Last updated: 20 June 2026
1. Who we are
Durham & Northumberland Archery Association (“DNAA”, “we”, “us” or “our”) is the county association for archery in Durham and Northumberland. For the purposes of UK data protection law, including the UK General Data Protection Regulation (“UK GDPR”) and the Data Protection Act 2018, DNAA is the data controller for the personal data described in this policy.
2. What personal data we collect
We only collect personal data where it is necessary for DNAA’s activities, website operation, governance, safeguarding, event administration or communication with you. This may include:
Contact enquiries
- Name
- Email address
- Any information you include in your message
Website usage
- IP address
- Browser type
- Pages visited
- Server logs
- Cookies and similar technologies, as explained in section 7 of this Privacy Policy
Media
- Photographs taken at DNAA run events
- Photographs submitted by clubs or individuals
- Consent records (where required)
3. Why we use your personal data
We use personal data for the following purposes:
- Responding to enquiries sent via the contact form or email
- Managing county events, tournaments, and results
- Publishing news, updates, and media relating to DNAA activities
- Maintaining website security and performance
- Fulfilling our governance responsibilities as a county association
- Complying with legal obligations (e.g., safeguarding, incident reporting)
4. Lawful bases for processing
We rely on different lawful bases depending on why we are using your personal data:
- Legitimate interests – to respond to enquiries, administer DNAA activities, run county events, publish routine news and results, and maintain our website and records. We only rely on this basis where our interests are not overridden by your rights and freedoms.
- Consent – where we ask for specific permission, for example for certain identifiable photographs or optional publicity uses. You can withdraw consent at any time.
- Legal obligation – where we must process information to comply with legal or regulatory duties, including safeguarding, incident reporting and record keeping.
- Contract – where processing is necessary to provide or administer activities, entries, bookings or membership-related services requested by you or your club.
- Vital interests – in rare cases, where processing is necessary to protect someone’s life or safety.
5. Who we share your personal data with
We may share personal data only where necessary and appropriate, including with:
- DNAA Executive Committee members and appointed officers where relevant to your enquiry, event, role or request
- Event organisers, judges, records officers, team managers or safeguarding officers where appropriate
- Website, email, IT and hosting service providers acting on our behalf
- Archery GB, clubs, leagues or other archery bodies where required for governance, competition administration, insurance, safeguarding or disciplinary purposes
- Regulators, public authorities or law enforcement where we are legally required to do so
We do not sell or transfer your data to third parties for marketing.
Where third-party service providers process personal data for us, we expect them to keep it secure and use it only for the agreed purpose.
6. How long we keep your personal data
- Contact enquiries: normally retained for up to 12 months after the enquiry is resolved, unless needed for a longer period for governance, safeguarding or legal reasons.
- Event administration records: retained for as long as needed to administer the event, confirm results, handle queries and meet governance or insurance requirements.
- Event results and records: may be retained and published for archery record keeping, historical results and competition administration.
- Event media: normally retained for up to 5 years unless consent is withdrawn or there is another lawful reason to keep it.
- Safeguarding and incident records: retained in line with Archery GB guidance, statutory requirements and safeguarding best practice.
- Website logs: normally retained for up to 12 months for security, diagnostics and service integrity.
7. Cookies and website technologies
Our website may use cookies and similar technologies. Cookies are small files or technologies that store or access information on your device. We use them only where they are necessary or appropriate for operating, securing and improving the website.
- Essential cookies and technologies – needed for the website to work, maintain security, remember basic choices or provide a service you request.
- Security and performance technologies – used to protect the website, diagnose technical issues, monitor errors and keep the site reliable.
- Analytics or statistical information – used only where enabled to understand how visitors use the website and improve content and performance.
- Embedded content – where used, content such as videos, maps or social media feeds may set cookies or similar technologies controlled by the third-party provider.
We will not knowingly use non-essential cookies for advertising, profiling or tracking across other websites unless we have provided clear information and obtained any consent required by law.
If DNAA introduces non-essential analytics, advertising or similar tracking technologies, we will provide further details through a cookie notice or a separate Cookie Policy, including how you can manage your choices.
Embedded content from other websites may behave as if you visited those websites directly. Those third-party websites may collect data, use cookies or track your interaction in accordance with their own privacy notices.
You can control or delete cookies through your browser settings. Some website features may not work properly if essential cookies are disabled.
8. Photographs, media and children’s data
DNAA may use photographs and media from county events to report on results, celebrate participation and promote archery. Where individuals are clearly identifiable, especially children or vulnerable people, we will take a proportionate and respectful approach and seek consent where appropriate.
- We will avoid publishing unnecessary personal details alongside images.
- We will consider safeguarding guidance before publishing images or information about children.
- If you would like an image reviewed or removed, please contact us using the details in this policy.
- Where consent is the lawful basis, you may withdraw that consent at any time.
9. Your rights
Under UK GDPR, you may have the right to:
- Access the personal data we hold about you
- Ask us to correct inaccurate or incomplete data
- Ask us to delete personal data where applicable
- Object to processing based on legitimate interests
- Ask us to restrict processing in certain circumstances
- Ask for a copy of your data in a portable format where applicable
- Withdraw consent where consent is the lawful basis
To exercise your rights, please contact
.
We may need to verify your identity before responding to a request.
10. How we protect your personal data
We use appropriate technical and organisational measures to protect personal data, including:
- Secure hosting and website maintenance
- Access controls and role-based access where appropriate
- Encryption or secure transfer methods where appropriate
- Restricted access to DNAA officers and volunteers on a need-to-know basis
- Reviewing and deleting personal data when it is no longer needed
11. International transfers
Some website, email or embedded-content providers may process data outside the UK. Where this happens, we will take reasonable steps to ensure that appropriate safeguards are in place, such as UK adequacy regulations or approved contractual protections.
12. Complaints
If you have concerns about how we handle your personal data, please contact us first so we can try to resolve the issue. You also have the right to complain to the Information Commissioner’s Office (ICO), the UK regulator for data protection.
13. Updates to this policy
We may update this Privacy Policy from time to time. The latest version will be made available on our website with the date of the most recent update.