TAE KWON-DO

Tae (태, 跆) means to jump kick or smash with foot
Kwon (권, 拳) means to punch strike or destroy with hand
Do (도, 道) means art method or way

Data Protection & Privacy Policy

Taekwondo West Sussex adheres to a strict Data Protection & Privacy Policy. The club does not hold members’ personal data directly; all membership and personal information is managed and securely stored by the Taekwondo UK (TKUK) Council. TKUK’s data protection and privacy policies, which govern how this information is collected, used, and safeguarded, are shown below.
TCUK Data Protection Policy Effective Date: 9 October 2025
1. Purpose and Scope
1.1 The Taekwondo Council UK (“TCUK”, “the Council”) is a voluntary, non-profit national governing body for Taekwondo in the
United Kingdom. TCUK is not currently recognised or funded by Sport England.
1.2 This policy sets out how TCUK complies with applicable data protection law, including the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, the Privacy and Electronic Communications Regulations (PECR), and, where relevant, the EU GDPR for data about individuals in the EEA.
1.3 The policy applies to all personal data processed by or on behalf of TCUK, whether held electronically or on paper. It covers members, instructors, officials, volunteers, event participants, suppliers, and other stakeholders.
1.4 This policy applies to all officers, committee members, volunteers, contractors, club officials, and any third party processing data for TCUK.

2. Definitions
2.1 Personal Data: Information relating to an identified or identifiable living person.
2.2 Special Category Data: Personal data requiring extra protection (e.g., health, ethnicity, biometric data used for ID).
2.3 Processing: Any operation performed on personal data (collection, storage, use, disclosure, deletion).
2.4 Data Subject: The individual to whom the personal data relates.
2.5 Data Controller: The organisation determining purposes and means of processing (TCUK).
2.6 Data Processor: A third party processing personal data on behalf of TCUK.
2.7 Data Breach: A security incident leading to accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data.

3. Data Protection Principles
TCUK adheres to the principles in UK GDPR Article 5. Personal data must be:
1. Lawful, fair, transparent
2. Collected for specified, explicit, legitimate purposes
3. Adequate, relevant, limited to what is necessary (data minimisation)
4. Accurate and kept up to date
5. Kept no longer than necessary (storage limitation)
6. Processed securely (integrity and confidentiality)
7. Accountability: TCUK is responsible for and must be able to demonstrate compliance.

4. Roles and Responsibilities
4.1 Council / Board
4.1.1 Holds overall accountability for compliance with data protection law and this policy.
4.1.2 Approves this policy and ensures adequate resources for its implementation.
4.1.3 Receives periodic compliance and incident reports.
4.2 Data Protection Lead (DPL)
Adrian Sweeney – Senior Independent Director (Marketing & Technology)
Email: adriansweeney@tkdngb.co.uk
Responsibilities:
4.2.1 Oversee compliance with UK GDPR, Data Protection Act 2018 and PECR.
4.2.2 Maintain Records of Processing Activities (Article 30 register) and the Data Processing Register.
4.2.3 Advise the Board, instructors, and affiliated clubs; coordinate training and awareness.
4.2.4 Act as contact for data subjects and the ICO; manage complaints.
4.2.5 Lead incident and breach response; notify the ICO within 72 hours where required and affected individuals where there is high risk.
4.2.6 Oversee Data Protection Impact Assessments (DPIAs) where processing is likely to result in high risk.
Note: TCUK is not legally required to appoint a statutory DPO; the DPL fulfils an equivalent governance function.
4.3 Officers, Instructors, Staff, Volunteers
4.3.1 Handle personal data only as necessary for their role and in line with this policy.
4.3.2 Keep data secure and confidential; report incidents immediately to the DPL.
4.3.3 Complete required training.
4.4 Third-Party Processors
4.4.1 Must act only on TCUK’s documented instructions under a Data Processing Agreement (DPA) compliant with UK GDPR Article 28.
4.4.2 Must implement appropriate technical and organisational measures and assist TCUK with data subject rights and breach notifications.
4.4.3 Cannot act as TCUK’s DPL or DPO due to conflicts of interest.

5. Lawful Bases for Processing
Processing will be based on one or more of the following (UK GDPR Article 6):
5.1 Consent (freely given, informed, unambiguous)
5.2 Contract (membership, instructor accreditation, event entry)
5.3 Legal obligation (e.g., HMRC, safeguarding, insurance)
5.4 Vital interests (urgent medical/safety matters)
5.5 Legitimate interests (organisation and administration of TCUK where rights are not overridden)
For special category data (Article 9), TCUK will identify an additional lawful condition (e.g., explicit consent, substantial public interest for safeguarding, health and safety, or legal claims).

