In this Privacy Notice, references to “we”, “us”, “our” or “SUFC” are to Sutton United Football Club Limited registered in England and Wales with company number 519334 whose registered office is at The Borough Sports Ground, Gander Green Lane, Sutton, SM1 2EY.
For the purposes of the General Data Protection Regulation or “GDPR” (and all other laws relating to the use your Personal Data), we are the “data controller”, meaning that we are responsible for deciding how your Personal Data is used and more importantly, for keeping your Personal Data safe and only using it for legitimate reasons.
We are committed to protecting your privacy and will take all steps necessary to comply with our legal obligations when using your Personal Data. This Privacy Notice explains how we fulfil this commitment, so please read this document carefully.
What Personal Data do we collect?
You may provide us with the following types of Personal Data when you interact with us (when using our digital platforms or otherwise):
- Identity – first name, surname, gender, date of birth
- Contact – email address and address
- Financial – payment card details, billing address, purchase information, payment history
- Profile – username, profile image
- Usage – information about how you use our digital platforms, including time spent on page, click-throughs, download errors
- Technical – IP address, browser type, hardware type, network and software identifiers, device information, operating system and system configuration
We may also receive information about you from third parties, including our commercial partners, ticketing providers and other service providers, social media platforms and law enforcement agencies.
How do we use your Personal Data?
SUFC uses the information collected from you for purposes including the following:
- to provide you with products and services you request (such as tickets, hospitality and merchandise)
- to administer competitions or promotions that you enter into
- to process payments that you make through our digital platforms
- for internal administration and record keeping
- to notify you of changes to this Privacy Notice, our terms and conditions or other changes to our services or products
- to answer your enquiries which may involve contacting you by post, e-mail or phone
- to send you certain types of direct marketing
- to manage legal claims and other compliance/regulatory matters
- to verify your identity and detect and prevent fraud and security issues
- to give you the opportunity to provide us with feedback through reviews and surveys
- to process job applications
What is our legal basis for processing your Personal Data?
We use your Personal Data on the following bases:
- To perform a contract, such as providing products or services to you
- To comply with legal and regulatory obligations
- For legitimate business purposes (see “How do we use your Personal Data” section above)
- In certain cases, with your consent
- We may process your Personal Data for more than one lawful basis depending on the specific purpose for which we are using it. Importantly, we will only use your Personal Data when the law allows us to.
Who do we share your Personal Data with?
We may pass on your Personal Data to government or regulatory authorities or law enforcement officials to assist with their requests and comply with our legal obligations.
SUFC may also disclose your Personal Data to other football clubs and the football authorities to the extent necessary to comply with any football regulations or any investigations in relation to incidents at our matches.
We will not pass on your Personal Data to any third party to market their products/services to you unless we have obtained your consent.
What is our Personal Data retention policy?
We will keep your Personal Data for as long as you are a registered user of one of our digital platforms, or for as long as is necessary for us to provide products or services for you, and for a limited period of time afterwards.
Once you no longer wish to be engaged with SUFC we may still need to keep hold of your data if there is a legal reason for doing so (such as for tax purposes where you have made purchases through one of our digital platforms or where we need to resolve any disputes with you).
How do we keep your Personal Data secure?
We adopt industry standard security processes to ensure your data is kept safe and secure and to prevent unauthorised access or use or loss of your data. We also make sure that third parties who need to handle your data when helping us to deliver our services are subject to suitable confidentiality and security standards.
Despite the security measures we implement, please be aware that the transmission of data via the internet is not completely secure. As such, we cannot guarantee that information transmitted to us via the internet will be completely secure and any transmission is at your own risk.
Your rights as a data subject
At any point whilst SUFC is in possession of or processing your Personal Data, you may have the following rights:
- Right of access – you have the right to request a copy of the Personal Data that we hold about you.
- Right of rectification – you have a right to correct Personal Data that we hold about you that is inaccurate or incomplete.
- Right to be forgotten – in certain circumstances you can ask for the Personal Data we hold about you to be erased from our records.
- Right to restriction of processing – where certain conditions apply you have a right to restrict the processing of your Personal Data.
- Right of portability – you have the right to have the Personal Data we hold about you transferred to another organisation.
- Right to object – you have the right to object to certain types of processing such as direct marketing, as well as processing we undertake based on our legitimate interests.
- Right to object to automated processing, including profiling – you also have the right not to be subject to the legal effects of automated processing or profiling.
If you want to exercise any of these rights, please contact us. You don’t have to pay a fee to exercise your rights, unless your request is clearly unfounded, repetitive or excessive (in which case we can charge a reasonable fee). Alternatively, we may refuse to comply with your request in these circumstances. Where your request is legitimate, we will always respond within one month (unless there is a legal reason to take longer, such as where your request is particularly complex). We may also need you to confirm your identify before we proceed with your request if it is not clear to us who is making the request.
In addition to the above, you may get in touch with the ICO (Information Commissioner’s Office) if you are concerned about the way in which we are handling your Personal Data. However, where possible, we would really appreciate you speaking with us first if you have any concerns.
How to opt-out of SUFC marketing
To unsubscribe from SUFC newsletters or any other marketing emails, you simply need to click on the unsubscribe link at the bottom of the relevant communication you have received. Alternatively, please contact us (as detailed below) to opt-out of these communications.
Changes to this Privacy Notice
If we amend our Privacy Notice, it will be published on the relevant SUFC digital platform(s) so please check back regularly to see if there have been any updates. If we make any substantial changes, we may also email you if it’s appropriate.
If you would like to discuss anything in this Privacy Notice or if you want to exercise your rights, please get in touch:
By Post: Sutton United Football Club Limited, attention of the Data Protection Lead
Knights Community Stadium, Borough Sports Ground,
Gander Green Lane,
Sutton, SM1 2EY
By Email: email@example.com