Purpose of Statement
1. This statement and notice sets out how St Neots Town FC complies with the General Data Protection Regulation (GDPR) and safeguards personal data of those involved with the Club.
What is Personal Data?
2. Personal data comprises all information about a person which allows that person to be identified as an individual. St Neots Town FC treats this as including a person’s name, home, work and email addresses, mobile and landline phone numbers, date of birth, gender, salary, bank account details, references, qualifications, photograph, emergency contact details, and any other information held or used by the Club whether on paper or in electronic form. St Neots Town FC collects, uses, stores and transfers personal data in appropriate ways as a necessary activity in the operation of a football club.
Why does St NeotsTown FC hold Personal Data?
3. St Neots Town FC holds personal data so that we can recognise and contact individual members of the groups of people listed below. The GDPR requires the Club to identify a lawful basis for holding data in each case. The lawful bases which may be used are consent, contract, legal obligation, vital interests, public tasks, and legitimate interest. The bases identified by the Club are shown below in parentheses (vital interests and public tasks are not generally relevant to football clubs):
• Our Executive Board and Officials of St Neots Town FC (legal obligation and legitimate interest);
• Staff and Players (contract, legal obligation, and legitimate interest, plus consent to holding of health and fitness data);
• Unpaid officials and volunteers (contract, legitimate interest, plus consent to provision of information in programmes, websites etc);
• Our Season Ticket holders (contract and legitimate interest);
• Our sponsors (contract and legitimate interest);
• Participants in our fund raising activities (contract and legitimate interest);
• Those with whom we contract for supply of services to the Club (contract);
• Those with whom the Club contracts to provide services (contract and legitimate interest);
• Grant funding organisations and partners (legitimate interest);
• The football officials with whom we are required to deal from the FA, Hunts FA, Cambs FA, the leagues in which our teams play, and other clubs (contract and legitimate interest);
• The parents or guardians of players under the age of 13 (who must give consent to the Club holding personal data about their children) (legitimate interest);
• The Club’s fans and supporters, to the extent that they wish us to do so (consent).
4. St Neots Town FC also holds personal data:
• In order to provide information as necessary to meet the legitimate requirements of the relevant football authorities, including participation in the Whole Game System administered by the FA;
• In order to provide information as necessary to meet the legitimate requirements of the relevant education authorities;
• As required by the law;
• In order to monitor and improve the health and fitness of players;
• In order to provide appropriate information about St Neots Town FC, its players and officials to those with an interest in the Club (including other clubs with which we play fixtures), by means of websites, match programmes, social media, and other means.
How does St Neots Town FC obtain Personal Data?
5. Individuals may provide personal information when requested to do so by the Club, or in the normal course of their dealings with the Club, or information may be obtained from other sources in the normal course of the Club’s legitimate activities. Information may be obtained in writing or online or by contact with the Club by telephone, email, text, social media or other means.
How does St Neots Town FC manage Personal Data?
6. The Club’s fans and supporters are contacted (as set out in paragraph 3 above) only where individuals have confirmed that they wish to receive information.
7. Personal data relating to the health and fitness of players (as set out in paragraph 4 above) is held only with the explicit consent of the players concerned.
8. Personal data is publicised in websites, match programmes, social media and other means (as set out in paragraph 4 above) only with the permission of the players and other individuals concerned.
9. Except where permission has been given by the individuals concerned, the Club sends communications to email contact groups on a BCC (“blind carbon copy”) basis so that email addresses are not inadvertently shared with others.
10. St Neots Town FC takes reasonable care to ensure that personal data held by the Club is:
• Held securely;
• Accessed only by those who need to see it;
• Accurate, up to date, easily amended if incorrect, and limited to what is required;
• Shared with third parties only when this is necessary;
• Used only for the purposes for which it was obtained, or as agreed by the individual, and which relate to St Neots Town FC;
• Not held for longer than it is needed.
11. Any individual for whom the Club holds personal data may see that data on request to the Club, may require the Club to correct any incorrect information, may withdraw or amend any consent previously given to use of data, and may request the Club to delete or destroy or restrict the use of information where it is appropriate to do this.
12. If an individual fails to provide, or withdraws, personal data which St Neots Town FC needs in order to fulfil its responsibilities, it may not be possible for the Club to honour or administer that individual’s links with the Club.
13. St Neots Town FC will never sell personal data to other parties.
14. The Board is responsible for the terms of this statement and notice, and for the Club’s compliance with it.
15. This statement and notice may be amended from time to time, and the latest version will always be available on the Club website.
16. Any comments or questions on this statement, any complaints about its operation, any theft or loss of personal data held by the Club, and any breaches in compliance with the statement and/or the GDPR, should be reported to the Club for consideration by the Board.
17. An individual has the right to complain about the Club to the UK’s data protection supervisory authority, the Information Commissioner’s Office.
18. This statement and notice is supported by a Data Protection Policy which is available to all St Neots Town FC staff members, volunteers and others who come into contact with personal data in the course of their involvement with the Club
This policy sets out how we collect, process and hold your personal data if you visit our online shop or otherwise provide personal data to us. We are Kaizen Ticketing Solutions LTD of 459b Green Lanes, London, N13 4BS. We are the data controller of your personal data.
This policy affects your legal rights and obligations so please read it carefully. If you have any questions, please contact us via email or call us on 0208 858 0709.
Personal data we collect
We collect, process, store and use personal data when you book a ticket or purchase a piece of merchandise including your name, address and email address together with payment information. We may also collect personal data that you give to us about other people if you register them to attend an event. You agree that you have notified any other person whose personal data that you provide to us of this privacy notice and, where necessary, obtained their consent so that we can lawfully process their personal data in accordance with this policy.
All personal data that you provide to us must be true, complete and accurate. If you provide us with inaccurate or false data, and we suspect identify fraud, we will record this.
You do not need to provide us with any personal data to view our online shop. However, we may still collect the information set under the Data we automatically collect section of this policy, and marketing communications in accordance with the Marketing Communications section of this policy.
When you contact us by email or post, we may keep a record of the correspondence and we may also record any telephone call we have with you.
Data we automatically collect
When you visit our online shop, we, or third parties on our behalf, automatically collect and store information about your device and your activities. This information could include (a) your computer or other device's unique ID number; (b) technical information about your device such as type of device, web browser or operating system; (c) your preferences and settings such as time zone and language; and (d) statistical data about your browsing actions and patterns. We collect this information using cookies in accordance with the Cookie section of this policy and we use the information we collect on an anonymous basis to improve our online shop and the services we provide, and for analytical and research purposes.
If you opt in to receive marketing communications from us you consent to the processing of your data to send you such communications, which may include newsletters, blog posts, surveys and information about new events. We retain a record of your consent.
You can choose to no longer receive marketing communications by contacting us via email, clicking unsubscribe from a marketing email or updating your preferences in your online account. If you do unsubscribe to marketing communications, it may take up to 5 business days for your new preferences to take effect. We shall therefore retain your personal data in our records for marketing purposes until you notify us that you no longer wish to receive marketing emails from us.
Lawful processing of your personal data
We will use your personal data in order to comply with our contractual obligation to supply to you the tickets to an event that you have booked or merchandise you have ordered, including to contact you with any information relating to the event or merchandise, and to deal with any questions, comments or complaints you have in relation to the event or merchandise.
We may also use your personal data for our legitimate interests, including dealing with any customer services you require, enforcing the terms of any other agreement between us, for regulatory and legal purposes (for example anti-money laundering), for audit purposes and to contact you about changes to this policy.
Who do we share your data with?
We may share your personal data with any service providers, sub-contractors and agents that we may appoint to perform functions on our behalf and in accordance with our instructions, including payment providers, email communication providers, IT service providers, accountants, auditors and lawyers.
Under certain circumstances we may have to disclose your personal data under applicable laws and/or regulations, for example, as part of anti-money laundering processes or protect a third party's rights, property, or safety.
We may also share your personal data in connection with, or during negotiations of, any merger, sale of assets, consolidation or restructuring, financing, or acquisition of all or a portion of our business by or into another company.
Where we hold and process your personal data
Some or all of your personal data may be stored or transferred outside of the European Union (the EU) for any reason, including for example, if our email server is located in a country outside the EU or if any of our service providers or their servers are based outside of the EU. We shall only transfer your personal data to organisations that have provided adequate safeguards in respect of your personal data.
A cookie is a small text file containing a unique identification number that is transferred (through your browser) from a website to the hard drive of your computer. The cookie identifies your browser but will not let a website know any personal data about you, such as your name and/or address. These files are then used by websites to identify when users revisit that website.
We also use Google Analytics to monitor how the online shop is used. Google Analytics collects information anonymously and generates reports detailing information such as the number of visits to the online shop, where visitors generally came from, how long they stayed on the site, and which pages they visited. Google Analytics places several persistent cookies on your computer's hard drive. These do not collect any personal data. If you do not agree to this you can disable persistent cookies in your browser. This will prevent Google Analytics from logging your visits.
We shall process your personal data in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures. All information you provide to us is stored on our secure servers. Any payment transactions are encrypted using SSL technology.
Where we have given, or you have chosen a password, you are responsible for keeping this password confidential.
However, you acknowledge that no system can be completely secure. Therefore, although we take these steps to secure your personal data, we do not promise that your personal data will always remain completely secure.
You have the right to obtain from us a copy of the personal data that we hold for you, and to require us to correct errors in the personal data if it is inaccurate or incomplete. You also have the right at any time to require that we delete your personal data. To exercise these rights, or any other rights you may have under applicable laws, please contact us via email.
Please note, we reserve the right to charge an administrative fee if your request is manifestly unfounded or excessive.
If you have any complaints in relation to this policy or otherwise in relation to our processing of your personal data, you should contact the UK supervisory authority: the Information Commissioner (www.ico.org.uk).
If you register with us, we shall retain your personal data until you close your account.
If you receive marketing communications from us, we shall retain your personal data until you opt out of receiving such communications.
If you have otherwise made a booking with us or contacted us with a question or comment, we shall retain your personal data for 48 months following such contact to respond to any further queries you might have.
If any provision of this policy is held by a court of competent jurisdiction to be invalid or unenforceable, then such provision shall be construed, as nearly as possible, to reflect the intentions of the parties and all other provisions shall remain in full force and effect.
This policy shall be governed by and construed in accordance with the law of England and Wales, and you agree to submit to the exclusive jurisdiction of the English Courts.
We may change the terms of this policy from time to time. You are responsible for regularly reviewing this policy so that you are aware of any changes to it. If you continue to use our online shop after the time we state the changes will take effect, you will have accepted the changes.