fccDataPrivacy for Clubs and Associations

Similar to public authorities or companies, non-profit organisations like Clubs and Associations are subject to the data privacy law (GDPR, ePrivacy, local law). Depending on their size Clubs or Associations are not obliged to implement the entire set of rules and processes, however, law may change or high courts are refining the way to interpret the law - therefor we strongly recommend to do so.

We often are in contact with Clubs claiming GDPR compliance because they provide a data privacy policy and a cookie banner (created by adapting generic templates or using freeware generators available on the market). As described in 'Everyone is talking about Data Protection' GDPR compliance is much more including storage of all consent events, support of various processes covering user rights, and many more.

 

fccDataPrivacy for Clubs is a full GDPR implementation for an affordable price.

Clubs and associations usually use a standard software for the administration of their members, the publication of an event calendar and the club's internal accounting. In addition, they operate a website and the web tool / CMS is either integrated into the club administration software or created with a standard web tool / CMS.

fccDataPrivacy for clubs is based on this model and offers a hosted integrated data protection platform containing all GDPR relevant elements:

  • Preparation of legal documents (privacy policy, cookie policy and cookie banner)
  • Processing activities based on the used club administration software including the related contract processing agreements)
  • Automated updating of legal documents in the event of changes to the law
  • Installation instructions of the solution for the client's web environment
  • Website Visitor View (Privacy Policy, Cookie Policy and Cookie Banner)
  • Backend view (consent, processing activities)
  • Employee training and training certificate
  • And much more.

Please note: Clubs without club administration software can also use fccDataPrivacy (see: Questions and Answers).

 

fccDataPrivacy for Clubs is provided in 3 editions:  

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Description of the functions:

Legal Documents    

Legal documents are:

  • Privacy policy
    The data protection declaration (GDPR Art. 13 and 14) describes how data (in particular personal data) is processed by an organisation, i.e. how this data is collected, used and whether it is passed on to third parties. In addition, it is often described what measures the organisation takes to ensure the privacy of its customers or users.
  • Cookie Policy
    Based on the e-Privacy Policy (or Cookie Act), organizations are required when using cookies not to collect a user's personal information without their consent. The Cookie Policy must identify all cookies used to collect personal information.
    The fccDataPrivacy website doesn't use any tracking Cookies.
  • Cookie Banners
    The cookie banner is the legal implementation of the cookie policy and is displayed on a website during the user's first visit (and, depending on the configuration, also during further visits) and allows the user to permit or refuse the installation of cookies on his computer.

Processing Activities      

According to Article 30 GDPR (processing activities), each controller must maintain (and keep up to date) a processing register. This includes

  • Name and contact details of the controller
  • Purposes of processing
  • Description of categories of data subjects and data
  • Categories of recipients
  • Third countries to which data are transferred
  • Deletion periods for personal data
  • technical and organisational measures to protect data.

For supported club administration software, the processing activities in fccDataPrivacy is already defined for clubs. These processing activities are based on the functional capabilities of the respective club administration software and not on the actual use in a club / association. If desired, the processing activities can be adapted to the actual use (project according to expenditure).

Consent      

Generally the processing of personal data of natural persons is prohibited (Art. 6 GDPR, lawfulness of processing), unless it is explicitly permitted by a number of recitals. One of these recital is consent. Consent is required for all newsletters or online orders, i.e. for all web forms that collect personal data. The website operator (responsible person) must be able to prove consent, i.e. all given consent must be stored.

fccDataPrivacy stores all consents in the background and makes them available in the admin portal. 

Consent includes:

  • who provided the consent
  • when and how consent was acquired from the individual user
  • the consent collection form they were presented with at the time of the collection
  • which conditions and legal documents were applicable at the time that the consent was acquired.

User Rights     

According to Art. 12 (Rights of the Data Subject) and 13- 22 (Information and access to personal data), GDPR provides the following rights for individuals (aka data subjects, users):

