Welcome to the ReTrain to Retain (R2R), provided by the Chartered Institute for the Management of Sport and Physical Activity (CIMSPA), Privacy Notice “CIMSPA’s R2R Privacy Notice”). As the professional development body for the UK’s sport and physical activity sector, CIMSPA is shaping a recognised and respected sector through its work with individual members and partner organisations. To make the R2R available, CIMSPA requires access to personal data. The use and sharing of such personal data is on the basis set out in this R2R Privacy Notice.
Privacy Notice purpose
CIMSPA’s R2R Privacy Notice will provide information on how CIMSPA collects, uses, protects, manages, stores and deletes personal data for Users of the R2R. Furthermore, it will outline what CIMSPA will do with individual data and who it will share this information with. It is important that individuals read the CIMSPA’s R2R Privacy Notice when signing-up to use the service and from time to time so that they can remain fully informed on how and why CIMSPA is using individual data.
ReTrain to Retain services are not intended for children and CIMSPA does not knowingly collect data relating to children.
Chartered Institute for the Management of Sport and Physical Activity
SportPark Loughborough University,
3 Oakwood Drive Loughborough, Leicestershire LE11 3QF Tel: 03438 360200
Incorporated by Royal Charter Charity registration number 1144545
CIMSPA has a single entry on the Data Protection register held by the ICO. The registrable particulars are as follows:
Registration number: Z299023X
Date registered: 03 January 2012
Registration expires: 02 January 2022
Data controller: Chartered Institute for the Management of Sport and Physical Activity Other names: CIMSPA
The ReTrain to Retain is a platform used to deliver education, training, events and benefits. Funded by Sport England, it is made available to CIMSPA members and non-members whose organisation and/or activity resides in England. In order to access it individuals have to sign-up to the service and provide certain details (“User”). CIMSPA collects personal data from Users which is necessary for CIMSPA to provide access to the ReTrain to Retain.
As a data controller CIMSPA will make the User aware of the CIMSPA R2R Privacy Notice at the point at which it collects data from them. This Notice will be available at https://digital.cimspa.co.uk/.
CIMSPA has not appointed a data protection officer as it is not required to do so, but has however, adopted the approach that each head of department will be the responsible lead for data protection within their area of work. The CIMSPA Director of Strategy will have overall responsibility for data protection compliance and oversee the heads of department within CIMSPA and provide further support and guidance to them where required.
As consortium partners of the project UK Coach and EMD UK will be classed as joint data controllers for the R2R project, data will be shared with the two partners in order and only to provide training, support and resources to participants of the R2R project.
Any questions regarding the CIMSPA R2R Privacy Notice or requests to exercise individual rights can be sent to CIMSPA at firstname.lastname@example.org.
Personal information CIMSPA collects from Users of the ReTrain to Retain
Personal data or personal information means any information about an individual from which that person can be identified. CIMSPA collects personal data for the R2R through a single registration form at the point at which a User signs up to use the service, through ongoing usage of the R2R platform (hosted on Brightspace) and from time to time through other mechanisms as needed to provide the R2R platform.
CIMSPA collects the following types of information from Users of the ReTrain to Retain for the following purposes:
To allow direct communication between CIMSPA and an individual User when providing the R2R
- Email address(es).
Interactions with CIMSPA
To facilitate interactions and requests between individual Users and CIMSPA.
- Email communications.
Use of R2R services
To enable and record the use of and movement through online systems.
- IP addresses.
- User names.
- Record of attendance at events, modules, resource downloads, etc.
Identification and CIMSPA support
CIMSPA identifies individual Users and captures information to ensure the R2R is meeting the needs of people across sport and physical activity, and can provide additional support as needed (for example, recording disabilities to ensure needs are met at events).
- Year of birth
- Employment type.
- Post code.
- Ethnic origin.
Data that CIMSPA records to fulfill its business functions to provide the R2R:
- Mailing preferences.
- Access to and usage of the R2R platform.
Personal details about ethnic origin, disability etc. are considered ‘sensitive’ personal data. CIMSPA processes this data for users of the ReTrain to Retain to ensure the services provided are accessible, inclusive, and engage individuals and groups across society. CIMSPA will not share any ‘sensitive’ personal data with any third parties From time to time CIMSPA will anonymise and aggregate personal data to analyse User engagement, and report on the usage and uptake of the R2R.
