GENERAL REGULATION DATA PROTECTION TOUR DE JUNIOR ACHTERVELD

Privacy Approach In accordance with the General Data Protection Regulation (GDPR) For the Tour De Junior Achterveld Foundation (TdJ).

The following are appointed as the Data Protection Officer of TdJ:

Mevrouw P.G.M. Rutte – Voorburg, secretaris van TdJ, situated at Ildefonsehof 8, 3791 WC in Achterveld, available by phone: 06-30646644 and by mail: voorburg58@gmail.com.

The following data is collected from volunteers and participants:

Volunteers:

  • Name, initials, address, place of residence, zip code, telephone and email address

Attendees

  • Name, initials, address, place of residence, zip code, date of birth, gender, nationality, telephone, email address, license number, transponder number, cycling club and category

The data of volunteers is necessary to be able to reach and inform them.

For participants, this data is collected in order to assess whether they are allowed to register in the relevant category of the competitions and to inform them about the competitions.

For the volunteers, the data is collected by the board member who coordinates the volunteers.

For the participants, the data is collected by an official in charge of registrations and the treasurer.

Volunteer data is requested manually from the volunteers.

For the participants, the data is obtained via the registration module on our website. After registration, participants will receive an email with the recorded data.

The data of the volunteers is stored in a secure Excel format that is shared among the board members.

The details of the participants are stored in the database of our website via a secure code. In addition, a download is regularly made from the database in a secure Excel environment by the registration officer. This is also made available to the treasurer.

Both officials regularly back up these files.

The data of the volunteers and participants will be kept for a maximum of 3 years.

A separate page will be opened on our website indicating how the Foundation handles privacy data in accordance with the GDPR.

Photos of volunteers and participants will only be posted after obtaining permission from those involved. For participants, reference will be made to this general regulation when confirming registration. When registering, participants automatically give permission to post photos, but can indicate when registering if they do not want this.

A processing agreement will be concluded with the administrator of the website.

Third parties are not allowed to use the files.

All volunteers will be informed about the existence of personal data as referred to under 3 and the purpose: only for internal use.

In addition, they will be informed about the possibility to submit a complaint about the way in which the data has been processed and about the possibility to view, correct or, if desired, have this data removed.

The participants will also be informed by e-mail immediately after registration on our website about the recording of personal data. They also have the same opportunity as the volunteers to submit a complaint, view, correct and request the removal of this data.

Data leaks to third parties will be reported to the Dutch Data Protection Authority via an internal protocol to be determined

This note will be approved by the Board of our Foundation and will be sent to all volunteers via a news flash by email

Every officer of the Foundation who, in his/her position, must have access to the personal data of volunteers and participants may only use this data internally and in accordance with the purpose of the Foundation.

The relevant officer will handle this information with care. They have a duty of confidentiality towards third parties with regard to personal data.

The officer is aware of the provisions of the General Data Protection Regulation of the Tour de Junior Achterveld Foundation and will act accordingly.

Every officer who is given access to the personal data will sign a confidentiality statement.

In the event of a data breach, the Data Protection Officer will be informed within 24 hours by the person who caused the data breach.

A data breach is understood to mean an incident that fears a serious breach of the confidentiality of personal data processed by TdJ. Examples of data breaches are:

  • Sending e-mails or physical document containing personal data to an e-mail address that belongs to a party for which the organization does not, directly or indirectly, have permission from those involved to view the data.
  • Providing access to a database containing personal data to a person who is not a board member or volunteer of TdJ.

The Data Protection Officer is responsible for the report. He/she is charged with reporting breaches of confidentiality of personal data processed by TdJ to the Dutch Data Protection Authority.

Within 48 hours, data subjects whose confidentiality of the personal data has been infringed will be informed of the leak by e-mail. Those to whom data have been leaked are also requested to stop the leak within 48 hours by destroying incorrectly obtained information.

The Data Protection Officer will inform the Dutch Data Protection Authority of the leak within 72 hours by reporting in accordance with the procedure established by the Personal Data Authority.