Last updated 01 May 2018
Armada FC takes your privacy very seriously and is committed to protecting your personal information. This privacy policy sets out the way in which any personal information you provide to us is used and kept secure by Armada FC. It applies whenever we collect your personal data (including when you use our website or other digital platforms), so please read it carefully.
About us
Armada FC is a company which includes entities such as the Armada Foundation, SKILLS Ltd, Armada Youth, Hope Aid, I-Recruit Jobs and the Armada Education programme. This privacy policy applies to all companies within the AFC brand.
About this privacy policy
This privacy policy explains what information we may collect about you, how we may use it, and the steps we take to ensure that it is kept secure. We also explain your rights in respect of your personal data. Please note that our website and other digital platforms may contain links to third party websites / digital platforms which are provided for your convenience. We are only responsible for the privacy practices and security of our own digital platforms. We recommend that you check the privacy and security policies and procedures of each website / digital platform that you visit.
How to contact us about your personal data or this privacy policy
If you have any questions about this privacy policy or about your personal data, please email us at info@armadafc.co.uk or write to us at the following address:
Data Protection Officer
Armada Football Club Limited
192 Edward Road
Birmingham
B12 9LX
Information we collect and what we use it for
All personal information that we collect about you will be recorded, used, and protected by us in accordance with applicable data protection legislation and this privacy policy. We may supplement the information that you provide with other information that we obtain from our dealings with you or which we receive from other organisations, for example, our sponsors and partners.
In broad terms, we use your data for the following purposes:
• to administer and provide products and services you request or have expressed an interest in
• to enable us to administer any competitions or other offers/promotions which you enter into
• to communicate with you in the event that any products or services you have requested are unavailable
• for fraud screening and prevention purposes
• for record keeping purposes
• to carry out market research so that we can improve the products and services we offer
• to track your activity on our digital platforms
• to create an individual profile for you so that we can understand and respect your preferences
• to personalise and improve your experience on our digital platforms
• to personalise and/ tailor any communications that we may send you
• for profiling purposes to enable us to personalise and/or tailor any marketing communications that you may consent to receive from us
When we provide you with products or services we may collect and store any personal information that you provide to us. We may, for example, keep a record of your name, address, delivery address, email address, telephone number and payment card details. We may also record details of any disability or health needs you may have at the time of booking an event or service which will take place at the stadium or any other premises we use to help to ensure your comfort and safety.
When you sign up with us for an online account, register to receive marketing communications from us (and/or our sponsors and partners), enter one of our competitions, fill in one of our forms (whether online or offline) or otherwise expressly provide us with your personal information, we may collect and store any personal information that you provide to us and may use it to personalise and improve your experience on our digital platforms, provide products and services you request from us, and carry out profiling and market research.
When you interact with our digital platforms, we may also automatically collect the following information about your visit. This is primarily to help us better understand how our fans use our digital platforms to enable us to create better content and more relevant communications:
• how you have reached our digital platform and the internet protocol (IP) address you have used
• your browser type, versions and plug-ins, and your operating system
• your journey through our digital platform, including which links you click on and any searches you
made, how long you stayed on a page, and other page interaction information
• which videos you have watched and for how long
• what content you like or share
• which adverts you saw and responded to
• which pop up or push messages you might have seen and responded to
• your subscription status
• information collected in any forms you complete
We may also infer your country of location from the IP address you have used to access our digital platforms and we may analyse which marketing activity led to your taking specific action on our digital platforms.
News, offers and opportunities from us and our sponsors and partners (which we provide only with your consent)
We want you to be the first to know about new signings, competitions, club news, ticket availability and occasional offers from official sponsors and partners. If you haven’t already signed up to receive these exciting benefits please click here. You can unsubscribe by clicking here, or by writing to us at the address above. Please note, if you don’t choose to receive this information, we will be unable to keep you informed of new services, products, events or special offers that may interest you and our ability to inform you of ticketing opportunities may be affected. An up-to-date list of our sponsors and partners is available by clicking here. If you express an interest in an offer from one of our sponsors or partners, they may let us know. If you have given us your consent, you can change your mind at any time by adjusting your preferences in the preference area by clicking here
Disclosure of your information
In order to provide our products and services to you or to otherwise fulfil contractual arrangements that we have with you, we work with other organisations to carry out some of the data processing activities on our behalf. These may include, for example, payment processing organisations, delivery organisations, fraud prevention & screening, credit risk management companies, football school booking agencies, hospitality agencies, weddings & events agencies, EFL Digital and mailing houses.
We may share your data with third parties
(a) if we are under a legal or regulatory duty to do so
(b) if it is necessary to do so to enforce our terms of use, terms and conditions of sale or other contractual rights
(c) to lawfully assist the police or security services with the prevention and detection of crime or terrorist activity
(d) where such disclosure is necessary to protect the safety or security of any persons, and/or
(e) otherwise as permitted under applicable law.
We may share your data with our carefully selected sponsors and partners (as may change from time to time) but we will only do this if you have consented to receive marketing relating from our sponsors and partners or if one of the conditions in the paragraph above applies.
Cookies
In common with many other website operators, we use standard technology called 'cookies' on our website. Cookies are small pieces of information that are stored by your browser on your computer's hard drive and they are used to record how you navigate this website on each visit.
