Sunderland Association Football Club Limited (“the Club”) take your privacy very seriously and is committed to protecting your personal data and handling it responsibly.
This policy sets out how the Club uses and looks after the personal information collected from you.
We collect information whenever you interact with us and this interaction includes but is not limited to when you attend a football game or such other event at the Stadium of Light, when you use our website, when you buy a ticket, when you buy merchandise, or just get in touch with us.
What personal data we hold on you
Personal data means any information about an individual from which that individual can be identified.
We collect, use, store and transfer some personal data of our participants and their parents or guardians, and other Club members.
We are the data controller, responsible for the processing of any personal data you give us.
We take reasonable care to keep your information secure and to prevent any unauthorised access to or use of it.
You provide information about yourself when you register with the Club, and by filling in forms at an event or online, or by corresponding with us by phone, e-mail or otherwise.
The information we collect includes:
- Your name, date of birth, address, e-mail address, phone number, gender, and the contact details of a third party in the case of emergency
- Marketing preferences, including any consents you have given us
- Browser and device information
- Track information about attendance at events at the Stadium of Light
- Information about your use of the Club website and social media
- Photo or video footage (we will only do this is you are over 13 and we have your consent or you have provided consent by default under the Ground Regulations)
- Our access control provider lets us track ticket users
- Our ticket provider links with our data analytics provider and lets us know if you have bought a ticket for a football game or event
- Our data analytics provides us with insights from data sets about our supporters
We may also ask for relevant health information, which is classed as special category personal data, for the purposes of your health, wellbeing, welfare and safeguarding.
Where we need to collect personal data to fulfil Club responsibilities and you do not provide that data, we may not be able honour or administer your membership.
Why we need your personal data
We will only use personal data for any purpose for which it has been specifically provided.
The reason we need participants’ and members’ personal data is to be able to run the football club and arrange matches; to administer memberships, and provide the membership services you are signing up to when you register with the club.
We have set out below a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
- We process your personal data when necessary to pursue our legitimate interests in the following:
- