Read more about our policies below and how we aim to help people in Northumberland make the most out of the diverse culture and leisure on offer in our county.
Subject Access Information
The Data Protection Act 2018 gives you, the individual, the right to see what information an organisation holds about you. This information note will explain your general rights in respect of access to your data, and how to exercise your right to see what information Active Northumberland holds about you.
What is a Subject Access Request?
Under Section 7 of the Data Protection Act 2018 you are entitled to be told by a data controller if any personal data is held about you AND, if so:
• to be given a description of the data;
• to be told for what purposes the data are processed and
• to be told the recipients or the classes of recipients to whom the data may
have been disclosed.
You are also entitled;
• to be given a copy of the information with any unintelligible terms explained;
• to be given any information available to the controller about the source of the data;
What Information am I entitled to see?
You are entitled to see information of which you are the Data Subject and which comprises your personal data.
For information to be your personal data you have to be identifiable from the data and you should also be the focus of it.
You are not entitled to see information about third parties. In some circumstances third party details may be removed from your personal data.
Where we have a duty of confidentiality to those third parties we may contact them to obtain their consent for us to disclose their information to you.
If you are requesting information about your children aged between 12 and 17, we require their consent to share their personal data with you.
How much does a request cost?
A Data Controller is entitled to request a fee of up to £10.00 per request, Active Northumberland currently does not charge a fee (Free) for this request but please note only 1 person should be included per request.
How long does a subject access request take?
The 1998 Act requires Data Controllers to comply with subject access requests, within 40 calendar days from receipt of the request or, the necessary information to confirm your identity and to locate the data and consents where appropriate.
What information do I need to provide?
Data Controllers may ask you for any information they reasonably need to verify your identity and to locate the data.
This means you should provide the Data Controller with proof of your identity and information which will assist the data controller in locating your personal data. For instance any relevant reference numbers, account numbers, dates of correspondence and details of employees you have dealt with.
It is important to note that a Data Controller does not have to respond to a request until they re provided with sufficient information necessary to confirm your identity and to locate the information you seek, so it is important to provide this information from the outset.
Can a third party make a subject access request on my behalf?
Yes, but only with your written authorisation. There is no reason why an individual cannot make a request through a representative; however, it is the representative’s responsibility to provide satisfactory evidence that he/she has the authority to make a request on behalf of the individual.
How do I make a request to Active Northumberland?
1. If you are making a request to Active Northumberland, you should use the ‘Subject Access Request Form’. You will find it enclosed in this pack.
2. You should provide two original official forms of identification, 1 photographic and one to show your current address (this should be dated within the last 2 months). In cases where sensitive personal data is involved, you may be required to provide further identification. Examples of identification are your passport or driving licence and a recent utility bill or council tax letter.
3. If a representative is making a request on your behalf then you will also need to complete appendix 1 or 2 of the Subject Access Request Form. We will not respond to third party requests unless this form is completed. In order to ensure confidentiality we reserve the right to make further enquiries to check the authorisation given.
4. Alternatively, the completed form and documents can be placed in a sealed envelope marked for the attention of the Information Governance Office. This can be handed in at our Customer Information Centres who will then forward the sealed envelope to the Information Governance Office for processing.
Please CLICK HERE
for information on completing a Subject Access Request Form
Information for the public - How we handle your personal data and information.
Everyone working for Active Northumberland service has a legal duty to keep and process information about you in accordance with the law. This document explains why we ask for your personal information, how that information will be used and how you can access your records. We are committed to protecting and respecting your privacy. We are registered as a ‘data controller’ under the Data Protection Act 2018 (registration no.ZA071118).
Why is information recorded about me?
We use information about Active Northumberland users to enable us to provide you with a service. We keep records about Active Northumberland users. These may be written down (manual records), or kept on a computer (electronic records).
These records may include:
- basic details about you, for example, name, address, date of birth,
- unique identifier e.g. membership reference number
- financial information e.g. bank account number, sort code.
- contact we have had with you, for example, appointments & letters of correspondence,
- notes and reports about your relevant circumstances,
- details and records about the service you have received,
- relevant information from other people that we have been in contact with in relation to the service that you have received,
We also process sensitive classes of information that may include:
- health details including medical details
Ordinarily we will inform you if we record or monitor any telephone calls you make to us. This will be used to increase your security, for our record keeping of the transaction, investigation of complaints and for our staff training purposes.
If you email us we may keep a record of your contact, your email address and the content of
the email for our record keeping. However, this information will not be kept longer than
necessary and in line with our data retention policies.
What is the information used for?
Your records are used to help ensure that we provide you with the service that you need.
Information which you provide us with will be kept securely and will only be used for the purposes stated when the information is collected. For example:
● to progress the service you requested
● to allow us to be able to communicate and provide services and benefits appropriate to your needs
● to ensure that we meet our legal or contractual obligations
● for law enforcement functions
● to detect and prevent fraud or crime
● to process financial transactions
● where necessary, to protect individuals from harm or injury; and
● to allow the statistical analysis of data so we can plan the provision of services.
It is important that your records are accurate and up-to-date as they will help make sure that our staff are able to provide you with the help, advice or support you need.
If you do not provide us with this information then we will not be able to communicate accurately and efficiently with you, for example if a booking is cancelled or changed.
Occasions when your information needs to be disclosed (shared) include:
- where the health and safety of others is at risk,
- when the law requires us to pass on information under special circumstances,
- crime prevention or the detection of fraud as part of the National Fraud Initiative
- Anyone who receives information from us has a legal duty to keep it confidential
- We are required by law to report certain information to appropriate authorities – for example:
- where we encounter infectious diseases which may be a public health concern
- where the law is not upheld
Active Northumberland works with partner organisations, on occasion we may need to share information.
