DATA PROTECTION
Data Protection and Data Privacy
The following requirements for membership ensure that when members host or travel to tournaments the exchange of data is GDPR compliant, necessary and minimal.
It is necessary for schools to establish a Privacy Notice mechanism (how you collect consent). This could be part of the admissions process and or an athletics contract.
Member schools must:
Provide contact details of the Athletics Director and the DSL or DHS. Other related contacts are optional. The contact information will be relevant and updated as necessary.
Provide the names and mobile numbers of coaches and chaperones.
Provide names (only) of host families.
Provide Team Roster/Housing information. This will include and is limited to the names and grades of students traveling, dietary, medical, allergies, grade and relevant sport specific information (playing position/number).
Consent to their school’s website being linked from the ISST website.
Provide transfer of bank details for invoicing and payment.
Member schools must have parent consent for names (only) to be posted on:
Host school website.
Tournament programs.
Third party vendors such as Pentak/Hytek
This information must be deleted within 21 days of the tournament completion date.
Member schools must have parent consent for the following to be used for housing:
Family data which must include mobile numbers (and house numbers if applicable).
Exchange of medical and dietary information.
This information must be deleted within 21 days of the tournament completion date.