  • The right to be informed
    Individuals have the right to be informed about the collection and use of their personal data. This is a key transparency requirement under the GDPR.
  • The right of access 
    Individuals have the right to access their personal data.
  • The right of rectification
    The GDPR includes a right for individuals to have inaccurate personal data rectified, or completed if it is incomplete.
  • The right to erasure
    The GDPR introduces a right for individuals to have personal data erased. The right to erasure is also known as ‘the right to be forgotten’.
  • The right to restrict processing
    Individuals have the right to request the restriction or suppression of their personal data. This is not an absolute right and only applies in certain circumstances.
  • The right to data portability
    The right to data portability allows individuals to obtain and reuse their personal data for their own purposes across different services. It allows them to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without affecting its usability. 
  • The right to object
    The GDPR gives individuals the right to object to the processing of their personal data in certain circumstances. Individuals have an absolute right to stop their data being used for direct marketing.
  • Rights in relation to automate decision making and profiling
    The GDPR has provisions on automated individual decision-making (making a decision solely by automated means without any human involvement) and profiling (automated processing of personal data to evaluate certain things about an individual). Profiling can be part of an automated decision-making process. The GDPR applies to all automated individual decision-making and profiling. Article 22 of the GDPR has additional rules to protect individuals if you are carrying out solely automated decision-making that has legal or similarly significant effects on them.

fccDataPrivacy has implemented these rights and the related processes can be triggered within the Admin Portal.

Admin Portal      

The admin portal contains all the functions, documents and data required for ongoing operations, including auto trail (proof of change).

The website as well as the admin portal are state-of-the-art protected against cyber attacks and access to the admin portal is additionally secured with two-factor authentication.

Education        

As a registered customer, your defined users have access to a Learning Management System (Campus) which offers initial and ongoing learning lessons about GDPR and how to use GDPR in a Club. Each learning session is accompanied by a short examination (Quizz). When passing the quizz with 75% correct answers the user will receive a certificate and this education will be registered within your education evidence (which is a legal obligation to demonstrate the education proof).

Support            

Registered customers have access to a ticketing system in order to report problems.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Pricing example for a Standard Edition with 2 languages:

  • 1 x one-time implementation = CHF 260.00
  • 2 x Licence per Language = CHF 54.00
  • 1 x Hosting = CHF 110.00
  • Totally: CHF 260.00 one-time and CHF 164.00 yearly running cost.

Please refer to the fccDataPrivacy Pricing Guide for more detailed information about Pricing. 

 

 

Questions & Answers

Clubs, which carry out their administration without club administration software (e.g. manually or with self-assembled tools), can select and order the appropriate fccDataPrivacy for SMB edition for their needs.

The creation of the processing directory is then a project based on time and effort. Since the processing activities in all associations are similar, the creation of the processing directory should be carried out in one day.

The editions are mainly intended to reflect the size of clubs and associations (number of members). While the legally supported framework is identical for both editions, there are differences in the number of authorized persons for access to the fccDataPrivacy Portal as well as in the form of support.

Yeah, anytime. Just create a ticket and we'll do the upgrade. You will then be charged the pro-rata fees for the remainder of the current subscription period.

Please note: A downgrade between the editions is not possible.

The subscription term is one year with automatic renewal for a further year if not cancelled 1 month before the end of the subscription term. Cancellations can be made in writing or in text form (e.g. by e-mail or contact form).

In the event of termination within the subscription term, no pro-rata repayment will be made.

For the fccDataPrivacy part, all data is stored in secure data centres in Switzerland and EU member states.

For your club administration software, please read the information provided by your software vendor (usually club administration software is hosted as a SaaS model and your vendor's privacy policy should state where their data centers are located).

For the Public Part (the elements visible to visitors of your webpage: Privacy Policy, Cookie Policy, Cookie Banner) we currently support Dutch, English, French, German, Italian, Portuguese, Russian and Spanish).

The Process Activities and the fccDataPrivacy Admin Portal are currently supported in English and German.

fccDataPrivacy is installed in your web tool. The installation procedure for the supported web tools is well documented and tested. The installation effort depends on the skills and experience of the person performing the installation. A professional or semi-professional web developer can complete the installation within a few hours.

If you do not have the resources for the installation yourself, you are welcome to contact one of our installation partners.

fccDataPrivacy ships for a number of supported environments. These are the most popular native CMS tools (such as WordPress, Joomla!, Magento), integrated web tools with your club management software, or any combination of the above. For a list of supported environments, please refer to Supported Platforms.

It is our goal to support the tools used by our customers. If your environment is not on the list of supported environments, just let us know and we will either show you how to install it or start working on the integration. We don't charge for new integrations - even better, the first customer we implement a new integration for gets a 100% discount on the installation fees.

Some CMS do not support all technologies necessary for the proper operation of fccDataPrivacy. Under Q&A you will find the information and tips & tricks to set up your CMS for the operation of fccDataPrivacy.

fccDataPrivacy for Clubs is designed for partners and we support both, Distribution and Installation Partners. Typical partners are web agencies, web hosting providers or providers of Club Administration software. Please contact us for further information.