Guildhall Feoffment Football Club | Privacy Policy & GDPR Compliance Statement

This privacy policy sets out how Guildhall Feoffment Football Club uses and protects any information that you give to Guildhall Feoffment Football Club when you use or register with GuildhallFeoffmentFC.co.uk.

Guildhall Feoffment Football Club is committed to ensuring that your privacy is protected.

Should we ask you to provide personal data by which you can be identified when using this website, then you can be assured that it will only be used in accordance with this privacy statement.

Guildhall Feoffment Football Club may change this policy from time-to-time by updating this page. If you opt in to receive emails from us, we will notify you of any changes or updates we make. If you do not opt in to receive emails, you should check this page occasionally to ensure that you are happy with any changes. This policy was last updated on 03.09.2021.

If you have any questions, please email us at: GuildhallFeoffmentFC@gmail.com

About GDPR

As of 25 May 2018, all organisations that process personal data on citizens of the EU are required to comply with the EU General Data Protection Regulation (GDPR).

The GDPR replaced the Data Protection Directive 95/46/EC and was designed to harmonise data privacy laws across Europe, to protect and empower all EU citizens’ data privacy and to reshape the way that organisations, which operate within the region, approach data privacy.

The GDPR applies to ‘personal data’ meaning any information relating to an identifiable person who can be directly or indirectly identified in particular reference to an identifier. A broad range of personal identifiers constitute personal data, including: name, location data and IP address.

Our commitment to GDPR

Guildhall Feoffment Football Club is committed to data protection. Everybody who volunteers at Guildhall Feoffment Football Club understands the need for stringent data protection policies and procedures, and we all take responsibility for complying with the GDPR.

We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.

We take a data protection by design and default approach, and put appropriate data protection measures in place throughout the entire lifecycle of our processing operations.

We are also committed to ensuring that all third party data processors that process personal data on our behalf fully comply with the GDPR.

Please note: as the personal data we process is not sensitive or likely to result in high risk to individuals’ interests, it has not been necessary for us to conduct any data protection impact assessments or appoint a data protection officer.

As an organisation, however, we are dedicated to continually reviewing and improving our data protection procedures and accountability measures. If you have any questions relating to data protection and/or our privacy policy, please send us an email at GuildhallFeoffmentFC@gmail.com

What personal data do we collect?

When you register your child with GuildhallFeoffmentFC.co.uk, we collect and store the following data:

  • The player’s first name;

  • The player’s last name;

  • Your email address;

  • Your contact telephone number;

  • Your address;

  • The player’s date of birth;

  • The player’s current year group;

  • Any medical condition(s) the player has that the club should be made aware of;

  • An alternative emergency contact number.

When you use GuildhallFeoffmentFC.co.uk generally, even as an unregistered user, we may process data on your use of the website, including:

  • Which pages you visit;

  • The time of your visit;

  • How long you spend on each page;

  • How long you remain on the website;

  • The method/ by which you were referred to our website, e.g. via Google or social media channel;

  • Your general site browsing habits;

  • The type of device you used to access the website;

  • The type of web browser you used to access the website;

  • The type of operating system you used to access the website;

  • Your network location and IP address.

Our lawful basis for collecting this data

Before we process any personal data, we obtain active, clear consent from you. According to the GDPR, this should be explicit and requires a very clear and specific statement of consent.

When we ask you to opt in or opt out of our Privacy Policy, we provide you with all of the information you need on how and why we process this data.

This is hugely important, as we want to offer all individuals real choice and control when using our website.

How do we obtain your consent to process your personal data?

We obtain active consent from the users of our website, explicitly asking them to allow us to process their data when completing the player registration form.

We always try to make sure these requests are communicated in a clear and concise way. They require you to provide a positive opt-in and we don’t use pre-ticked boxes or any other methods of default consent.

We also use third party data processors to help us process some of your personal data. A list of these can be found below.

We are committed to ensuring that all of the third party data processors that process personal data on our behalf fully comply with the GDPR. Indeed, we do not use third party data processors unless they can demonstrate the steps they have taken towards compliance.

Please note: even if you provide us with consent initially and choose to receive email communications from us, you can remove your consent at a later date and opt out of emails too.

To unsubscribe, simply send us an email to make your request at: GuildhallFeoffmentFC@gmail.com

We will act on these withdrawals of consent as soon as we can.

Restrictions

In order for a player to be registered with our football club, this registration form must be completed by the player’s registered parent or guardian.

Should we become aware that a player has been registered by somebody other than their registered parent or guardian, we will remove the personal data that we have collected.

Why do we collect this personal data and what do we do with it?

We collect this data for three reasons. Firstly, to ensure that all of our players are safe when attending matches or training sessions. Secondly, so we can keep parents up-to-date on the latest news and information on results and upcoming fixtures. Thirdly, to help us confirm the eligibility of each player. Indeed, only children who attend Guildhall Feoffment Primary School are allowed to participate in training sessions and represent the club in competitive matches.