Security of information
We take the security of your personal information seriously. When you submit your credit card details to us, we use industry standard Secure Sockets Layer (SSL) encryption technology to guard your information. In addition, we have security procedures in place to protect our paper based systems and computerised databases from loss and misuse, and only allow access to them when it is absolutely necessary to do so, and then under strict guidelines as to what use may be made of the personal information contained within them.
Where a password is required to access certain areas of our digital platforms, you are responsible for keeping your password secure and confidential. Please do not share or disclose your password to any other person.
Monitoring
We may monitor or record telephone calls for security purposes and to improve the quality of services that we provide to you. Please note that for your safety and security, CCTV is in operation in all of our premises which are open to the public.
If you are under 16
If you are under 16 and register for restricted areas of our digital platforms, we will collect your date of birth and retain that with your name and other details you may provide. This is so we can ensure we treat you in an age appropriate way in line with this policy.
For so long as you are under 16 we will not send you any marketing communications, allow you to access any of our digital platform message boards, or share your details with our commercial partners. However, if you have signed up to receive a product or service we may contact you about this.
If you are the parent or legal guardian of a user of our digital platforms who is under 13, they can access and use unrestricted areas but we will need your direct consent if they wish to gain access to restricted areas. If a user enters a date of birth which indicates they are under 13 when they try to register, our system will request them to provide us with your name and email address so that we can contact you to get your consent. The registration process cannot proceed without this. If we do not hear from you within 7 days, we will assume consent is refused. If you consent, we will complete the registration process. Whether you refuse or provide consent, we will update the child by email.
More about your information - your rights
You may correct or update your personal information at any time by changing your profile on our website. We will securely retain your information for a period of five years and in accordance with applicable law. If you wish to submit a request that your data be deleted, please write to us at the above address. You have the right to receive a copy of the personal information that we hold about you. Please write to us at the address above if you wish to exercise this right. We may charge a small fee towards the cost of administering any request you make. The current fee is £20.00.
If you have subscribed to receive marketing communications, you can unsubscribe here at any time. Please choose any unsubscribing boxes carefully
Changes to this privacy policy
We aim to meet high standards and so our policies and procedures are constantly under review. From time to time we may change this privacy policy. We recommend that you check this page periodically in order to review the latest version.
Where to make a complaint
If you have a complaint regarding any aspect of your personal data or this privacy policy, please write to us at the above address. If you are still not satisfied with the outcome of your complaint, you may write to the Information Commissioner’s Office at the following address:
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
You can also contact the Information Commissioner’s Office using their online form
Last updated 01 May 2018
Definitions
Organisation - means Armada FC, a registered Football Club.
GDPR - means the General Data Protection Regulation.
Responsible Person - means Shahid Khan
Register of Systems - means a register of all systems or contexts in which personal data is processed by the organisation.
1. Data protection principles
The Organisation is committed to processing data in accordance with its responsibilities under the GDPR.
Article 5 of the GDPR requires that personal data shall be:
a. processed lawfully, fairly and in a transparent manner in relation to individuals;
b. collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;
c. adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
d. accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
e. kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals; and
f. Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.”
2. General provisions
a. This policy applies to all personal data processed by the Organisation.
b. The Responsible Person shall take responsibility for the Organisation’s ongoing compliance with this policy.
c. This policy shall be reviewed at least annually.
d. The Organisation shall register with the Information Commissioner’s Office as an organisation that processes personal data.
3. Lawful, fair and transparent processing
a. To ensure its processing of data is lawful, fair and transparent, the Organisation shall maintain a Register of Systems.
b. The Register of Systems shall be reviewed at least annually.
c. Individuals have the right to access their personal data and any such requests made to the organisation shall be dealt with in a timely manner.
4. Lawful purposes
a. All data processed by the organisation must be done on one of the following lawful bases: consent, contract, legal obligation, vital interests, public task or legitimate interests.
b. The Organisation shall note the appropriate lawful basis in the Register of Systems.
c. Where consent is relied upon as a lawful basis for processing data, evidence of opt-in consent shall be kept with the personal data.
d. Where communications are sent to individuals based on their consent, the option for the individual to revoke their consent should be clearly available and systems should be in place to ensure such revocation is reflected accurately in the Organisation’s systems.
5. Data minimisation
a. The Organisation shall ensure that personal data are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
6. Accuracy
a. The Organisation shall take reasonable steps to ensure personal data is accurate.
b. Where necessary for the lawful basis on which data is processed, steps shall be put in place to ensure that personal data is kept up to date.
c. [Add considerations relevant to the Organisation’s particular systems]
7. Archiving / removal
a. To ensure that personal data is kept for no longer than necessary, the Organisation shall put in place an archiving policy for each area in which personal data is processed and review this process annually.
b. The archiving policy shall consider what data should/must be retained, for how long, and why.
8. Security
a. The Organisation shall ensure that personal data is stored securely using modern software that is kept-up-to-date.
b. Access to personal data shall be limited to personnel who need access and appropriate security should be in place to avoid unauthorised sharing of information.
c. When personal data is deleted this should be done safely such that the data is irrecoverable.
d. Appropriate back-up and disaster recovery solutions shall be in place.
9. Breach
In the event of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data, the Organisation shall promptly assess the risk to people’s rights and freedoms and if appropriate report this breach to the ICO (more information on the ICO website).
END OF POLICY