STIRLING ALBION FC PRIVACY NOTICE
Stirling Albion FC respects your privacy and is committed to protecting your personal data. This privacy notice will inform you about how Stirling Albion uses and protects your personal data. In this Notice, “Data Protection Legislation” means all applicable legislation which relates to the protection of individuals with regards processing personal data, including the General Data Protection Regulation (EU) 2016/679.It is important that you read this privacy notice together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data.
2 IMPORTANT INFORMATION AND WHO WE ARE
We are what is known as a “data controller” of your personal data. When we say “we” or “us”, we mean STIRLING ALBION FOOTBALL AND ATHLETIC CLUB LTD which has its registered office at Forthbank Stadium, Stirling, FK7 7UJ with Company Number SCO24021 and is the controller responsible for your personal data.
3 INFORMATION THAT WE COLLECT FROM YOU
3.1 What is personal data?
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data from which an individual can no longer be identified (anonymous data).
3.2 What personal data do we collect from you?
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
- Identity Data: includes first name, maiden name, last name, username or similar identifier, title, date of birth and gender;
- Contact Data: includes billing address, delivery address, email address and telephone numbers;
- Financial Data: includes bank account and payment card details;
- Transaction Data: includes details about payments to and from you and other details of products, tickets and services you have purchased from us;
- Profile Data: purchases or orders made by you, your interests, preferences, feedback and survey responses;
- Competition Entry Data: includes your name, address and email address and any other information you provide when entering a competition;
- Equal Opportunity Data: includes information on your gender, sexual orientation, ethnicity, age, religion and details of any disability that you may have;
- Marketing and Communications Data: includes your preferences in receiving marketing from us and our third parties and your communication preference; Live: 40925410 v 4
4 HOW IS YOUR PERSONAL DATA COLLECTED?
We will collect your personal data in a number of ways, including when you provide your details directly to us in connection with one of the purposes set out in this Notice;
- purchase of Shares
- purchase of a season ticket
- enrolment in one of our community classes or holiday camps;
- register to receive or download information, newsletters or other documentation;
- book or enquire regarding hospitality packages;
- sign up to attend any of our events;
- enter a competition, promotion or survey; or
- provide us with feedback
- purchase an item in the online club shop
5 HOW WE USE YOUR PERSONAL DATA
5.1 What processing grounds do we rely on?
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
- Where you have provided us with your consent to send you marketing communications;
- Where we need to perform the contract we are about to enter into or have entered into with you;
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests; and
- Where we need to comply with a legal or regulatory obligation.
Please note that we may process your personal information without your knowledge or consent, where this is required or permitted by law. Generally we do not rely on consent as a legal basis for processing your personal data other than in relation to sending direct marketing communications to you via email. You have the right to withdraw consent to marketing at any time by contacting us. We may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data.
How do we use your information?
We will primarily use your information for the following purposes:
- Season Tickets: where you have purchased a season ticket, we may send you information about specific matches, hospitality days/other offers or reminders for renewal of your season ticket.
- Community Classes/Holiday Camps: where you have booked a place/places at any of our community classes or on our holiday camps, we may send you information relevant to the sessions that you have booked. We may also send information about future classes or camps.
- Hospitality: where you are or have been booked in for a hospitality event, we may send you information relevant to the day you have booked or about future events/days.
- Marketing Communications: Where we have your consent to do so, we may send you marketing emails and promotions which we think you will be interested in.
- Shareholders : Where we are required to provide you with information regarding the Company.
- Club Online Shop: where you have purchased an item in the shop, you may receive communications regarding new shop items that become available, sales, items on your wish list etc.
Where necessary, we may also use your information for the following additional purposes:
- as is required to ensure the safety of all those attending football matches and for the purposes of preventing crime;
- to monitor operational and safety related incidents;
- to apprehend and prosecute offenders, and provide evidence to take civil action in the courts; and
- to prevent fraud.
We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will explain the legal basis which allows us to do so.
6.1 Marketing by us
We may use your personal data to send you marketing communications, providing you with details of upcoming matches, community classes/holiday camps, hospitality days, events, competitions, sponsorship opportunities and informing you of opportunities to purchase match tickets and merchandise. You will receive marketing communications from us if you have given us your express consent to receive marketing communications, or if you has previously expressed an interest in the product/service/event about which we are messaging you. We use the Mailerlite service to send you periodic newsletters and this means that some of your personal data is transferred to servers in Lithuania. The Mailerlite service is covered by both the EU-US and Swiss-US Privacy Shield regimes and is used by many EU and worldwide businesses. As such, in our opinion, it poses a minimal threat to your privacy rights and freedoms. We have also completed a Data Processor Agreement addendum with Mailerlite that specifically covers customers located in the EU.
You can read more about Mailerlite’s privacy measures at: https://www.mailerlite.com/legal/privacy-policy
6.2 Opting out
You can ask us to stop sending you marketing messages at any time by contacting us. Where you opt out of receiving these marketing messages, you may still receive messages from us for non-marketing purpose, for example, service messages providing important announcements regarding an event which you have purchased tickets for. All of our Mailerlite emails have an unsubscribe link at the bottom which will automatically delete you from our database.
7 DISCLOSURE OF YOURINFORMATION
7.1 Disclosure to selected third parties
The information you provide to us will be treated as confidential. However, we may disclose your information to other third parties who act for us for the purposes set out in this Notice or for purposes approved by you, including to suppliers who provide marketing, financial, and ticketing services. We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
7.2 Transferring data outside of the EEA
We may need to transfer your information outside of the European Economic Area (EEA) to service providers, agents, subcontractors and regulatory authorities in countries where data protection laws may not provide the same level of protection as those in the EEA, such as the USA. Whenever we transfer your personal data out of the EEA, we shall ensure a similar degree of protection is afforded to it by taking steps to ensure that appropriate safeguards is implemented in accordance with the Data Protection Legislation.
8 DATA RETENTION
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you. We may hold your personal information for longer where it is necessary to do so for the management of any active or potential legal proceedings, to resolve or defend claims, and for the purpose of making any necessary remediation payments.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
10 YOUR RIGHTS
Under Data Protection Legislation, you have the right at any time to:
- Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check we are lawfully processing it;
- Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected;
- Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below);
- Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party). You also have the right to object where we are processing your personal information for direct marketing purposes;
- Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it;
- Request the transfer of your personal information to another party; and
- Withdraw your consent to the processing of your personal information at anytime.
You will not have to pay a fee to exercise any of your rights. If you would like to exercise any of your rights above, please contact us by email to firstname.lastname@example.org. We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
11 CHANGES TO OUR PRIVACY NOTICE
We may amend this Notice from time to time. If we make any substantial changes we will notify you by posting a prominent notice on our website or by email. Historic versions can be obtained by contacting us.
12 YOUR DUTY TO INFORM US
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
13 CONTACT US
13.1 Contact Details
If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact us by emailing email@example.com.
13.2 Making a complaint
You can make a complaint to us by emailing firstname.lastname@example.org, or to the data protection supervisory authority, the Information Commissioner’s Office, at https://ico.org.uk/
Reviewed March 2021