Introduction and Contact

  • Heriot’s Rugby Club Limited (‘the Club’) is a data controller and processor and, as such, is committed to protecting your personal data and respecting your
  • For the purpose of the GDPR, the contact person is the Director-Finance and Non- Rugby (finance@heriotsrugbyclub.co.uk).
  • We may update this Privacy Notice from time to time. Please check it regularly for any changes

Why we are providing this notice to you

The Club holds certain information (personal data) about you which is required to operate the Club as a legal entity and as an organisation belonging to its members. We are required by law to give you certain information about your personal data, how we use it and what safeguards are in place to ensure it is protected. This notice gives you that information.

Personal data held by us will be:

  • Used lawfully, fairly and in a transparent
  • Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those
  • Relevant and limited only to the purposes we have
  • Accurate and kept up to date
  • Retained for only as long as is necessary for the purposes
  • Kept securely.

Why we need the information – contractual

We need to collect personal information in order to manage your membership and we shall use it:

  • To set up and administer your online membership
  • To provide you with core membership services including information about Club meetings and events.
  • To send you communications by e-mail or post in relation to the above
  • To register your details with the Scottish Rugby Union, in the case of playing

If you are a volunteer, including coaches and officials, we shall use your personal information:

  • To enable us to provide you with the information required to carry out your duties on behalf of the
  • To send you communications by e-mail or post in relation to your

Why we need the information – legal

The directors hold personal data in their capacity as data controller for the proper administration of the club as a company limited by guarantee in accordance with their legal obligations including those of the Companies’ Acts and Scottish Rugby Union (SRU) regulations. This includes the need to process your data to contact you in relation to your membership of the Club and its activities or in respect of your duties as a volunteer. This may include our responsibilities in respect of The Protection of Vulnerable Groups (Scotland) Act 2007 to check that our coaches and volunteers are in a position to undertake regulated duties with children and vulnerable adults.

Why we need the information – legitimate interests

We may use your personal information for legitimate interests including:

  • To promote the Club and its activities by sending information about Club events including booking
  • To promote the game of rugby by sending information on rugby generally or as requested or directed by the Scottish Rugby
  • To communicate with you regarding queries, complaints or allegations in relation to the Club and its Rules. We shall use your personal information to follow up or investigate these queries, complaints or allegations and to take appropriate

In connection with the above, you have the right to object to your personal information being used in this way. If we agree with your objection, this may affect our ability to provide you with the benefits or requirements of you as a member or volunteer.

Why we need your personal information – other purposes

We may require to use your personal information for other purposes. In this case, we shall provide you, in advance, with an additional privacy policy on how we shall use your personal information.

What data we need and where we obtain it

The types of data about you which we hold and process includes:

  • Contact details- name, address, telephone number, e-mail address
  • Membership category and value
  • Bank details
  • Relevant correspondence and documents relating to your membership of, or duties with the Club and your interest and participation in its

In the case of junior members, we additionally hold contact details of parents, etc. together with dates of birth and any relevant medical details which may be required in an emergency.

In the case of players, we may also ask for personal information relating to your personal development as a rugby player, including nutrition requirements.

The personal data held is all obtained directly from you, either online through the Club’s website or by means of completed forms.

Those that we may share this data with

From time to time, we may share your personal data with those who carry out services that help us carry out our duties and rights in relation to the Club. These include:

  • Legal advisers
  • Independent accountants
  • Supplier of IT services in relation to membership systems
  • Bankers
  • In the case of junior members, our age group rugby coaches for junior members in their group (subject to PVG memberships being in place)
  • In the case of playing members, we require to register your details with Scottish Rugby’s Registration System (SCRUMS).

Those referred to above will not share this data with other persons or organisations. They agree to implement reasonable contractual and technical protection, to keep your data confidential, not to sell your personal data to third parties and to not disclose your personal data to third parties except as may be required by law, as permitted by the Club or as stated in this Privacy Policy.

We do not carry out any automated processing for marketing purposes using your personal data and, although we will use your data to inform you of Club activities and events and those advised to us by the SRU, we will not share your personal data with anyone else for marketing purposes.

How we protect your personal information

Your personal information is stored on our electronic membership system (known as ‘Aimee’) in the case of members and otherwise on the Club’s computer. These are based in the United Kingdom and accessed by our staff and volunteers for the purposes outlined above. Access is password protected.

You have online access to your own personal membership information but not to that of any other member.

How long we keep your data

We shall only keep your personal data for as long as we need in order to fulfil the purposes for which it was collected and for so long afterwards as we consider may be required to deal with any questions or complaints that we may receive about our administration of the Club, unless the law requires us to keep it for a longer period.

Your Rights

You have a right of access and a right to obtain a copy of the personal data that the Club holds about you. You also have a right to ask for correction of personal data if there are any errors or if the data is out of date.

In some circumstances, you may also have a right to ask the Club to restrict the processing of your personal data, to object to processing or to transfer or erase your personal data.

If you require to exercise any of these rights, please e-mail the Director- Finance. You also have the right to lodge a complaint in relation to this privacy notice or the Club’s processing activities with the Information Commissioner’s Office (www.ico.org.uk).


We may update this Notice from time to time. We shall inform you of the changes and the date on which the changes take effect.

May 2018