You are on page 1of 11

Marlborough House, Westminster Place

York Business Park, York, YO26 6RW


info@legendware.co.uk
www.legendware.co.uk
(T) 01904 529 575

Information Security Management System

Privacy Impact Assessment

Version 1.1
Date: 14/04/2018
Version History:

Version Date Summary of change Author

Draft 02/02/2018 Draft issued for review Paul Simpson

1.1 14/04/2018 Issued for distribution approval Paul Simpson

Approvals:
This document must be approved by the following:

Name Signature Title / Responsibility Date Version

Sean Maguire Managing Director

Paul Simpson Chief Operating Officer

Related Documents:
These documents will provide additional information.

Title Version

Legend Risk Assessment ISO27k See Document Register for latest

Version 1.1 Privacy Impact Statement


Page 2
Contents

Overview ................................................................................................................................................. 4
Purpose ................................................................................................................................................... 4
Scope ....................................................................................................................................................... 4
Definitions and Terms ............................................................................................................................. 4
Screening questions ................................................................................................................................ 5
Background information ......................................................................................................................... 6
The data involved.................................................................................................................................... 7
Assessment ............................................................................................................................................. 8
Risks to individuals ................................................................................................................................ 11
Compliance risk ..................................................................................................................................... 11
Associated organisation / corporate risk .............................................................................................. 11

Version 1.1 Privacy Impact Statement


Page 3
Overview

Legend customers and their members have an expectation that privacy and confidentiality will be respected at
all times. This document assesses the impact of the collection, use and disclosure of any member information
in regards to the individual’s privacy associated with the use of the Legend Club Management System.
A Privacy Impact Assessment (PIA) is a process that helps an organisation to identify privacy risks and ensure
lawful practice. The purpose of the PIA is to ensure that privacy risks are minimised while allowing the aims of
the business process to be met whenever possible.
Privacy risks include the following:

 Risks to individuals or other third parties (for example, misuse or overuse of their personal data, loss
of anonymity, intrusion into private life through monitoring activities, lack of transparency).
 Compliance risks e.g. breach of the Data Protection Act (DPA) or General data Protection Regulations
(GDPR)
 Risks to the organisation (for example, legal penalties or claims, damage to reputation, loss of trust of
customers, members or the public).

Purpose

This document will be available to Legend customers wishing to validate Legends approach to GDPR and to
assist Legend customers in the development of their own Privacy Impact Statement (PIA). As such elements of
the document will have two replies – one with a focus on the Legend position and the other on the position
the Legend Customer will need to take.

Scope

This statement applies to the Legend Club Management software system and the services offered by Legend
Leisure Services (LLS) covering the processing of Direct Debit Payments and the provision of media marketing
services.

Definitions and Terms


Within the document the following terms are used:
Leisure service provider. An organisation using the Legend membership management system providing the
services of a Leisure Provider such as Gym Membership.
Customer. A Legend customer with the same description as a Leisure Service Provider
Member. A member of a leisure service provider receiving membership services from that provider.

Version 1.1 Privacy Impact Statement


Page 4
Screening questions

These questions are used to determine the scope of the PIA in relation to the Legend Club Management
Membership System.

