Staying connected with Disc Golf England through EDGA digital networks.

Privacy policy for English Disc Golf Association (EDGA)

Effective Date: 22 May 2026

1. Introduction

The English Disc Golf Association (“EDGA”, “we”, “us”, or “our”) is an Unincorporated Association acting as the Data Controller for your information. This policy details how we collect, use, and protect your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. The Data We Collect

Through our membership portal and website, we collect the following information:

  • Household Identity: Full name, email address, and verified postal address of the Primary Member.
  • Extended Profile Data: Gender, mobile contact number, and club affiliation.
  • Sporting Identifiers: Unique EDGA membership numbers and PDGA numbers (if provided).
  • Junior Data: Names and dates of birth for members under 18, provided exclusively by a parent or legal guardian.
  • Technical & Security Data: Encrypted login credentials, IP addresses, and system logs required to prevent unauthorised access and spam.

3. Lawful Basis for Processing

We process your data under the following legal grounds:

  • Contractual Necessity: To administer your membership and provide access to the Association’s digital services.
  • Legitimate Interests: To maintain an accurate historical record of the sport in England, assign unique sporting identifiers, and secure our website against cyber-attacks and spam.
  • Legal Obligation & Safeguarding: For junior members, we collect date of birth to verify eligibility, ensure correct safeguarding measures, and administer junior-specific competitions.
  • Consent: For marketing communications and newsletters.

4. Email Updates and Newsletters

We use Mailchimp to manage our email lists and send updates. When you subscribe, your name, email address, and any preferences you provide are stored securely in Mailchimp.

  • International Transfers: Mailchimp is based in the United States and may process your data on servers located there. Mailchimp relies on Standard Contractual Clauses (SCCs) and additional safeguards to protect personal data when it is transferred outside the UK and EU.
  • Technical Security: We utilise Mailchimp’s API to add and update subscribers via an encrypted connection.
  • Unsubscribe: You can opt-out at any time via the Unsubscribe Form or through the link provided in any of our emails.

5. Third-Party Data Processors

We share data only with trusted partners necessary for the Association’s operations and security:

  • Stripe: For secure payment processing. We adhere to PCI-DSS standards; EDGA servers never store or transmit raw credit card data.
  • Website Security & Spam Protection: We use third-party services to protect the site from cyber-attacks, brute-force login attempts, and spam. These services may process your IP address and other technical data to verify that your interaction with our site is legitimate.
  • Administrative Sync: We use secure automation tools to synchronise website data with our internal, access-controlled administrative database.

6. Data Security

We take the security of your data seriously. We employ appropriate technical and organisational measures to protect your personal information against unauthorised access, accidental loss, or disclosure. This includes the use of encrypted connections (SSL) and scrambled, non-identifiable URL identifiers for member profiles to prevent unauthorised public access.

7. Data Retention

  • Profile Data: Retained for the duration of your active membership and account standing.
  • Historical Sporting Record: To preserve the integrity of the sport’s history in England, names and EDGA numbers are retained indefinitely as a permanent record of membership milestones.
  • Financial Audit: Transactional data is retained for 7 years to meet UK statutory accounting requirements.

8. Junior Data & Handover

The Primary Member (Adult) remains the custodian of junior data within the Household Model. When a junior member reaches the age of majority, the Primary Member can initiate a secure “Profile Claim” invitation, allowing the junior to establish their own independent account.

9. Your Rights

Under the UK GDPR, you have the right to request access to the data we hold, correct inaccuracies, or request erasure (subject to our requirements for historical record-keeping). To exercise these rights, please contact us via our Contact Form.

10. Cookies

For information on the cookies we use and how to manage your preferences, please see our Cookie Policy.

11. Club Affiliation & Directory System

This section applies to clubs submitting applications to the EDGA Club Affiliation and Directory system from 22 May 2026 onwards.

11.1 Data Collection

Through the Club Affiliation application forms, EDGA collects the following information:

  • Club Identity: Club name, location, contact email address, and website (if applicable).
  • Primary Contact: Name, email address, and phone number of the club’s primary contact person for EDGA correspondence.
  • Governance & Safeguarding Documents: For affiliation applications only: club constitution or governing documents, safeguarding policy, public liability insurance certificate, risk assessment, and welfare officer details (role only; personal names are deleted post-review).
  • Technical & Administrative Data: Form submission timestamps, application status, and reviewer notes.

