DATA PROTECTION

Data Protection and Data Privacy

The following requirements for membership ensure that when members host or travel to tournaments the exchange of data is GDPR compliant, necessary and minimal.

It is necessary for schools to establish a Privacy Notice mechanism (how you collect consent). This could be part of the admissions process and or an athletics contract.

Member schools must:

• Provide contact details of the Athletics Director and the DSL or DHS. Other related contacts are optional. The contact information will be relevant and updated as necessary. 

• Provide the names and mobile numbers of coaches and chaperones.

• Consent to their school’s website being linked from the ISST website.

• Provide transfer of bank details for invoicing and payment. 

 
Member schools must have parent consent for names (only) to be posted on:

• Host school website.

• Tournament programs.

• Third party vendors such as Pentak/Hytek

• This information must be deleted within 21 days of the tournament completion date.
   

Collecting student names or other personal data should be avoided if it is at all possible. If students have to be identified only first names should be used. This information should not be printed or shared.