Yes No Unsure Comments

i Is the information about individuals ☒ ☐ ☐ Member information includes


likely to raise privacy concerns or banking details and medical
expectations e.g. health records, criminal information where provided by
records or other information people the member. Child member
would consider particularly private? details are also collected
ii Does Legend involve the collection of ☐ ☒ ☐ Legend is an established
new information about individuals? software system no new
personal data is expected to be
collected
iii Are you using information about ☐ ☒ ☐ Legend data is only collected
individuals for a purpose it is not for membership management
currently used for, or in a way it is not
currently used?
iv Will the use of Legend require you to ☐ ☒ ☐ All information from members
contact individuals in ways which they is given voluntarily. Legend
may find intrusive1? customers should consider
Custom Fields and manage
appropriate use
v Will information about individuals be ☐ ☐ ☒ Legend Customers will dictate
disclosed to organisations or people who the extent of this. Legend will
have not previously had routine access not disclose information except
to the information? at the strict instruction of the
Legend customer
vi Does the use of Legend involve the ☐ ☐ ☒ Occasionally as technology
customer using new technology which advances this may become
might be perceived as being privacy relevant
intrusive e.g. biometrics or facial
recognition?
vii Will the use of Legend result in you ☒ ☐ ☐ Potential for debt recovery for
making decisions or taking action against non-payment of membership
individuals in ways which can have a fees. This may restrict use of
significant impact on them? leisure facilities

1
Intrusion can come in the form of collection of excessive personal information, disclosure of personal information without
consent and misuse of such information. It can include the collection of information through the surveillance or monitoring
of how people act in public or private spaces and through the monitoring of communications whether by post, phone or
online and extends to monitoring the records of senders and recipients as well as the content of messages
Version 1.1 Privacy Impact Statement
Page 5
Background information

System Name Provided and hosted by Legend Club Management Systems for use at Leisure
Legend Membership System Provider customers premises
Organisation Legend Club Management Systems

Assessment Completed By Paul Simpson


Job Title Chief Operating Officer
Date completed 01/02/2018
Phone 01904 529575
E-mail Paul.simpson@legendware.co.uk
Outline of service

The Legend Membership Management System is provided as a Software as a Service (SaaS) solution for Leisure
Service Providers. Personal details of individuals are collected as part of the membership joining process and used
to ensure that membership management is administered and that usage of leisure facilities is provided in a safe
manner recognising any declared medical preconditions.

The Leisure Service Provider is the Data Controller

Legend Club Management Systems is the Data Processor for the Data Controller

Purpose / Objectives -

The Legend system is used to administer all aspects membership services for a leisure facility

What is the purpose of collecting the information within the system?

The Legend system is used to administer all aspects membership services for a leisure facility

What are the potential privacy impacts of the system - how will this impact upon the data subject?

The Legend system holds a number of personal data items. Inappropriate use or release of this information could
have a detrimental effect on the data subject. Examples might be exposure of debt, exposure of medical conditions,
unauthorised contact for marketing purposes.

Version 1.1 Privacy Impact Statement


Page 6
The data involved
What data is being collected, shared or used?
(If there is a chart or diagram to explain attach it as an appendix)
Data Type Justifications
Information that Name ☒ To enable the Leisure Provider to deliver the services
identifies the Address & postcode ☒ with which they are contracted with the member to
individual and provide.
Date of Birth ☒
their personal
Marital Status ☒
characteristics For full details see the Legend data sheet detailing
Gender ☒ personal information held within the system
Racial/ethnic origin ☒
Employer & occupation ☒
Contact phone numbers ☒
Email address ☒
Bank details ☒
Medical conditions ☒
Contact preferences ☒
Photograph ☒

Yes N/A Justification


Information relating to the individual’s ☒ ☐ To ensure usage of leisure facilities is not
physical or mental health or condition undertaken with a risk to health & wellbeing
Information relating to the individual’s ☐ ☒ No
sexual life
Information relating to the family of the ☒ ☐ To offer services appropriate to the members
individual and the individuals lifestyle and interests
social circumstances
Information relating to any offences ☐ ☒ No
committed or alleged to be committed by
the individual
Information relating to criminal ☐ ☒ No
proceedings, outcomes and sentences
regarding the individual
Information which relates to the education ☐ ☒ No
and any professional training of the
individual
Employment and career history ☒ ☐ Current occupation can be held
Information relating to the financial affairs ☐ ☒ No – however payment history of the club
of the individual membership is held alongside purchase transactions
Information relating to the individual’s ☐ ☒ No
religion or other beliefs
Information relating to the individual’s ☐ ☒ No
membership of a trade union

Version 1.1 Privacy Impact Statement


Page 7
Assessment

The following assessment is written with two responses.


