As such, while the trading subsidiary has its own board of directors, the Trustees of Clarets in the Community Limited have control over the Group.
There is an intercompany agreement between Clarets in the Community Limited and its trading subsidiary that explains how data may be shared between the two companies in compliance with the General Data Protection Regulation (EU) 2016/679 (‘GDPR’).
Throughout this Policy, any references to the ‘Group’, to the ‘Organisation’, or to ‘we’, ‘us’ and ‘our’ refers to both Clarets in the Community Limited and BFCitC Facilities (Enterprises) Ltd.
The Organisation takes your privacy very seriously and is committed to maintaining your privacy in accordance with the GDPR.
The existence, review and adherence to this Policy is a key control of the Group with regards to risk management. The Group has defined, in its risk strategy, a key control to be: any control which is in place to mitigate more than one identified risk contained in the Principal Risk Inventory.
This Policy is specifically in place to mitigate the following risks listed in the Group’s Principal Risk Inventory which is available on request:
Risk ID Potential Risk from Principal Risk Inventory DAT001 Risk of Inadequate Management of Data and Inadequate Security of Data DAT002 Risk of Compromise of Intellectual Property
- How we use your personal data and the information you provide
Personal data is defined to be: ‘any information relating to an identified or identifiable natural person’
An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
At times we may request that you voluntarily supply us with personal information. Generally, this information is requested when you register to use our website, purchase tickets, email enquiries, contributions or your views to Burnley FC in the Community and enter any promotions or competitions.
Please note that if you choose to participate in any discussion forum on the website, any disclosure of your own personal information to other participants is done so at your own risk.
We may gather and use information about you in one of the following ways:
- If you choose to register to use our website or subscribe to updates on the website we may ask for information such as your name, date of birth, email address and contact details (personal information). We will use this information to administer your user account with us and so that we can tailor and improve the services we offer to you.
- If you choose to give us personal information via the internet (for example in the course of purchasing tickets or merchandising from us), it will be clear how we will use such information. If you tell us that you do not wish to have this information used as a basis for further contact with you, we will respect your wishes.
- Where you have consented to us sending you information we may also use your data for marketing purposes. This may be information that we think may be of interest to you, information about other organisations’ goods and services that we think may be of interest to you.
- Where you have consented to us passing your data to our official partners, sponsors and/or selected third parties to enable them to send you information, we may pass your data to such partners, sponsors and third parties to enable them to send you such information.
- We intend to continue to improve the content and function of the Burnley FC in the Community website. For this reason, we may monitor customer traffic patterns and site usage to help us improve the design and layout of our site and provide content of interest to you.
- If you apply for a job we will use your information for the purposes of recruitment and selection, corresponding with you and equal opportunities monitoring and may hold your information for up to six months in case other suitable opportunities arise.
- Burnley FC in the Community may disclose personal data in order to comply with a legal or regulatory obligation.
- We do not store credit card details, nor do we share customer details with any third parties.
Burnley FC in the Community will not; however, sell or lease your Personal Information to third parties not associated with Burnley FC in the Community, its partners, sponsors and affiliates. If you do not wish to receive marketing and promotional communications from us or our partners, sponsors and affiliates you can choose to opt out when providing your personal information to Burnley FC in the Community.
- How we protect your information
We understand that the security of your personal information is important to you. When handling personal information, security is paramount, and we take appropriate measure to ensure that the information disclosed to us is kept secure, accurate and up to date and kept only for so long as is necessary for the purposes for which it is used. However, the nature of the internet is such that the data may in some circumstances flow over networks without full security measures and could be accessible to unauthorised people.
Burnley FC in the Community will take all reasonable steps to ensure that unauthorised staff and other individuals are prevented from gaining access to your personal data. Burnley FC in the Community will:
- ensure visitors are received and supervised at all times in areas where personal data is stored.
- ensure computer systems containing personal data are password protected.
- ensure that staff know that passwords must be treated as private to the individual and must not be disclosed to others.
- ensure that only those who need to use the data have access.
- instruct staff to not leave their workstation/PC signed on when they are not using it.
- instruct staff to lock away disks, tapes or printouts when not in use.
- instruct staff to exercise caution in what is sent via email and to whom it is sent, and to only transmit personal data by email where agreed compatible security arrangements are in place with partners.
- provide the means to securely dispose of information (electronic and on paper).
- ensure that paper files are stored in secure locations and only accessed by those who need to use them.
- instruct staff not to disclose personal data to anyone other than the data subject unless they have the data subject’s consent, or it is a registered disclosure, required by law, or permitted by a General Data Protection Regulation (EU) 2016/679 exemption.
- instruct staff not to leave confidential information on public display in any form.
- impose a clear desk policy at the end of each day and ask staff to lock sensitive material away safely.
We are not responsible, nor liable for the content, privacy policies or services offered by websites other than our website, including those which link from our website. We encourage you to read and familiarise yourself with the privacy policies, terms and conditions and/or other notices on other third parties’ websites you visit.
- Disclosure for law enforcement purposes
Burnley FC in the Community reserves the right to access and disclose personal information to comply with applicable laws and lawful government requests to operate its systems properly or to protect itself or others. Burnley FC in the Community may attempt to obtain the prior consent of the individual before disclosing the personal information, but it has no obligation to do so.
It may be necessary for us to transfer your information to countries outside the European Union which do not provide the same level of protection as the UK. If we for any reason need to do so we will make sure that the information is transferred in accordance with this Privacy Statement, the General Data Protection Regulation (EU) 2016/679, and other applicable data protection laws so that your personal data is kept secure.
- Children and Young People
The Burnley FC in the Community website is a general audience website. However, we understand that children may visit www.burnleyfccommunity.org and as such, we would encourage all potential users under the age of 16 to talk with their parents or legal guardians before submitting any information to this website, or indeed any other website. Ultimately, Burnley FC in the Community believes that ultimately it is the responsibility of parents or legal guardians to supervise children when online and recommends that parental control tools be put in place.
No information collected from anyone under the age of 18 will be used for any marketing or promotional purposes. If, in the future, Burnley FC in the Community actively collects personal information from children, it will do so in compliance with the General Data Protection Regulation (EU) 2016/679.
- Access to your information
Data protection law gives you various rights including the right to access the personal information that is held about you. In order to do this, please make a written application to the Chief Executive Officer at the address provided below. Burnley FC in the Community may require you to provide verification of your identity and to pay an administrative fee of £10 to provide a copy of the information that it holds.
Please note that in certain circumstances Burnley FC in the Community may withhold access to your information where it has the right to do so under current data protection legislation. You can also request at any time that the personal information we hold about you is updated or corrected.
- Equality and Diversity
The Organisation is committed to the principles of equality and strives to ensure that everyone who wishes to be involved in our Organisation whether as staff, trustees, volunteers, participants or as a general member of the public:
- has a genuine and equal opportunity to do so without regard to their age, disability, gender reassignment, marital or civil partnership status, pregnancy or maternity, race, religion and belief, sex and sexual orientation; and
- can be assured of an environment in which their rights, dignity and individual worth are respected without the threat of intimidation, victimisation, harassment, bullying or abuse.
The Organisation has an Equality and Diversity Policy which is monitored and review annually as a minimum.
We may need to change the terms of this Policy from time to time and changes will be posted on this page. Your continued use of the website will be deemed to be acceptance of amendments we make.
This policy will be reviewed in May 2019 or earlier if there are changes to the relevant course of business.