Data Protection Policy

Athletes, Parents and Carers: Please make sure you read and understand this data protection policy. The CSAA will operate according to the terms and conditions of the Data Protection Act (1998) as amended by the EU General Data Protection Regulation (GDPR) from 25th May 2018.

From the 25th May 2018 the laws surrounding the Data Protection Act (1998) were added to, realigned and tightened by the implementation of the EU General Data Protection Regulation (GDPR).

The following outlines the terms under which we operate:

GDPR affects all organisations that collect data.

Our organisation is called Cornwall Schools Athletic Association (CSAA).

Data is anything about an individual; the individuals allied to CSAA are the athletes and
additionally team managers and officials.

GDPR requires that such data is “necessary”.

GDPR requires that organisations obtain “consent” to acquire and process (use) the data obtained and that proof of consent is retained.

GDPR states that data obtained should be stored appropriately to the nature of the information.

Within CSAA the data it is necessary to collect is related specifically to our staging of
and entering into athletic championships.

The data collected will not be passed by CSAA to other individuals or organisations
other than necessary data to the CSAA championship organisers, the South West Schools
Athletic Association (SWSchAA) championship orgainisers; English Schools Athletic
Association (ESAA) championship organisers and third-parties such as programme
printers, results processors and results publishers.


* Name– CSAA requires an athlete’s first and last name. ( See note 1).

This may be published in an event programme, will appear in results of the event, may be
printed on certificates an athlete receives and may appear in historical records.

This will be included in entries to CSAA, SWSchAA &ESAA championships.

This may also be used and displayed on promotional garments.

* Sex – CSAA rarely asks for this but it is obtained through “default” by an entry to, for example, a
Junior Boys’ event.

* DoB – CSAA requires an athlete’s date of birth.

This is necessary to ensure entry into the correct age group.

This will be included in entries to CSAA, SWSchAA and ESAA championships.
It will be checked by the entering championships’ organiser and double checked by the
hosting championships’ organiser.

CSAA considers this to be sensitive personal information. This information will not be disclosed to anyone other than the organisers of the event, CSAA team managers.

CSAA will never publish dates of birth. Age data will be used and published in the results of
events at the most general level, ie age group, eg Intermediate Girls or, simply IG.

* Schools attended – CSAA requires the name of the school the athlete attends.

This is needed for the receipt of entries; subsequently for the feedback of results; the
notification of further selection and information relating to further championships.

* Email address – CSAA may ask for an athlete’s contact email address.
This could be used as communication method between CSAA and an athlete.
Via email or letter an athlete can be informed of selection, orgainsation, results
and future events.

CSAA considers this to be sensitive personal information. This information will
not be disclosed to any one other than CSAA team managers.
An athlete’s email will never be included in any mailing lists and all batch emails
will be Bcc’d.

* Phone number – CSAA may ask for an athlete’s contact phone numbers.
A telephone number remains essential in the case of urgency; consequently it is
An additional contact telephone number (not the athlete’s own) is required in the
case of emergency.

* Event season’s best performance – CSAA may ask for an athlete’s event season’s personal best or
more usually obtain this from the results of a championships.
This information will be used within entry procedures and championships’ to
ensure an athlete is in the correct event heat or pool for their ability.
Athlete performances will appear in the results of the event, may be printed on
certificates and may appear in historical records.

* Medical information – CSAA will ask for current medical information from those athletes who are
representing the county at championships.
Up to date medication and medical conditions, such as asthma or allergies, are
required so team managers are aware of possible reactions whilst traveling to
championships, in overnight accommodation and food outlets and importantly
during competition. If requested this information will be passed to the
accredited First Aid personnel at a championships.
Up to date medication details are required in the eventuality that an athlete is
randomly chosen to submit a urine sample for analysis by the accredited
testing laboratory at an ESAA championships (ie a drugs test).

CSAA considers this to be sensitive personal information. This information will not be disclosed to anyone other than the First Aiders, testing laboratory staff and CSAA team managers.


* In practice this means acquired data shall be adequate, relevant, accurate, up to date and not kept for longer than is needed.
Data would be updated when an athlete is at an end of a competition season; when an athlete
moves up to another age group or when an athlete moves school within the County.
Data is deleted when an athlete leaves a Cornwall school or when an athlete is too old for
CSAA championships, unless we acquire a new consent to retain it.
Medical information is only relevant to one particular championships and is deleted immediately
after its conclusion.


* An athlete’s consent allows CSAA to acquire and process data, but only if we have proof that we have prior permission to do so.

* All such consents can only be given freely and unconditionally, after an athlete has been made fully aware of exactly what the data is, what it will be used for and to whom it may be passed.

GDPR states that the consent must be a “clear affirmative action” and that it is “verifiable”

Availability forms issued at championships will:
Contain the statement “I fully understand that by submitting this form I am allowing my
personal information (including my date of birth) to be used by the CSAA Team Managers
during my possible selection and entry to South West Schools AA and
English Schools AA Championships”.

Participation in CSAA activities can never be conditional on an athlete consenting to giving such data, i.e. refusal cannot stop an athlete taking part. However, without much of the necessary data it would be most difficult to enter CSAA activities.

* Historical data.

GDPR states that an individual has the “right to be forgotten”

The saving and publishing of historical records are excluded from the regulation. However,
athletes have the right to request any record of them be deleted from the CSAA website or
future publications.
At CSAA events, hosted or entered, there will be numerous photographers and thus many
images of athletes taken. Many of these will be posted on social media, some in the press
and some on the CSAA website. Athletes have the right to request any image of them, where
they are the focus of the image, be deleted from the CSAA website or future CSAA

GDPR is not focused solely on electronic data. Paper records must also comply with the regulation.

Where CSAA acquires data on data forms these will require the signature from the athlete
to confirm they agree with the statement.


The data CSAA acquires from an athlete, an athlete’s school teachers is stored on personal
computers of the CSAA officers or in paper files at their premises.

GDPR requires that any statement requiring consent from children must be capable of being fully understood by a 13 year old child.

CSAA strives to make paper forms and also this document easy to read.

A comprehensive step-by-step explanation of the GDPR legislation displayed on the webpage;

CSAA is affiliated to ESAA; on their website there is an in-depth explanation of the GDPR legislation and how it relates to ESAA activities

The detailed information on the above two webpages has been thoughtfully compiled by Joes Lee, the Data Controller for ESAA, to whom CSAA is most grateful.

The GDPR legislation can be viewed on the website of the Information Commissioner’s Office;

This is a working document particularly as CSAA may introduce new event, championships and organisational structures requiring Data Protection update.

Note 1. First or last names that are “double” may cause errors using computerised entry systems. Theses are easily eradicated by the use of apostrophes or hyphens at the initial entry/typing stage.

Eg. Simon de Wilton would become Simon Wilton but with the apostrophe Simon de’ Wilton. The apostrophe could the be depleted. Emma Radford James would become Emma James but with a hyphen Emma Radford-James and again the hyphen could be removed on the proofing stage.