The Legend response is based on how Legend Club Management Systems comply with the criteria
The Customer Consideration is for the Legend Customer (Leisure Service Provider) to complete in line with
their processing operations.

Question Legend Response as Data Customer Consideration as Data


Processor Controller
1. What is the legal basis for processing For the provision of For the provision of services
the information? This should include services enabling the enabling the member to use and
which conditions for processing under customer to use and take take advantage of the leisure
the Data Protection Act 1998 apply advantage of the providers facilities
and the common law duty of membership management
confidentiality. system in the management
of its members
2. a - Is the processing of individual’s No – There is no part of No – There is no part of the
Legal compliance – is it fair and lawful?

information likely to interfere with the processing that would processing that would release
the ‘right to privacy’ under Article 8 of release personal personal information to any other
the Human Rights Act? information to any other member – only to staff engaged
member – only to Legend with the provision of the service
or Customer staff engaged
with the provision of the
service
3. It is important that individuals The Leisure Provider is Customer to comment and confirm
affected by the system are informed responsible for informing ideally via a privacy Policy or
as to what is happening with their members how their data is Statement
information. Is this covered by fair used.
processing information already
provided to individuals or is a new or
revised communication needed?
4. If you are relying on consent to Legend system has The Leisure Provider is responsible
process personal data, how will numerous ways in which to for obtaining consent from the
consent be obtained and recorded, record consent and member. Customer to comment
what information will be provided to processing is conducted in and confirm
support the consent process and what accordance with that
will you do if permission is withheld consent setting
or given but later withdrawn?
5. Does the system involve the use of Only when new Customer to comment and confirm
existing personal data for new functionality is added at – consider third party systems
purposes? the request of a customer
or a customer extracts
data for use in a separate
Purpose

system.
6. Are potential new purposes likely to Legend will not generate Customer to comment and confirm
be identified as the scope of the new purposes without the – consider third party systems
project expands? express approval or
direction from the
customer

Version 1.1 Privacy Impact Statement


Page 8
7. Is the information you are using likely All data content in terms of Customer to comment and confirm
to be of good enough quality for the quality is the responsibility
Adequacy
purposes it is used for? of the Leisure provider

8. Are you able to amend information Leisure providers have full Yes – although consider 3rd party
when necessary to ensure it is up to control of maintaining data data sources automatically loaded
date? as do members through into Legend
online services. Legend will
not amend information
unless instructed to do so
Accurate and up to date

by the Leisure provider


9. How are you ensuring that personal Leisure providers are Customer to comment and confirm
data obtained from individuals or responsible for accuracy of
other organisations is accurate? data collection. Legend will
advise on data quality on
imports of data and
through management
reports. Legend is
responsible for data
accuracy when an upgrade
of software takes place
and the database is
updated
10. What are the retention periods for Leisure providers have Customer to comment and confirm
the personal information and how will control over the retention
this be implemented? policy. This is implemented
through the data redaction
overnight process. Should
a leisure Provider move
away from Legend the data
will be removed on an
agreed schedule
Retention

11. Are there any exceptional No. Any data retention is in Customer to comment and confirm
circumstances for retaining certain accordance with customer
data for longer than the normal instructions
period?
12. How will information be fully Data is redacted to Customer to comment and confirm
anonymised or destroyed after it is become anonymous in line – consider paper records &
no longer necessary? with the customer exported data into other systems
retention policy. Full
information is available in
the Legend Data redaction
sheet
13. How will you action requests from Individuals can have a Customer to comment and confirm
individuals (or someone acting on marker set on their record – note internal verification of
Rights of the individual

their behalf) for access to their for redaction earlier than approving redaction for individuals
personal information once held? the normal retention
policy. If the leisure
Provider is happy with this
(eg no debt) the overnight
routine will pick up the
request and redact the
members personal details

Version 1.1 Privacy Impact Statement


Page 9
14. What procedures are in place to Legend holds the ISO27001 Customer to comment and confirm
Appropriate technical and organisational measures
ensure that all staff with access to certification and regularly
the information have adequate trains its staff on data
information governance training? security & governance.

