Teams

Seniors

Chiefs

Harlequins

Bideford Colts

Ladies

Bideford Ladies

Bideford Vixens

Junior Girls

Minis & Junior

Welcome!

Membership

Fixtures 2025/26

Chiefs, Harlequins & Colts

Ladies

Minis & Juniors

News & Events

Gallery

Seniors

Ladies

Days Gone By

Membership

About Us

Our History

Our Sponsors

Our Officials

Sponsorship Opportunities

Safeguarding & Player Welfare

Code of Conduct

Drugs Policy

Contact Us

Shop

Privacy Policy

Privacy Policy (Bideford Rugby Club)

1) Who we are

Bideford Rugby Club (“the Club”, “we”, “us”) is the data controller for the personal data described in this Privacy Policy.

Contact us (data protection):
Email: info@bidefordrugby.co.uk
Post: Clun Secretary, Bideford RFC, King George’s Field, Victoria Park, Bideford, Devon, role name here.)

2) Definitions (acronyms)

  • UK GDPR: United Kingdom General Data Protection Regulation.

  • GDPR: General Data Protection Regulation

  • DPA 2018: Data Protection Act 2018.

  • ICO: Information Commissioner’s Office (the UK data protection regulator).

  • RFU: Rugby Football Union.

  • GMS: Game Management System (the RFU’s membership/registration system).

  • DBS: Disclosure and Barring Service (criminal record checks).

  • eDBS: The RFU’s online DBS checking process/system (where used).

  • CCTV: Closed-Circuit Television (video surveillance).

  • NI: National Insurance (number).

3) What this policy covers

This policy explains what personal data we collect, how we use it, who we share it with, how long we keep it, and your rights.

4) Summary of how we use your data

We use your personal data to manage and administer your involvement with the teams and the Club, and to keep in contact with you for these purposes.

Some data is shared with the RFU via GMS. The RFU uses this to regulate, develop and manage the game.

We use an email management system called Brevo to send general email updates about fixtures and club events.

Where emails are sent based on consent (for example, where you have opted in to marketing-style emails), you can withdraw consent at any time.

5) What personal data we collect

We collect and process personal data from you (or, for junior members, from a parent/guardian) when you join and when we renew membership. This may include:

Identity & contact details

  • Name, gender, date of birth

  • Home address, email address, telephone number(s)

  • RFU ID (where allocated in GMS)

Membership & participation

  • Type of membership and involvement in teams

  • Key role(s) you hold within the Club

  • Records of team performances, match reports, score lines and (where applicable) team sheets

Photos and media

  • A photograph of yourself (e.g., for membership administration and/or club communications, depending on how you provide it and your choices)

Juniors

  • School year group (and, only where necessary for administration, school details as provided)

Payments

  • Bank details where you provide these to pay membership or 200 Club membership

Health / medical (special category data)

  • Medical conditions, disability, injuries, and other relevant health information where you (or a parent/guardian) have provided explicit consent or where it is otherwise necessary for the reasons explained below.

Employment (where applicable)

  • If you are employed by us, we may ask for and store passport/right-to-work information and NI details to check eligibility to work.

Disciplinary / incidents

  • Details of disciplinary issues or incidents you have been involved with on or off the pitch (where relevant to the sport/Club context and appropriate).

Information from third parties

  • We may receive information from third parties such as a school, and via GMS (for example, existing registrations at other clubs, and relevant disciplinary records).

  • For those working with children, we may receive information from the DBS and/or RFU regarding the status of checks.

