Personal Data Usage and Privacy
The following policy has been implemented by the Irish Mountain Running Association ("IMRA") as and from 25th May 2018 in accordance with the Data Protection Act 2018 and the General Data Protection Regulations (hereinafter referred to as "GDPR") which came into force on 25th May 2018.
- Any data gathered by IMRA from its members is used for the purposes of the organisation only, including to facilitate IMRA members competing and taking part safely in IMRA events, to allow the accurate recording and storage of IMRA's race results and for ancillary purposes such as calculating league and championship winners and designing volunteer requirement efforts. Such data will not be disclosed to any third party not a member of IMRA either within or outside the EU without the individual member's prior consent.
- All IMRA members are informed of the categories of personal data that IMRA processes when they register with IMRA.
- The data will be retained by IMRA indefinitely unless:
- A member or former member submits a request for erasure of his/her personal data in accordance with this Policy.
- A former members has not re-joined IMRA for four consecutive years. In this case, we will delete the personal data related to that account, with the exception of the email address linked to the account, race photos and results, in case that member wants to re-join IMRA in the future.
- Rights of individual IMRA members under GDPR include (but are not limited to):
- Access to their personal data which IMRA holds
- To have inaccuracies corrected
- To have their personal data erased, subject to the limitations provided for in the GDPR
- To object to direct marketing
- To restrict the processing of their information, including automated decision making
- Data portability
- Right to complaint
- Any Data Subject Access Request (DSAR) by an IMRA member should be submitted to the IMRA Secretary at firstname.lastname@example.org. DSARs will, where possible, be dealt with electronically and/or in a commonly used alternative format.
- There will be no charge for processing a DSAR unless IMRA can demonstrate that the cost of complying with it will be excessive.
- The processing of DSARs will be dealt with as soon as reasonable practicable and, in any event, within the timelines laid down in the GDPR.
- DSARs will only be refused where they are deemed to be manifestly unfounded or excessive. The decision in relation to such refusal shall be made initially by the IMRA Secretary who will have to demonstrate to the applicant why the request met the relevant criteria. This decision can be appealed by the applicant to the President of IMRA within a period of 21 calendar days.
- If an IMRA members determines that any of his or her personal data that is being used by IMRA is incorrect, that member has the right to request rectification of that data. All such requests should be sent to the IMRA Secretary at email@example.com. Requests for rectification of personal data will be dealt with as soon as is reasonably practicable and, in any event, within the timelines laid down in the GDPR. If the Secretary determines that no rectification is called for, he will communicate that decision to the requesting member within the same timeframe. Any appeal of this decision to refuse the rectification shall be made initially to the Secretary, who will have to demonstrate to the applicant why no rectification was required. This decision can be appealed by the applicant to the President of IMRA within a period of 21 calendar days of the Secretary’s response to that appeal.
- Members have a right to withdraw their consent to the use by IMRA of their personal data at any time by sending an e-mail to the IMRA Secretary at firstname.lastname@example.org. If such consent is withdrawn it will not be possible for members to continue to compete in IMRA events due to health & safety concerns and the impossibility of recording accurate race results in those circumstances.
- IMRA has a legitimate interest in recording and publishing all of the results in the races it holds. This legitimate interest will continue after a decision of an IMRA member to request the erasure by IMRA of their personal data, as provided for in the GDPR. Therefore individual race results will not fall under the personal data that is subject to a request for erasure. The name will be deleted from the result so that it is not identifiable as belonging to a given IMRA member.
IMRA also has a legitimate interest in maintaining race photos on its website. Any tags to a member who submits a request for erasure will be removed. However, the photos will remain on the website.
- Any data collected from members who are under 18 must have the formal consent of their parents or guardians.
- Any data breaches which impact on the privacy of members will be notified immediately by the IMRA Secretary to the Office of the Data Protection Commissioner (the “ODPC”) and any individuals who are affected by such breach will be notified within 72 hours of the occurrence of the said breach. IMRA members have a right of complaint to the ODPC.
- The security of your data is a priority for IMRA and we are committed to respecting your privacy rights. We will make every effort to handle your data fairly and legally at all times. We will be transparent about what data we collect from you and how we use it. Our website is hosted in a secure environment. Only nominated Committee Members, Lap-top operators or Race Directors will have access to your personal data, and in each case, only for IMRA’s legitimate interests.
- Consent by members to the processing of their data will be obtained only by clear affirmative action and subject to the right to withdraw such consent as provided at paragraph 10 and 11 above.