Why CIMSPA collects personal data
CIMSPA will only collate and use personal data in accordance with data protection laws. CIMSPA processes personal information to enable it to provide the R2R which is a voluntary service for the benefit of the public as specified in CIMSPA’s chartered statutes.
Lawful data collection
CIMSPA will collect R2R User data on the basis of genuine User consent.
CIMSPA may also use personal data in the following circumstances:
- Contract – where CIMSPA needs to use the personal data in order to perform the contract that the individual or organisation is about to enter into or has entered into.
- Legal/regulatory obligation – where CIMSPA has legal or regulatory purposes, such as the powers within its chartered statutes or HMRC requirements.
- Legitimate interests - where it is necessary for CIMSPA’s legitimate interests, and this is balanced with the individual User’s rights and freedoms.
Individual Users of the R2R can change their marketing preferences at any point in time. Marketing preferences do not include communications specifically relating to or regarding the management of contracts, membership or partnerships with CIMSPA.
CIMSPA uses data analytics on the R2R Platform (hosted on Brightspace) and third party applications (such as Facebook and Instagram) to improve the function, products, services, marketing, customer relationship and experiences to ensure that the R2R platform remains up to date and relevant to the needs of its users. Further information can be found in CIMSPA’s ReTrain to Retain Cookies policy.
CIMSPA keeps personal data relating to usage of the R2R platform according to our R2R platform data retention schedule, which can be found below.
Individual Users who have otherwise opted-in to sign-up and use the R2R platform, and/or communication from CIMSPA will have their data used and held by CIMSPA in accordance with the R2R platform Privacy Statement, data protection and IT security policies and procedures.
An individual who has opted-out of using the R2R platform and/or R2R communications from CIMSPA will have their data retained as detailed in the data retention schedule below.
Right to erasure
Individuals may request to have their data deleted and when they do so it will be deleted in accordance with the data retention schedule below. Data which cannot be deleted immediately will be held for CIMSPA’s legal, regulatory or business purposes which are governed by other legal or regulatory bodies, for example the HMRC.
The CIMSPA Data Retention Schedule for ReTrain to Retain data is detailed below:
CIMSPA is committed to preserving the confidentiality, integrity and availability of all the physical and electronic information assets throughout its operations. CIMSPA has put in place appropriate security measures to prevent personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In accordance with its data protection and IT security policy and procedures, CIMSPA limits access to personal data to employees, volunteers, contractors and disclosed third parties who have a business function to complete. The personnel and organisations will only process personal data on CIMSPA instructions and are subject to a duty of confidentiality and compliance with data protection laws. CIMSPA has procedures in place to monitor, identify and manage any suspected breaches of data protection laws with regard to such personal data. If a breach has occurred, CIMSPA will notify the individuals involved, of this breach where it is legally required to do so.
Sharing personal information
CIMSPA discloses personal information to third party organisations in order to operate its business. This is largely to service the benefits of memberships and partnerships with CIMSPA. Where CIMSPA shares personal data with third parties, it has made arrangements to protect and secure this data. Outside of these third parties, CIMSPA does not disclose personal information unless it is required to do so by law. Routine data controllers include organisation in Banking, CRM, eLearning, marketing and publishers, CIMSPA ensures that they are compliant with data protection laws and that such compliance is recorded and monitored through its contracts. CIMSPA may share information with a third party, for example an employer or education provider only where the individual has approved the sharing of the information. In order to provide the ReTrain to Retain, CIMSPA will share personal data with the following:
- Desire2Learn (D2L) who have been contracted to supply and host the learning system (Brightspace) which provides the R2R platform. Their privacy statement can be found here. Protected characteristics (gender, ethnicity, disability) will not be shared with D2L.
- UK Coaching who will provide programme benefits. Their privacy statement can be found here.
- EMD UK who will provide programme benefits. Their privacy statement can be found here.
CIMSPA may also share personal data with the following:
- Police, law enforcement and security services.
Individuals have the right to invoke any of the above at any point to CIMSPA and can do this by emailing email@example.com or calling 03438 360200.