These could include:
- Northumberland County Council
- Other NHS organisations/teams who are involved in your care
- Northumberland Sport
- Sports Development
At no time will your information be passed to organisations external to us and our partners for marketing or sales purposes or for any commercial use without your prior express consent.
We have CCTV systems installed in some of our premises which are accessed by members of the public. These are for the purposes of public and staff safety and crime detection and prevention. In all locations, signs are displayed notifying you that CCTV is in operation and providing details of who to contact for further information about the scheme. We will only disclose CCTV images to others, where required by law or to help prevent crime etc. CCTV images will not be released to the media for entertainment purposes or placed on the internet. Images captured by CCTV will not be kept for longer than necessary. However, on occasions there may be a need to keep images for longer, for example where a crime is being investigated. You have the right to see CCTV images of yourself and be provided with a copy of the images. However, the images may be withheld if the images also identify a third party.
Using our website
Our website http://www.activenorthumberland.org.uk
does not store or capture personal information
when you access it as a visitor. Our systems will only capture and record personal information if you;
- subscribe to our newsletter using your email address,
- sign up as a member,
- book a class,
- contact us and leave your details for us to respond.
Please note that any forms on our website that capture personal information are secure and data will
only be used for the purposes stated when the information is collected.
Our website uses cookie technology for analytical purposes, and to personalise the user experience of
the site, e.g, which local area you selected. A cookie is a string of information that is sent by a website
and stored on your hard drive or temporarily in your device’s memory. This helps us to provide you with
a good service when you browse our website and also allows us to improve our site. No personal
information is collected this way. Please note that this notice only covers the Active Northumberland
website maintained by us, and does not cover other websites linked from our site.
How will my information be protected?
Our aim is not to be intrusive, and we won't ask irrelevant or unnecessary questions. The information you provide will be subject to rigorous measures and procedures to make sure it can't be seen, accessed or disclosed to anyone who shouldn't see it.
We receive our Information Governance support from Northumberland County Council and adopt their Information Governance Framework which includes policies on Data Protection, Information Security, Freedom of Information and Environmental Information. These define our commitments and responsibilities to your privacy and cover a range of information and technology security areas. The framework and all policies are available here
We provide mandatory annual training to all staff. We treat it as a disciplinary matter if staff misuse or do not look after your personal information properly.
How long for?
Your details will be in line with the Active Northumberland retention periods. Processing is kept to a minimum and will only be processed in accordance with the law.
Information will only be shared with third parties if they have genuine and lawful need for it.
When special category data is shared, for example health data including G.P Referrals, we will gain explicit consent to do so.
Can I see my records?
The General Data Protection Regulation allows you to find out what information is held about you, on paper and computer records. This is known as ‘right of subject access’ and applies to your membership records along with all other personal records.
As Northumberland County Council provide our Information Governance support, if you wish to see a copy of your records you should submit a Subject Access Request which is available here or by contacting the Information Governance Office directly. You are entitled to receive a copy of your records free of charge, within a month.
In certain circumstances access to your records may be limited, for example, if the records you have asked for contain information relating to another person.
Do I have Other Rights?
Data Protection laws gives you the right:
- To be informed why, where and how we use your information.
- To ask for access to your information
- To ask for information to be corrected if inaccurate or incomplete.
- To ask for your information to be deleted or removed where there is no need for us to continue processing it.
- To ask us to restrict the use of your information.
- To ask us to copy or transfer your information from one IT system to another in a safe and secure way, without impacting the quality of the information.
- To object to how your information is used.
- To challenge any decisions made without human intervention (automated decision making).
- To lodge a complaint with the Information Commissioner’s Office whose contact details are below.
- If our processing is based upon your consent, to withdraw your consent.
If you would like to know more about how we use your information, or if for any reason you do not wish to have your information used in any of the ways described in this leaflet, please tell us. Please contact Joanne Farrier on email@example.com
Data Protection Officer: firstname.lastname@example.org
You also have the right to complain to the Information Commissioner’s Office if you are unhappy with the way we process your data. Details can be found on the ICO website, or you may write to the ICO at the following address:
Information Commissioner's Office
Tel: 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number
We are committed to providing inclusive and accessible leisure opportunities for all. Read our accessibility guide here for more information.
Our lost property policy is as follows -
Item(s) found of value will be kept in a safe for 4 weeks, including -
Cash, in any amount, credit cards, personal identification (including licenses, passport, etc.), electronic devices including laptops, personal digital assistants (PDA's), iPODs (or equivalent), mobile phones, mobile games systems, Ebook readers, etc, jewellery / watches (costume jewellery is not considered of value), keys
Articles of Clothing will be kept in a clothing box for 4 weeks
Articles of clothing with little apparent value and without owner identification will be added to the clothing box
Goggles left on the poolside or in the changing rooms will be kept in the clothing box. The date they were found will be attached and they will be disposed of after 4 weeks.
Anyone who reclaims a pair of goggles must sign to acknowledge that they accept responsibility if they contract an infection from the goggles that they have claimed as their own, or on behalf of someone else.
Food and drink or anything liquid or perishable will be properly discarded immediately
Socks, underwear and towels will not be kept and will be properly discarded immediately
Customer Charter Statement
At Active Northumberland we put the needs of all our customers first and we are committed to providing a responsive, accessible and professional service. To find out more view our Customer Charter Statement HERE.
Security Incident / Data Breach Form
Please complete the following form when reporting security incidents and data breaches in line with our Security Incident and Data Breach Policy.
Click here to submit a Security/Data Breach Incident
Click here to read our Secrurity and Data Breach Policy