Brighton & Hove Albion Foundation (“we” and “us”)
American Express Stadium
Registered charity in England and Wales (No. 1110978)
2. Summary of how we use your data
Brighton & Hove Albion Foundation uses your personal data to allow you to use the features in our content, to administer your online and offline relationships with us, to manage the safety of our events, to comply with our legal obligations and to provide you with our services and other offerings. Some of this information will be provided by you, and others will be generated by us or provided by third parties.
Sometimes we may need to collect some health data about you to run our events, either to comply with requirements to give you equal access or to ensure you are kept safe. We process this with your consent.
Where we rely on your consent, such as for direct marketing purposes, you can withdraw this consent at any time. We promise to respect any personal data you share with us, or that we get from other organisations, and keep it safe. We aim to be clear when we collect your data and only process it in a way you would reasonably expect.
You can opt-in to our marketing communications to hear more about the work we do, the services we provide and how you can help us raise funds. If you would like to receive such communications but have not opted in please contact us on 01273 878265 or firstname.lastname@example.org.
For more information on your rights, including your right to object to our processing, you can see our full policy below.
3. What information do we collect about you
We collect information in the following ways:
When you give it to us DIRECTLY
Some of the ways you may give us your information are:
- Registering online.
- Filling in a form.
- Registering for marketing communications.
- Interactions with us on social media.
- Records of events you’ve attended, or campaigns or activities that you’ve been involved in.
- Taking part in an education course with us.
- When making a donation or processing a transaction.
- Information on your IP location when visiting our website.
Sometimes when you support us, your information is collected by an organisation working for us but we are responsible for your data at all times.
When we receive information about you INDIRECTLY
Your information may be shared with us by another organisations or businesses we work with or receive funding from, where we need that information so that we can deliver a session or service to you. Below is a list of some of the organisations we work with who might pass us on your details:
- Regional County Council.
- Schools, Colleges & other FE Establishments.
- Charities and community groups.
- Regional District Council.
- Regional Clinical Commissioning Groups.
This list is not exhaustive and may include other third parties we work with.
If you are supporting our charity through fundraising, your information (such as your name, contact details, gender and date of birth) may also be provided to us by independent fundraising platform, for example:
- Virgin Money Giving.
- Facebook giving.
- Charity Aid Foundation.
- Charity Stars.
We may generate or collect information about you ourselves. In an online context, much of this is set out in our Cookies section. In an offline context, we may particularly collect information about you in completing health and safety records or risk assessments or by keeping registers of those who attend our services.
Occasionally we obtain data from external sources. For example, we may check against Royal Mail’s National Change of Address database to ensure that the address we have listed for you is up to date.
Sometimes, we receive information about you from other third parties. For example, if you login to a site or app using Facebook Connect you will be asked if you wish to share information from your Facebook account with us. If you use a “like”, “follow” or a “share” button for a feature on our sites or apps, then the third party will share information with us. If you participate in activities on other sites or apps – such as participating in a Facebook application – you may allow us to have access to personal data held by Facebook, or other site or app owners.
We may make use of profiling methods to enable us to send you relevant and timely communications. To do this we may use external sources of geodemographic and consumption data such as CACI Acorn and MOSAIC. Examples of such information include newspaper readership, leisure interests and indicators of financial status such as house value. These will be based on your postcode rather than being specific to you as an individual.
We may collect information about certain supporters from public sources including public registers (such as Companies House), news and other media. This will mostly relate to well-known or influential people and is the exception rather than the rule.
The information we get from other organisations may depend on your privacy settings or the responses you give, so you should regularly check them. This information comes from the following sources:
In line with data protection legislation we don’t collect, store or process personal information for under 13 years old unless we have express permission from a parent or guardian.
4. How we use your data, and our legal basis
Brighton & Hove Albion Foundation collects our participants’ and donors’ details because it is necessary for:
- Completing a contract which you may have entered into (see more details below)
- The pursuit of our legitimate interests (as set out below) or;
- To comply with our legal obligations
- To protect your vital interests
We may also seek your consent for certain processing. You have the right to withdraw your consent at any time.
Opt-in consent is used where you have given us express permission to contact you by particular communication channels. We use opt-in consent to send you direct marketing communications by email, text message (SMS), mail and telephone (if you are registered with the Telephone Preference Service).