15. If you are using an electronic system Legend data is stored at Customer to comment and confirm
to process the information, what Tier 3 datacentres with on 3rd party systems and in house
security measures are in place? 24/7 manned security and devices
perimeter controls
16. How will the information be Leisure providers are Customer to comment and confirm
provided, collated and used? responsible for all data – consider paper records
collection and usage
17. What security measures will be used Should a leisure provider Customers are responsible for
to transfer the identifiable require Legend services to secure transfer of data if extracted
information? transfer data this will be by themselves and transmitted to
done in a secure manner other parties / systems
either through password
protection of data of
secure FTPS or via a secure
API process
18. Will individual’s personal Yes – internally to Legend Customer to comment and confirm
information be disclosed when providing support to
Transfers both internal and external

internally/externally in identifiable leisure providers or in the


including outside of the EEA

form and if so to who, how and provision of services such


why? as DD processing or
communications
management
19. Will personal data be transferred to No – unless specifically Customer to comment and confirm
a country outside of the European requested by a leisure where 3rd party systems used
Economic Area? If yes, what provider in which case a
arrangements will be in place to written confirmation will
safeguard the personal data? be requested

20. Who should you consult to identify Legend customers Customer can engage own advisors
the privacy risks and how will you Payment providers
do this? Identify both internal and 3rd party systems
external stakeholders.
Consultation

21. Following the consultation – what See risk register where Customer to comment and confirm
privacy risks have been raised? E.g. GDPR risks are recorded
Legal basis for collecting and using
the information, security of the
information in transit etc.

22. List any national guidance applicable ICO GDPR documentation ICO GDPR documentation
to the initiative that is referred to.
Guidance
used

Version 1.1 Privacy Impact Statement


Page 10
Risks to individuals
The following is a list of the identified risks that might exist for individuals whose data is held within the
Legend system
 Inadequate disclosure controls increase the likelihood of information being shared inappropriately.
Legend through legend staff. Leisure provider through Leisure provider staff
 The context in which information is used or disclosed can change over time, leading to it being used
for different purposes without people’s knowledge. This is within the control of the leisure Service
Provider
 New surveillance methods may be an unjustified intrusion on their privacy. This is within the control
of the leisure Service Provider
 Measures taken against individuals as a result of collecting information about them might be seen as
intrusive. This is within the control of the leisure Service Provider
 The sharing and merging of datasets can allow organisations to collect a much wider set of
information than individuals might expect. This is within the control of the leisure Service Provider
 Vulnerable people may be particularly concerned about the risks of identification or the disclosure of
information. This is within the control of the leisure Service Provider
 Information which is collected and stored unnecessarily, or is not properly managed so that duplicate
records are created, presents a greater security risk. This is within the control of the leisure Service
Provider
 If a retention period is not established information might be used for longer than necessary. This is
within the control of the leisure Service Provider

Compliance risk

 Non-compliance with the common law duty of confidentiality


 Non-compliance with the DPA.
 Non-compliance with the Privacy and Electronic Communications Regulations (PECR).
 Non-compliance with GDPR.

Associated organisation / corporate risk

 Non-compliance with the DPA or GDPR or other legislation can lead to sanctions, fines and
reputational damage.
 Information which is collected and stored unnecessarily, or is not properly managed so that duplicate
records are created, is less useful to the business.
 Public distrust about how information is used can damage an organisation’s reputation and lead to
loss of business.
 Data losses which damage individuals could lead to claims for compensation.

Version 1.1 Privacy Impact Statement


Page 11

You might also like