This policy explains how we collect, store and use personal data about you including when you browse www.stevenagefcfoundation.com, www.juniorboro.com, book courses with us, attend our events, make donations, volunteer or we otherwise hold personal data about you. It provides you with details about the types of personal data that we collect from you, how we use your personal data including our legal basis for using your data and the rights you have to control our use of your personal data.
Who We Are
Stevenage FC Foundation is a charity registered in England and Wales (Registered Charity Number 1140006) whose registered offices are at Stevenage Football Club, The Lamex Stadium, Broadhall Way, Stevenage, Hertfordshire, SG2 8RH.
Our Data Controller is the Chief Executive of the Charity and can be contacted via email at [email protected], or by post at the address outlined in Section 15.
Our websites are operated and owned by the Charity, and are hosted by Wamsey, who’s registered and trading address is 49 Old Bourne Way, Stevenage, Hertfordshire, SG1 6AE. All sites use the Wordpress system.
We respect your right to privacy and will only process personal data you provide to us in accordance with the EU General Data Protection Regulation (GDPR), the Privacy and Electronic Communications (EC Directive) Regulations 2003 and all other applicable data privacy laws. If you have any questions about how we collect, store and use personal data, or if you have any other privacy-related questions, please contact us using the contact details below.
The Personal Data We Collect About You
When you access our website, make purchases from Stevenage FC Foundation (including purchases made via our online booking system, over the phone, or at our office) sign up for our newsletter or make a donation to us we may collect some or all of the following personal data about you:
− your name
− your contact information
− your payment details
− your communication and shopping preferences
− special categories of data as described further below.
How & Why We Use Your Personal Data
How and why we use your data will depend on the purpose for which we have collected it from you.
4a. Why We Use Your Data?
- Enquiries: For our legitimate interests in dealing with your enquiry.
- Bookings: In order to perform our contractual obligations to you.
- Event participants: For our legitimate interests in administering and delivering our events and, where applicable, in order to perform our contractual obligations to you.
- Donors: For our legitimate interests in processing your donation.
- Volunteers: For our legitimate interests in administering and delivering our events.
- Newsletter Subscribers: For our legitimate interests in promoting and marketing our activities. o If you wish to unsubscribe from any of our newsletters at any time, please update your
preferences using the links in our emails or contact us directly.
- Website Users – For our legitimate interests in improving our services, events and courses including our website user experience.
- In each case we will also process personal data to the extent that we need to do so to comply with any applicable legal obligation and may in exceptional circumstances need to process your personal data to protect your vital interests.
4b. How & Why We May Process Special Categories Of Personal Data
We may need to use information revealing your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data or information about your health, sex life or sexual orientation. We will only use this kind of information in the following ways, where:
- we have your explicit consent.
- it is necessary for us to use this information to protect your vital interests or those of another person where it is not possible to obtain consent.
- it is necessary for us to do so in connection with the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity; or
- in exceptional circumstances, another of the grounds specified in law for processing special categories of personal data are met.
In particular, we will need to collect these special categories of personal data for most event participants and volunteers to ensure that we can deliver our events safely and to meet the needs of our participants and volunteers.
This information is only ever provided to us directly by you or by the parent, other person, school or other organisation booking the event on behalf of the participant.
Children & Young People
This website is a general audience website. However, we understand that children may visit our sites and as such, we would encourage all potential users under the age of 16 to talk with their parents or legal guardians before submitting any information to this website, or indeed any other website. Ultimately, we believe that it is the responsibility of parents or legal guardians to supervise children when online and recommends that parental control tools be put in place.
If we actively collect personal information from anyone under the age of 18, we will do so in compliance with the General Data Protection Regulation (EU) 2016/679.
Who We May Share Your Information With
We do not sell, rent, or otherwise provide personally identifiable information to third parties without your consent.
We may disclose your personal data where necessary to:
- to the parent, school or other person or organisation who arranged your attendance at our events. • to any emergency contacts provided by you or on your behalf.
- to any organisation or other entity which may acquire or merge with us; and
- to law enforcement and regulatory agencies in connection with any investigation to help prevent unlawful activity or where we have a legal right or duty to use or disclose your information (including for safeguarding or crime or fraud prevention purposes).
Keeping Your Data Secure
We will use technical and organisational measures to safeguard your personal data, for example:
- we store your personal data on secure servers; and
- access to your personal data is limited to authenticated and approved staff.
While we will use all reasonable efforts to safeguard your personal data, you acknowledge that the use of the internet is not entirely secure and for this reason we cannot guarantee the security or integrity of any personal data that is transferred from you or to you via the internet.
You may change your website browser settings to reject cookies, although please note that if you do this it may impair the functionality of this Website.
Transfer Of Data Out Of The EEA
Some of our external service providers are based outside the European Economic Area (“EEA”) or otherwise process some of your personal data outside the EEA.
Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards are implemented:
- the countries we transfer your personal data to have been deemed to provide an adequate level of protection for personal data by the European Commission.
- we use contractual clauses approved by the European Commission which give personal data similar protection to that which it has in the EEA; or
- where we use providers in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data that applies within the EEA.
Please contact us if you would like further information on the specific mechanism used by us when transferring your personal data out of the EEA.
You have rights under data protection laws, in certain circumstances, including to:
- request access to personal information that we may process about you
- require us to correct any inaccuracies in your information free of charge
- to require us to erase personal data that we may process about you where this is no longer required to be processed by us • to object to or restrict our processing of some of your personal information in certain circumstances
If you wish to exercise any of these rights, you should put your request in writing and provide us with enough information to identify you. This written request can be sent directly to our compliance officer – LINK. If we need further information, we will let you know.
If you have any concerns or questions as to the way in which we process your information, please do contact us. In addition, you have a right to bring a complaint with the Information Commissioner’s Office or other applicable authority. More information on the Information Commissioner’s Office and your rights is available at www.ico.org.uk
If you wish to unsubscribe from email marketing communications that we send you, you can most easily do this by clicking on the unsubscribe link at the bottom of any email newsletter we have sent to you.
How Can You Access Your Data?
As stated in section 10, you have the right to ask for a copy of any of your personal data held by the Charity (where such data is held). Under the GDPR, no fee is payable, and the Charity will provide any and all information in response to your request free of charge.
Please contact the Charity using the contact details provided in section 15. Alternatively, please refer to our Data Protection Policy.
You have the right to see a copy of the data that We hold about you in a form that is acceptable to you. We will provide a copy of the data in one of the following electronic formats: Pdf, docx, xlsx, xlsm.
When making an SAR, you are required to provide two forms of identification. Acceptable forms of identification include; Passport, Driving Licence, Birth Certificate, Bank Statement and Utility Bill (from last 3 months).
Retention Of Data
We will retain your information for no longer than is necessary for the purposes for which we collected it, or for as long as we have your consent to do so where your consent is the legal basis on which we process such data. All retained data will be held subject to this policy.
Third Party Sites
Changes To This Policy
We may change this policy from time to time. You should check this policy frequently to ensure you are aware of the most recent version that will apply each time you visit this website.
To contact us please use the following details:
Stevenage FC Foundation, The Lamex Stadium, Broadhall Way, Stevenage, Hertfordshire, SG2 8RH [email protected] / 01438 222222
Policy Adoption & Review
The policy was accepted by the charity’s board of trustees on 15th December 2020.