Completing a contract
When you purchase a service or product from us we are both entered into a legally binding contract. You may have entered into this by purchasing a football place from our website, registering for an education or health program we provide or signing up for a fundraising event we in which we are taking part.
We process your data under the ground of legitimate interest this includes:
- For the completion of our charitable aims and objectives.
- Sending communications which are linked to a previous service you have been provided, or carrying out digital or postal marketing.
- Providing products or services you have requested (and where this does not involve a contract with you).
- Monitoring use of our websites and online services, and using information we receive about our offline activities to help us analyse, monitor, improve and protect our products, content, services and websites, both online and offline.
- Investigating any complaints received from you or from others about our products or services.
- Protecting our participants safety, health and welfare.
- Carrying out market research.
- Processing in connection with legal claims, compliance, regulatory and investigative purposes as necessary (including disclosure of data in connection with legal process or litigation).
To comply with legal obligations
We process your data where we are required to hold or collect personal data to meet legal requirements on us, such as keeping health and safety records, details of purchases or meeting safeguarding requirements. We also may process your data where in response to requests by government or law enforcement authorities conducting an investigation.
Exceptionally, we may process sensitive data for the purposes of protecting your vital interests. This will occur when we need to collect or use sensitive data in a way to which you have not consented, and we cannot seek your consent.
5. Relying on our legitimate interests
We have carried out balancing tests for all the data processing we carry out on the basis of our legitimate interests, which we have described above. You can obtain information on any of our balancing tests by contacting us using the details set out later in this notice.
6. Withdrawing consent or otherwise objecting to direct marketing
Wherever we rely on your consent, you will always be able to withdraw that consent, although we may have other legal grounds for processing your data for other purposes, such as those set out above. In some cases, we are able to send you direct marketing without your consent, where we rely on our legitimate interests. You have an absolute right to opt-out of direct marketing, or profiling we carry out for direct marketing, at any time. You can do this by following the instructions in the communication where this is an electronic message, or by contacting us using the details set out in this policy.
7. Website, cookies and links to other sites
When you visit one of our websites, we collect, process and use informing about you and your use of the website, including any forums you visit and how you arrived at our Site. Such information may be collected through “traffic data” and may entail the use of “cookies” or other tracking technologies, IP Addresses or other numeric codes used to identify your computer. In addition, the type of device you’re using to access our website or apps and the settings on that device may provide us with information about your device, including what type of device it is, what specific device you have, what operating system you’re using, what your device settings are, and why a crash has happened. Your device manufacturer or operating system provider will have more details about what information your device makes available to us.
Our cookies help us:
- Make our website work as you’d expect.
- Remember your settings during and between visits.
- Improve the speed/security of the site.
- Allow you to share pages with your social networks like Facebook.
- Continually improve our website for you.
For more information on all of this processing, please see the Brighton & Hove Albion Foundation Cookies Policy.
8. Payment security
All electronic forms that request financial data will use the Secure Sockets Layer (SSL) protocol to encrypt the data between your browser and our servers. If you use a credit card to donate, purchase a booking or purchase something online we will pass your credit card details securely to our payment provider.
Brighton & Hove Albion Foundation complies with the payment card industry security standard (PCI-DSS) published by the PCI Security Standards Council, and will never store card details.
Brighton & Hove Albion Foundation cannot guarantee the security of your home computer or the internet, and any online communications (e.g information provided by email or our website) are at the user’s own risk.
9. Sharing your information
When you sign up for our programs, in certain circumstances we will share your details with a third party. We will always make you aware before we share your data.
In some cases, we share analytical and anonymised data with our funders or partners, which allow us to continue our work. This means they cannot see any of your personal information but may see details such as, how many participants took part in a program, what was the average age of the attendees etc.
Personal data may be shared with government authorities and/or law enforcement officials if required for the purposes above, if mandated by law or if required for the legal protection of our legitimate interests in compliance with applicable laws.
Personal data will also be shared with third party service providers, who will process it on behalf of Brighton & Hove Albion Foundation for the purposes identified above. Such third parties include providers of website hosting, security services, maintenance, mailing houses, call centre operations and identity checking.
