DATA PROTECTION STATEMENT AND PRIVACY NOTICE
Purpose of Statement
- This statement and notice sets out how Histon FC complies with the General Data Protection Regulation (GDPR) and safeguards personal data of those involved with the Club.
What is Personal Data?
- Personal data comprises all information about a person which allows that person to be identified as an individual. Histon FC treats this as including a person’s name, home, work and email addresses, mobile and landline phone numbers, date of birth, gender, salary, bank account details, references, qualifications, photograph, emergency contact details, and any other information held or used by the Club whether on paper or in electronic form. Histon FC collects, uses, stores and transfers personal data in appropriate ways as a necessary activity in the operation of a football club.
Why does Histon FC hold Personal Data?
- Histon FC holds personal data so that we can recognise and contact individual members of the groups of people listed below. The GDPR requires the Club to identify a lawful basis for holding data in each case. The lawful bases which may be used are consent, contract, legal obligation, vital interests, public tasks, and legitimate interest. The bases identified by the Club are shown below in parentheses (vital interests and public tasks are not generally relevant to football clubs):
- Our shareholders (legal obligation);
- Our directors (legal obligation and legitimate interest);
- Staff and professional players (contract, legal obligation, and legitimate interest, plus consent to holding of health and fitness data);
- Unpaid officials and volunteers (contract, legitimate interest, plus consent to provision of information in programmes, websites etc);
- Amateur players (contract, legitimate interest, plus consent to provision of information in programmes, websites etc, plus consent to holding of health and fitness data);
- Our season ticket holders (contract and legitimate interest);
- Our sponsors (contract and legitimate interest);
- Participants in our fund raising activities (contract and legitimate interest);
- Those with whom we contract for supply of services to the Club (contract);
- Those with whom the Club contracts to provide services (eg ground share) (contract and legitimate interest);
- Grant funding organisations and partners (legitimate interest);
- The football officials with whom we are required to deal from the FA, the Cambs FA, the leagues in which our teams play, and other clubs (contract and legitimate interest);
- The directors and officials of Histon FC Holdings, which owns the Bridge Road ground (contract and legitimate interest);
- The parents or guardians of players under the age of 13 (who must give consent to the Club holding personal data about their children) (legitimate interest);
- The Club’s fans and supporters, to the extent that they wish us to do so (consent).
- Histon FC also holds personal data:
- In order to provide information as necessary to meet the legitimate requirements of the relevant football authorities, including participation in the Whole Game System administered by the FA;
- In order to provide information as necessary to meet the legitimate requirements of the relevant education authorities;
- As required by the law;
- In order to monitor and improve the health and fitness of players;
- In order to provide appropriate information about Histon FC, its players and officials to those with an interest in the Club (including other clubs with which we play fixtures), by means of websites, match programmes, social media, and other means.
How does Histon FC obtain Personal Data?
- Individuals may provide personal information when requested to do so by the Club, or in the normal course of their dealings with the Club, or information may be obtained from other sources in the normal course of the Club’s legitimate activities. Information may be obtained in writing or online or by contact with the Club by telephone, email, text, social media or other means.
How does Histon FC manage Personal Data?
- The Club’s fans and supporters are contacted (as set out in paragraph 3 above) only where individuals have confirmed that they wish to receive information.
- Personal data relating to the health and fitness of players (as set out in paragraph 4 above) is held only with the explicit consent of the players concerned.
- Personal data is publicised in websites, match programmes, social media and other means (as set out in paragraph 4 above) only with the permission of the players and other individuals concerned.
- Except where permission has been given by the individuals concerned, the Club sends communications to email contact groups on a BCC (“blind carbon copy”) basis so that email addresses are not inadvertently shared with others.
- Histon FC takes reasonable care to ensure that personal data held by the Club is:
- Held securely;
- Accessed only by those who need to see it;
- Accurate, up to date, easily amended if incorrect, and limited to what is required;
- Shared with third parties only when this is necessary;
- Used only for the purposes for which it was obtained, or as agreed by the individual, and which relate to Histon FC;
- Not held for longer than it is needed.
- Any individual for whom the Club holds personal data may see that data on request to the Club, may require the Club to correct any incorrect information, may withdraw or amend any consent previously given to use of data, and may request the Club to delete or destroy or restrict the use of information where it is appropriate to do this.
- If an individual fails to provide, or withdraws, personal data which Histon FC needs in order to fulfil its responsibilities, it may not be possible for the Club to honour or administer that individual’s links with the Club.
- Histon FC will never sell personal data to other parties.
- The Board is responsible for the terms of this statement and notice, and for the Club’s compliance with it.
- This statement and notice may be amended from time to time, and the latest version will always be available on the Club website.
- Any comments or questions on this statement, any complaints about its operation, any theft or loss of personal data held by the Club, and any breaches in compliance with the statement and/or the GDPR, should be reported to the Club for consideration by the Board.
- An individual has the right to complain about the Club to the UK’s data protection supervisory authority, the Information Commissioner’s Office.
- This statement and notice is supported by a Data Protection Policy which is available to all Histon FC staff members, volunteers and others who come into contact with personal data in the course of their involvement with the Club