6. Transparency (Privacy Information)
TCUK will provide clear privacy information at the point of data collection (or as soon as practicable thereafter) explaining: controller identity, purposes, lawful bases, retention, sharing, transfers, and rights, with contact details for the DPL. (See Privacy Notice.)

7. Data Subject Rights
Individuals have the right to:
7.1 Be informed (privacy notice)
7.2 Access their data (Subject Access Request)
7.3 Rectification of inaccurate data
7.4 Erasure (where applicable)
7.5 Restriction of processing
7.6 Data portability (where applicable)
7.7 Object to processing (including direct marketing)
7.8 Rights related to automated decision-making (if used)
Requests should be sent to adriansweeney@tkdngb.co.uk. TCUK will respond within one calendar month of verifying identity (extensions possible where legally permitted). Some rights may be limited by legal obligations or third-party privacy.

8. Data Collection, Use, Sharing
8.1 Collection & Use – TCUK collects personal data for membership and instructor administration, gradings and events, communications, insurance, safeguarding, and compliance.
8.2 Sharing – Data is shared only when necessary and lawful with, for example, insurers, event organisers, recognised bodies, IT/database providers (as processors), and safeguarding or law-enforcement authorities where required by law.
8.3 Marketing & PECR – TCUK will obtain consent where required for e-marketing to individuals and will honour objections to marketing at any time.
8.4 International Transfers – If data leaves the UK/EEA, TCUK will ensure appropriate safeguards (e.g., UK IDTA, EU SCCs, or adequacy decisions) consistent with UK GDPR/EU GDPR Articles 44–49.

9. Retention and Disposal
9.1 Personal data will be kept only as long as necessary for its purpose.
9.2 Retention periods are defined in the Data Retention Schedule.
9.3 Data will be securely deleted, anonymised, or destroyed when no longer required.
9.4 Longer retention may apply where required by law or in connection with safeguarding or legal claims.

10. Security of Personal Data
10.1 TCUK will implement appropriate technical and organisational measures, proportionate to risk. Measures may include access controls, encryption, secure storage, strong authentication, patching, backups, physical security for paper records, and secure disposal.
10.2 Personal data will not be stored on personal devices or shared via unsecured channels except where authorised and appropriately protected.
10.3 Vendors handling TCUK data must meet agreed security standards under a DPA.

11. Breach Management
11.1 A personal data breach includes accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data.
11.2 All staff, volunteers, and officers must report suspected breaches immediately to the DPL.
11.3 The DPL will investigate, contain, assess risk, record the breach, and, where required, notify the ICO within 72 hours and affected data subjects without undue delay.
11.4 All incidents will be logged and periodically reviewed to prevent recurrence.

12. Children and Safeguarding
12.1 Many participants are under 18. TCUK will handle children’s data with particular care, ensuring appropriate consent (parent/guardian where required) and age-appropriate transparency.
12.2 Safeguarding information will be restricted to authorised personnel and shared only where necessary and lawful.
12.3 CUK follows its Safeguarding Policy and relevant statutory guidance.

13. Training and Awareness
13.1 All officers, instructors, volunteers, and staff who handle personal data must complete data protection training and periodic refreshers.
13.2 The DPL will maintain training records and issue guidance.

14. Monitoring, Audit, and Review
14.1 Compliance with this policy may be monitored through spot checks or audits.
14.2 This policy will be reviewed annually or sooner if legal or organisational changes require it.
14.3 Updates will be approved by the Council / Board and communicated to relevant parties.

15. Complaints and Contact
For questions, concerns, or to exercise your rights, contact:
Adrian Sweeney – Data Protection Lead
Email: adriansweeney@tkdngb.co.uk
Web: www.tkdngb.co.uk
If you are not satisfied with TCUK’s response, you can complain to the Information Commissioner’s Office (ICO): www.ico.org.uk | 0303 123 1113.

16. Related Documents
16.1 Privacy Notice (Members, Instructors, Participants)
16.2 Safeguarding Policy
16.3 Data Retention Schedule
16.4 Data Breach Response Procedure
16.5 Subject Access Request Procedure
16.6 Data Processing Agreement (Processor) Template

Privacy Notice (Members, Instructors & Participants)
Contact: Adrian Sweeney – Data Protection Lead
adriansweeney@tkdngb.co.uk
www.tkdngb.co.uk