Where information is transferred outside the EEA, and where this is to a stakeholder or vendor in a country that is not subject to an adequacy decision by the EU Commission, data is adequately protected by EU Commission approved standard contractual clauses, an appropriate Privacy Shield certification or a vendor’s Processor Binding Corporate Rules. A copy of the relevant mechanism can be provided for your review on request.
10. How long we keep your information
We will keep the personal data you have provided only for as long as we are required in order to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
If you have allowed us to carry out marketing to you, we will continue to do so until you opt out. If you choose to opt out of any of our marketing schemes or sessions that we run, we will record this fact and not contact you regarding them,
We will keep a record of the fact that you have asked us not to contact you so that we can respect your request in the future.
Where we process personal data in connection with performing a contract, we may keep the data for 3 years from your last interaction with us or longer due to contractual requirements.
Where we process personal data to meet legal requirements, we hold this for as long as the law requires – for example, we hold health and safety accident records for 6 years.
If you would like more information on how long we keep your information please email email@example.com.
11. Keeping your information up to date
We really appreciate it if you let us know if your contact details change. You can do this by emailing firstname.lastname@example.org
12. Your rights
You have the right to ask us for a copy of your personal data; to correct, delete or restrict (stop any active) processing of your personal data; and to obtain the personal data you provide to us for a contract or with your consent in a structured, machine-readable format.
In addition, you can object to the processing of your personal data in some circumstances (in particular, where we don’t have to process the data to meet a contractual or other legal requirement, or where we are using the data for direct marketing).
These rights may be limited, for example if fulfilling your request would reveal personal data about another person, or if you ask us to delete information which we are required by law to keep or have compelling legitimate interests in keeping.
To exercise any of these rights, you can get in touch with us using the details set out below, or you are able to lodge a complaint through the Brighton & Hove Albion Foundation complaints process. If you have unresolved concerns, you have the right to complain to an EU data protection authority where you live, work or where you believe a breach may have occurred. This is likely to be the Information Commissioner’s Office in the UK.
Data that is mandatory is indicated on relevant forms that you complete. Where provision of data is mandatory, if relevant data is not provided, then we will not be able to fulfil your requests to register, make a purchase or otherwise engage with us. All other provision of your information is optional.
We hope that we can satisfy queries you may have about the way we process your data. If you have any concerns about how we process your data, or would like to opt out of direct marketing, you can get in touch at email@example.com or by writing to the Data Manager, American Express Community Stadium, Village Way, BN1 9BL.
CCTV systems are in use at both the American Express Community Stadium and The American Express Elite Football Performance Centre and is also used at some of the other venues where our sessions are delivered. These systems are for the purposes of public and staff safety and crime prevention and detection.
In all locations, signs are displayed notifying you that CCTV is in operation and providing details of who to contact for further information about the scheme.
Images captured by CCTV will not be kept for longer than necessary. However, on occasions there may be a need to keep images for longer, for example where a crime is being investigated.
You have the right to see CCTV images of yourself and be provided with a copy of the images.
Body-worn cameras incorporating audio recording are used by security personnel at both the American Express Community Stadium and The American Express Elite Football Performance Centre when necessary for operational purposes.
The aim of the technology is to:
- Promote the safety of the officers.
- Reduce the potential number of confrontational situations experienced by officers.
- Reduce potential escalation of incidents.
- Augment opportunities for evidence capture.
You have the right to see images/audio recordings of yourself in accordance with data protection legislation and be provided with a copy of the images.
We will only disclose images and audio to other authorised bodies who intend to use it for the purposes stated above. Images and audio will not be released to the media for entertainment purposes or placed on the internet for public viewing.
We operate CCTV and disclose in accordance with the codes of practice issued by the Information Commissioner and the Home Office.
14. The Fundraising Preference Service
Brighton & Hove Albion Foundation is registered with the Fundraising Regulator, who manage the Fundraising Preference Service.
If you have registered your details with the fundraising preference service and do not wish to receive communications from us about our fundraising, we will not include you in future fundraising communications.
You can register for the fundraising preference service or change your preferences on the fundraising preference service website – https://public.fundraisingpreference.org.uk/
This policy will be reviewed every 3 years or upon a change in legislation, circumstance or relevant incident.
Name: Martin Perry – Chair of Trustees
To read our policy, please click below.