope This policy applies to all personal data collected, processed, and stored by the Club, including but not limited to data relating to members, volunteers, employees, and other stakeholders.
3. Data Collection and Processing The Club shall only collect and process personal data that is necessary for its legitimate purposes, including membership management, event registration, and communication with members. The Club shall ensure that all personal data collected is accurate, relevant, and kept up-to-date.
4. Data Retention Period The Club shall retain personal data for no longer than is necessary for the purposes for which it was collected, and in compliance with applicable legal requirements. The retention period for different types of personal data shall be as follows:
   • Membership data: Personal data of current members shall be retained for the duration of their attendance. Personal data of former members shall be retained for a period of six years after their last attendance at the club, or as required by applicable legal requirements.
   • Event registration data: Personal data of participants in Club events shall be retained for the duration of the event, and for a period of one year thereafter, or as required by applicable legal requirements.
   • Employee and volunteer data: Personal data of employees and volunteers shall be retained for the duration of their engagement with the Club, and for a period of six years thereafter, or as required by applicable legal requirements.
   • Other stakeholder data: Personal data of other stakeholders, such as sponsors or partners, shall be retained for the duration of the business relationship, and for a period of six years thereafter, or as required by applicable legal requirements.
5. Data Security The Club shall implement appropriate technical and organisational measures to protect personal data against unauthorised access, accidental loss, and other security breaches. Access to personal data shall be limited to authorised personnel who have a legitimate need to access such data for Club-related purposes.
6. Data Subject Rights The Club shall respect the rights of data subjects as provided under GDPR, including the right to access, rectify, erase, restrict processing, and object to processing of their personal data. Data subjects may exercise their rights by submitting a request in writing to the Club.
7. Data Breach Notification In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of data subjects, the Club shall promptly notify the relevant supervisory authority and affected data subjects, in accordance with GDPR requirements.
8. Data Transfers The Club shall not transfer personal data to countries outside the European Economic Area (EEA) unless appropriate safeguards are in place, as required by GDPR.
9. Record Keeping The Club shall maintain records of its data processing activities, including the purposes of processing, categories of personal data, retention periods, and other relevant information, as required by GDPR.
10. Review and Update This Data Retention Policy shall be reviewed periodically and updated as necessary to ensure continued compliance with GDPR requirements and best practices.
11. Consent By becoming a member of the Club, or otherwise providing personal data to the Club, individuals are deemed to have read, understood, and consented to the terms of this Data Retention Policy.
12. Contact Information For inquiries or requests related to this Data Retention Policy, data subjects may contact the Club's designated data protection officer at witchfordarchers@gmail.com.

Conclusion: This Data Retention Policy aims to ensure that the Club's management of personal data is: (i) compliant with GDPR requirements; (ii) transparent and accountable; and (iii) consistent with the Club's commitment to protecting the privacy rights of its members and stakeholders.