top of page

Privacy Policy

Rushmoor Wards Cup are committed to ensuring that all personal data obtained from event participants, supply chain partners, volunteers and other people who interact with the company. This privacy notice will explain how we collect, use and share personal data through the course of carry out our activities. By using our website or services, you consent to the practices described below in this privacy notice.

Contact Information

Data Protection Officer – Chris Lemon

Information We Collect

To enable us to carry out our duties we will process personal data including; full name, postal address, contact information, date of birth, emergency contact details, next of kin details, dietary information including allergies and health conditions, photographs or video recordings, information about care needs including disabilities and general care provisions, financial data, tax payer information, donation history, information relating to compliments or complaints, records of meetings and decisions, criminal offence data, marketing preferences, records of consent. 

To enable us to adequately deal with queries, complaints or claims it may be possible for racial or ethnic origin, religious or philosophical beliefs, health information and sexual orientation information to be required however this will only be requested if specifically related to the query, complaint or claim and will not be processed without consent.

For the purposes of this privacy notice, “Contact Information” means one or all of the person’s telephone / mobile number(s), email addresses or social media profiles including but not limited to Facebook, X account (formerly Twitter), Whatsapp, Linkedin, Instagram, Tik Tok).

Lawful Bases & Data Protection Rights

Under UK data protection law, we must have a ‘lawful basis’ for collecting and using your personal information. There is a list of possible lawful bases in the UK GDPR, you can find out more about lawful bases on the ICO’s website.

Which lawful bases we rely on may affect your data protection rights which are set out briefly below. You can find out more about your data protection rights and the exemptions which may apply on the ICO’s website:

 

Right of Access

You have the right to ask us for copies of all your personal data processed by us at any time. You can also request other information such as details about where we obtain personal information and who we share personal information with. There are some exemptions which means you may not receive all the information you ask for. 

Right to Rectification

You have the right to ask us to correct or delete information you think is inaccurate or incomplete.

Right to Erasure

You have the right to ask us to delete your personal information.

Right to Restriction of Processing

You have the right to ask us to limit how we can use personal information.

Right to Object to Processing

You have the right to object to the processing of your personal data.

Right to Data Portability

You have the right to ask that we transfer the personal information you gave us to another organisation, or to you.

Right to Withdraw Consent

When we use consent as our lawful basis you have the right to withdraw your consent at any time.

If you make a request, we must respond to you without undue delay and in any event within one month.

To make a data protection rights request, please contact us using the contact details at the top of this privacy notice.

Our lawful bases for processing your personal information are:

Consent

We have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.

Contract

We have to collect or use the information to enable us to enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.

Legal Obligation

We have to collect or use your personal information so we can comply with the law. All of your data protection rights may apply, except the right to erasure, the right to object and the right to data portability.

Legitimate Interests

We are collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability.

Examples of legitimate interest include the processing of personal data to enable the company to communicate with volunteers on matters relating to the operation of the company for example holding meetings, providing information on the companies activities particularly those activities which, by their nature, are likely to be of particular interest to individual volunteers or trustees, seeking help or advice from volunteers or trustees where they have specific knowledge or experience and ensuring that any particular needs of the volunteers or trustees are appropriately and sensitively accommodated when organising meetings and other company activities.

CCTV images and videos may be obtained either directly or indirectly when utilising premises in order to safeguard its collection from theft and vandalism, as may be required by its insurers. The information is only collected and processed and, where appropriate, shared with other authorities (e.g. the police) where it is necessary to investigate a potential crime.

We will ensure that all personal data will be processed lawfully, fairly, adequate, accurate and in a transparent manner and collected only for specified, explicit and legitimate purposes and not processed in any manner incompatible with those purposes. 

All steps will be taken to ensure that all personal data, where necessary, is accurate and kept up to date and all unnecessary personal data is removed and deleted except where required for carrying out a contract or legal requirement.

Where we obtain personal information

Sources of personal information may be obtained from one or more of the following:

  • Directly from you

  • Regulatory authorities

  • Family members or carers

  • Charities or voluntary sector organisations

  • Schools, colleges, universities or other education organisations

  • CCTV footage or other recordings

  • Suppliers and service providers

How long we keep your personal information

We promise to only keep your personal information for as long as absolutely necessary to enable us to carry out our company activities in line with UK GDPR and ICO guidance as well as to enable us to comply with UK regulations, standards and legislation.

The type of personal information and the retention period of personal information will be regularly reviewed, not less than every 6 months, to ensure that all data processed can be justified. Any personal data which it is decided is no longer required will be removed as soon as is reasonably practical and in any case no longer than 30 working days after retention of the data was identified as no longer justified.

Who we share information with

We will only share your personal data with external personnel and organisations where required to enable us to carry out any lawful basis:

  • Insurance companies, brokers and other intermediaries

  • Organisations we need to share information with for safeguarding reasons

  • Emergency services

  • Legal bodies or authorities

  • Relevant regulatory authorities

  • External auditors or inspectors

  • Organisations we are legally obliged to share personal information with

  • Publicly on our website, social media or other marketing and information media.

Personnel

Data Protection Officer

In the considered opinion of the Trustees that the scope and nature of the personal data held by the company is not sufficient to warrant the appointment of a Data Protection Officer however to ensure best practice procedures are met one has been appointed with details available at the top of this privacy notice.

Data Controller

The Board of Trustees is the Data Controller for the company.

Access to Data

Except where necessary for legitimate purposes of the company, personal data will be restricted to personnel who require the information to carry out their activities. 

How to complain

If you have any concerns about our use of your personal data, you can make a complaint to us using the contact details at the top of this privacy notice.

If you remain unhappy with how we have processed your data after raising a complain with us, you can also complain to the ICO.

The ICO’s address:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline number: 0303 123 1113

Website: https://www.ico.org.uk/make-a-complaint

 

Last Updated

This privacy notice was last reviewed and updated on 02 August 2025.

bottom of page