6) How we use your data (purposes)

We use your personal data to:

  • Administer and manage membership and participation in teams and club activity

  • Organise fixtures, training, events and communications

  • Take payments and manage subscriptions (including 200 Club membership)

  • Maintain club records, history and performance records (including match reports and results)

  • Support welfare/safety: where relevant and consented, record health information so coaches/first aiders can support you appropriately

  • Conduct safeguarding/eligibility administration (e.g., DBS checking for relevant roles, recording course attendance/qualifications where required)

  • Maintain security at club premises through CCTV and investigate incidents where necessary

7) Lawful bases (legal grounds) for processing

UK GDPR requires a lawful basis for processing personal data. We rely on the following bases depending on the activity:

a) Contract
Where processing is necessary to administer membership and provide club participation/services you request.

b) Legitimate interests
Where processing is necessary for the day-to-day running of a community sports club (e.g., organising teams and fixtures, maintaining club records and history, communicating operational information). Where we rely on legitimate interests, we balance those interests against your rights and expectations.

c) Legal obligation
Where we must process data to comply with the law (for example certain finance, tax, employment and safeguarding-related obligations).

d) Consent
Where we ask for consent (for example some marketing-style email lists, or certain uses of photos/media depending on how you provide them), you can withdraw consent at any time.

Special category data (health/medical)
Health and medical information is “special category” data. Where we process it, we will identify:

  • an Article 6 lawful basis (such as legitimate interests or vital interests in an emergency where applicable), and

  • an Article 9 condition—most commonly explicit consent (or parent/guardian explicit consent for juniors) for the specific purpose of recording relevant health/injury information to support welfare and safe participation.

8) Email communications (Brevo) and juniors/parents

Brevo
We use Brevo to send general email updates about fixtures and club events. Only the information needed for email distribution and list management is shared with Brevo (typically email address, age category/junior status and membership status).

Juniors and parent/guardian emails
Where a junior member is emailed because they have signed up via GMS, any parent/guardian email addresses linked in GMS may also be emailed with the same relevant communications.

Opting out / withdrawing consent
Where emails are sent based on consent, you can withdraw consent at any time (for example by using the unsubscribe link in emails or by contacting the Club).

9) Sharing your data

We do not sell your personal data.

We may share data with:

  • RFU via GMS (for registration, administration of the game, and related governance requirements)

  • Brevo (email distribution service provider) as described above

  • Other clubs / rugby organisations where needed to organise matches and administer the game (for example team/admin contact lists)

  • Government authorities or law enforcement bodies if required by law

  • DBS / RFU systems where relevant to roles requiring checks (status information recorded in GMS as part of game administration)

We aim to share the minimum necessary information for the purpose.

10) International transfers

Some suppliers (including email and IT providers) may process data outside the UK. Where this happens, we will ensure appropriate safeguards are in place as required by UK GDPR (for example, international transfer mechanisms and contractual protections).

11) CCTV

We use CCTV to maintain the security of our premises and may use footage to investigate incidents at the Club or its premises.

Clear signage is displayed to inform people that CCTV is in operation and who to contact with queries.

12) How long we keep your data (retention)

We keep personal data only for as long as needed for the purposes set out in this policy, and then securely delete or anonymise it.

  • Membership records: while you are an active member and typically for six (6) years afterwards.

  • Wage/employment records: typically five (5) years (or longer where required by law).

  • Statutory records: we keep information required for legal/statutory reasons for as long as required.

  • CCTV: retained for a limited period appropriate to the purpose, and longer only if required to investigate an incident.

13) Your rights

You have rights under UK GDPR, including:

  • the right to be informed

  • right of access

  • right to rectification

  • right to erasure (in some circumstances)

  • right to restrict processing

  • right to object (particularly where we rely on legitimate interests)

  • right to data portability (in some circumstances)

  • right to withdraw consent (where consent is the basis)

To exercise your rights, contact us using the details in section 1.

14) Complaints

If you have concerns, please contact the Club first so we can try to resolve them. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO).

15) Changes to this policy

We may update this Privacy Policy from time to time. The latest version will be published on our website.

Last Updated 01/03/2026

Bideford U16s Celebrate Devon Pathway Success

read more

Quins Build Towards Final Clash after Cancelled Fixture, as Young Talent Steps Up Across the Club

read more

Last-Gasp Penalty Breaks Bideford Hearts at South Molton

read more

Our Sponsors

Find us

Bideford RFC

King George's Field

Victoria Park

Bideford

Devon

EX39 2QS

Contact us

01237 474049
leave a message

Affiliations

leave a message

Copyright © 2018 Bideford RFC  

  Privacy Policy  

  Made with

in Bristol