11.2 Lawful Basis for Processing

We process Club Affiliation data under the following legal grounds:

  • Contractual Necessity: To assess applications, maintain the Club Directory, and administer affiliation status.
  • Legitimate Interests: To verify that clubs meet EDGA governance and safeguarding standards, maintain audit records, and protect the reputation of the EDGA Club Directory.
  • Safeguarding & Public Protection: To assess evidence of clubs’ safeguarding policies, insurance, and risk management in order to mitigate risk to participants.
  • Consent: By submitting an application form, you consent to EDGA processing your application in accordance with this policy and our Data Protection Statement (provided in the form).

11.3 Data Sharing & Access Control

Club Affiliation data is shared only with EDGA personnel necessary to administer the system:

  • EDGA Secretary: Full access to all applications, documents, and contact information for administrative management.
  • Assigned Review Owner: Access to the specific club’s application, documents, and contact information for assessment and approval decisions.
  • Safeguarding Lead (if escalation required): Access to safeguarding-related documents and notes only, when concerns are flagged.
  • EDGA Board: Access to anonymised summary data and affiliation decisions for oversight purposes only.
  • Public Directory: Only the club’s public contact email address and basic club information (name, location, activities) are made visible in the EDGA Club Directory listing (if approved). Personal contact details of individual staff or volunteers are not published.

We do not share your data with third parties outside EDGA except where legally required. Data is stored in Google Sheets and Google Forms (EDGA-controlled); we do not transfer data to external processors without explicit consent.

11.4 Data Retention Schedule

Different categories of Club Affiliation data are retained for different periods:

  • Personal Contact Details (main contact name, personal phone, personal email): Deleted within 3 months of application approval or rejection, or after form review is complete — whichever is sooner. Minimises personal data retained.
  • Public Contact Email Address: Retained for 12 months from approval (for directory listing and renewal contact). Deleted if affiliation is revoked or listing expires.
  • Application Forms & Responses: Retained for 12 months from submission as an audit trail. Archived after 12 months, then permanently deleted after a further 12 months (24 months total).
  • Governance & Safeguarding Documents (constitutions, policies, insurance certificates): Retained for 36 months from submission for compliance and audit evidence. Archived after 36 months and reviewed annually for permanent deletion.
  • Audit Log Entries & Incident Reports: Retained indefinitely (minimum 5+ years) for accountability, dispute resolution, and safeguarding investigation purposes. Moved to secure archive after annual review.

11.5 Personal Data Deletion Protocol

To minimise personal data retained, EDGA follows a mandatory deletion schedule:

  • Within 7 days of review completion: Personal contact details (name, phone, personal email) are deleted from the EDGA Affiliation database. Only public contact email (if approved for directory) and audit records are retained.
  • 12-month cleanup: When a club’s affiliation expires or is revoked, all remaining personal contact information is deleted. Only historical status records and public directory information are kept.
  • Quarterly audit: EDGA conducts a quarterly data audit to ensure personal data is deleted on schedule and access controls are maintained.

11.6 Your Rights

Under the UK GDPR, you (or your club’s nominated representative) have the right to:

  • Request access: Ask what personal data EDGA holds about your club and request a copy.
  • Request correction: Ask us to correct inaccurate information (e.g., updated contact details).
  • Request deletion: Ask us to delete your personal data, subject to our legal obligations to retain audit records and incident reports for safeguarding purposes.
  • Request restriction: Ask us to restrict how we use your data while a dispute is resolved.
  • Object to processing: Ask us not to use your data for a particular purpose (e.g., renewal contact), subject to our contractual and safeguarding obligations.

To exercise these rights, contact us via our Contact Form with the subject line “Club Affiliation Data Request” and specify your club name. We will respond within 30 days (or 60 days for complex requests).

11.7 Important Safeguarding Notice

EDGA does not provide legal or safeguarding advice, and does not inspect clubs’ operations or conduct DBS checks. Clubs remain entirely responsible for their own safeguarding, insurance, risk management, and legal compliance. If you have safeguarding concerns about a specific club, please contact us directly at [email protected].

11.8 Data Controller & Contact

The English Disc Golf Association (“EDGA”) is the Data Controller for Club Affiliation data. For questions about how we handle your club’s data, please contact us via our Contact Form or email [email protected].

12. Contact & Complaints

If you have questions about this Privacy Policy or how EDGA handles your data, please contact us via our Contact Form. If you believe EDGA has not handled your personal data in accordance with UK GDPR, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO).

Share this now