Below is a copy The RCF D GDPR Policy

How do we collect data?

We collect data in a number of ways. For some of our sessions we use paper registration forms that are completed by the parents/guardians of the participants (this is the case for all sessions delivered to primary school pupils aged between 4-12). Another way we collect data is through paper based registers, this is the case for our turn up and play (mini football and futsal) sessions and school holiday soccer camps. The RCF also use ‘Floc’ an online app that allows customers to book on to any of our courses run outside of school time. The data entered in ‘Floc’ is held on their servers, please contact us for more information on the ‘Floc’ GDPR policy.

What data do we collect and why?

We collect data that is necessary for us to safely and securely delivery the highest standard of session. Our policy is to only collect that data which is necessary for us to ensure every participant remains safe. For player aged between 4-12 years old, data collected includes; the players name, the name of a parent or guardian, the players date of birth (to ensure sessions are age appropriate and that players are split correctly), an emergency contact name and number, email address, post code and details of any medical conditions that may impact physical activity. This data must be provided by and contented for use by the participants player/guardian. For players aged 13 and over, we collect the same information but the participants at this age can provide the consent.

What do we use the data for?

We use the data we collect to ensure the safety and enjoyment of our participants as well as using some data for statical reporting. The data collected allow us to create registers and ensure we know exactly who should be at our sessions and also allows us to safely disengage participants from our sessions. Emergency contact information is collected to ensure a way to contact parents/guardians in the event of an emergency. Collecting the date of birth of participants allows us to ensure individuals are placed in age appropriate groups and data collection also allows us to ensure we have enough staff on hand at each session. Email addresses are collected for marketing purposes (explained in more detail below).

For data that is collected through schools, such as registers, this data is only ever used for our own participation records and to upload for reporting to the online databases discussed below.

Data collected is also used to enable us to understand our key demographic and also, as part of grant funded projects, used in reporting. The data collected is uploaded electronically to an online software system. The two software systems currently in use by The RCF are the ‘Views’ system run by a company called Substance and Upshot, which is used by the Premier League. The data input of these systems are not shared with any third parties for marketing purposes and are fully secured.

The data collected on our after school flyers allows us to ensure that participants receive their voucher for the match day activity.

Medical information is collected to ensure that our coaches are aware of any conditions that may impact an individuals participation in physical activity.

We will not share any of the data collected with any third patties for marketing purposes without the explicit consent of the individual. We will only use data collected for RCF Marketing purposes with prior consent, and you will be able to opt out of this marketing at a later date. RCF marketing and advertisement is done via Email and Text messaging.

Girls Teams

Who do we share the data with?

In relation to RCF coaches, coaches will have access to certain amounts of data, depending on the session they are delivering. For example, lead coaches will have access to emergency contact information, full name and date of births and medical info for the sessions they are delivering. This data will remain secured at all times and destroyed once the course being run is competed.

Data collected as part of out grant funded projects is uploaded to the software systems related to each project (substance and upshot), these organisations have their own GDPR policies that can also be accessed. This data is not used for any marketing and is not shared with anybody else. All other data collected remains within the RCF and is only used by us for the reasons already mentioned. We do not share data with anybody else, including Wrexham AFC.

How is it stored and secured?

Data that is collected using our paper sign up forms and paper registers are secured in a locked filing cabinet within our office at The Racecourse Stadium Wrexham. The office is locked and alarmed when no one is in. Data we collect for sessions that are on going, or a course of sessions is also stored on electronic spread sheets that provide the RCF with emergency contact details and medical info for participants. This means that if sessions are changed or cancelled we have access to this data. This data which is stored electronically, is stored on the RCF main computer which is password protected when turned on and each database is individually password protected.

How long do we keep the data?

For data collected for after school football clubs, centres of development and futsal sessions we will keep the data for a maximum of 6 months after the course has finished.

What if there is a breach?

If there is any breach in the data, we will contact the ICO within 72 hours of the breach. We have policies and procedures in place to ensure the chances of a breach are minimised. We will keep records of all breaches and notify individuals that it relates too.

Contact details and Data Protection Officers

The main point of contact for all data protection issues is Matthew Jones, who can be contacted at or 01978 295515.