Reasons for processing - breakdown by data category

We collect and store the following data for specific reasons. Here’s a breakdown for you:

  • The player’s first name - this helps us to identify the players who belong to our club. This means we can contact the correct parents about their child.

  • The player’s last name - this helps us to identify the players who belong to our club. This means we can contact the correct parents about their child.

  • Your email address - we will use this to send you emails about the latest club news and information on results and upcoming fixtures.

  • Your contact telephone number - this is our emergency contact number, so we can call you immediately if your child is injured or we have any other concerns.

  • Your address - this is also emergency contact information. If you were unexpectedly unable to collect your child from training or a match, we would ensure they are safely returned to this address. This may also be used if we have a safeguarding concern about a child.

  • The player’s date of birth - this enables us to identify the correct group(s)/team(s) for your child to play/train with. It also helps us to confirm your child’s eligibility to participate in training sessions and represent the club in matches.

  • The player’s current year group - this enables us to identify the correct group(s)/team(s) for your child to play/train with.

  • Any medical condition(s) the player has that the club should be made aware of - this vital information helps us ensure the safety and wellbeing of your child during training and matches.

  • An alternative emergency contact number - if we cannot reach a parent/guardian on the primary emergency contact number, we will use this one next.

We use the following information to improve our products and services, customise the website according to your interests:

  • Which pages you visit;

  • The time of your visit;

  • How long you spend on each page;

  • How long you remain on the website;

  • The method/ by which you were referred to our website, e.g. via Google or social media channel;

  • Your general site browsing habits;

  • The type of device you used to access the website;

  • The type of web browser you used to access the website;

  • The type of operating system you used to access the website;

  • Your network location and IP address.

Where is this personal data stored?

All of the data you give us consent to process when you sign up to GuildhallFeoffmentFC.co.uk is securely stored in a password-protected Google Drive folder. This meets stringent privacy and security standards based on industry best practices.

The Google Drive data centres are independently audited to the following standards:

  • ISO/IEC 27001

  • ISO/IEC 27017

  • ISO/IEC 27018

  • EU Model Contract Clauses

The Google Drive servers are protected from both physical and electronic intrusion at all times using some of the most sophisticated technologies.

3rd party data processors we may use to help process your data

Here is a list of the 3rd party data processors we may use to store or process your personal data:

  • Squarespace

  • Gmail

  • Bury St Edmunds & District Primary School Football League

We are committed to ensuring that all of the above third party data processors that process personal data on our behalf are fully compliant with the GDPR.

Security measures and procedures

We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have analysed the risks presented by our processing and have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.

GuildhallFeoffmentFC.co.uk has an SSL Certificate installed. This means when you are browsing on our website a secure connection will be established, and the connection between your browser and our server will be secure. You can see that our SSL Certificate is working correctly because a padlock or green bar will show in the address bar in your browser, depending on which one you use.

This is a method of cryptography and encrypts the data that is sent from your browser to our server. This means that if a hacker was to intercept that message, they would only be able to see a cryptographic code that it is impossible for them to break. Only the intended recipient of this data (i.e. our secure server) will be able to understand and process it.

We regularly review our information security policies and measures and improve them where necessary. We also conduct regular testing and reviews of our measures to ensure they remain effective. We also make sure that any data processors we use implement appropriate technical measures.

How long do we retain your data?

The GDPR states that personal data should be stored for no longer than is necessary for the purposes for which the personal data is processed. With that in mind, we only store personal data while a player is a current student at Guildhall Feoffment Primary School in Bury St Edmunds.

Data breach policy and procedure

In the event that our database is subject to a data breach, we have a data breach policy and procedure in place to help mitigate against impact this may have on your personal security.

We have prepared a response plan for addressing any personal data breaches and have put a data breach procedure in place.

If it is ascertained that a data breach has, in fact, taken place, we have outlined a process to assess the likely risk to individuals as a result of the breach.

We will then notify the ICO of a breach within 72 hours and the individuals affected without undue delay. We will also provide any affected individuals with advice on how to protect themselves from its effects.

Links to other websites

Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information, which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.

Your rights as a data subject & controlling your personal data

Once you have registered as a member of GuildhallFeoffmentFC.co.uk, you are entitled to:

  • Access the data we hold on you;

  • Rectify the data we hold on you if you believe it to be incorrect;

  • Request that the data we hold on you be erased;

  • Request that we restrict the processing of the data we hold on you;

  • Obtain and reuse the data we hold on you for different services;

  • Object to the use of your data for direct marketing.

To exercise your rights and request any of the above, please email GuildhallFeoffmentFC@gmail.com

We will not charge you to request any of the above, unless the request is deemed to be excessive. In the unlikely event of this happening, we may charge you a small fee to cover the costs of this excessive request.

If you have any concerns about this Privacy Policy or how we handle your personal data, you have the right to lodge a complaint to the GDPR’s supervisory authority in the UK.