1. Who We Are
The Taekwondo Council UK (TCUK) is a voluntary, non-profit national governing body for Taekwondo in the United Kingdom. We support affiliated instructors, clubs, and members through licensing, grading, events, and standards oversight. TCUK is a data controller under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. What Personal Data We Collect
We collect and process the following types of personal data when you join, register, or participate in TCUK activities:
2.1 Full name, date of birth, gender, and contact details (address, phone, email)
2.2 Membership and grading history
2.3 Instructor qualifications and insurance details
2.4 Club affiliation and licence information
2.5 Event participation records
2.6 Health or medical details (for safety or injury reporting)
2.7 Safeguarding information (where applicable)
2.8 Payment or insurance reference data (limited)
2.9 Photographs or video (with consent)

3. How We Collect Your Data
Your data may be collected directly from:
3.1 Membership or instructor registration forms
3.2 Event entry or grading applications
3.3 Email or phone communications
3.4 Club or instructor submissions (affiliated to TCUK)
3.5 Disciplinary or safeguarding processes (where required by law)
We may also receive limited information from insurers, event organisers, or national partners where relevant to your membership or participation.

4. Why We Use Your Data
We process your personal data to:
4.1 Manage membership, instructor registration, and licensing
4.2 Administer gradings, courses, and events
4.3 Maintain insurance and compliance records
4.4 Promote safe practice, safeguarding, and welfare
4.5 Communicate with members and instructors about TCUK activities
4.6 Maintain national records and statistics to support Taekwondo development
4.7 Comply with legal and regulatory requirements

5. Our Lawful Bases for Processing
Under Article 6 of the UK GDPR, our lawful bases are:
5.1 Contract: To manage your membership, licence, or participation.
5.2 Legal Obligation: To meet insurance, safeguarding, and financial record-keeping requirements.
5.3 Consent: For optional activities such as photographs, marketing emails, or promotional listings.
5.4 Legitimate Interests: To manage the organisation effectively, promote the sport, and ensure proper governance.
5.5 Vital Interests: Where necessary to protect your life or safety (e.g., medical emergencies).

For special category data (e.g., health or safeguarding), we rely on:
5.6 Explicit Consent, or
5.7 Substantial Public Interest (safeguarding, equality monitoring, or legal obligations).

6. Sharing Your Personal Data
We only share data when necessary and lawful, for example with:
6.1 Insurance providers and underwriters
6.2 Event and venue organisers
6.3 DBS or safeguarding authorities (where appropriate)
6.4 Law enforcement or statutory bodies (where legally required)
6.5 IT and database providers acting as data processors under written contracts

We never sell or trade personal data.

7. International Transfers
TCUK normally stores and processes data in the UK. If data is transferred outside the UK or EEA, we will ensure it is protected using recognised safeguards such as adequacy decisions or Standard Contractual Clauses.

8. Data Retention
We keep personal data only as long as necessary for the purposes listed above and in line with our Data Retention Schedule. Typical examples:
8.1 Member/instructor data – up to 6 years after membership ends
8.2 Safeguarding records – until age 25 or 7 years after case closure
8.3 Financial records – 7 years (statutory)

When data is no longer needed, it will be securely deleted or anonymised.

9. Your Data Protection Rights
You have the following rights under the UK GDPR:
9.1 Access – to request a copy of your data
9.2 Rectification – to correct inaccurate data
9.3 Erasure – to request deletion (“right to be forgotten”)
9.4 Restriction – to limit how we use your data
9.5 Portability – to receive data in a transferable format
9.6 Objection – to certain processing (including marketing)
9.7 Withdraw consent – where processing is based on consent

Requests can be made in writing or by email to: adriansweeney@tkdngb.co.uk

We will acknowledge requests within 10 working days and respond within one month, unless the request is complex.

10. Protecting Your Data
We take data security seriously. TCUK uses appropriate organisational and technical measures, including:
10.1 Secure systems with password and access controls
10.2 Encryption of sensitive information
10.3 Role-based access for authorised personnel only
10.4 Staff and volunteer data protection training
10.5 Regular review of systems and procedures

11. Photography and Media
We may take photos or video at events to promote Taekwondo. Images will only be used where consent has been given (or parent/guardian consent for minors). You can withdraw consent at any time by contacting the Data Protection Lead.

12. Changes to This Notice
We may update this Privacy Notice to reflect legal or operational changes. The current version will always be available on our website at www.tkdngb.co.uk.

13. Contact and Complaints
For any questions, requests, or complaints about data protection, please contact:
Adrian Sweeney
Senior Independent Director (Marketing & Technology)
Data Protection Lead
adriansweeney@tkdngb.co.uk

If you are not satisfied with our response, you can contact:
Information Commissioner’s Office (ICO)
www.ico.org.uk | Tel: 0303 123 1113

For more information please contact Karl
Call on 07771-905039 or Email karl@karljamestaekwondo.co.uk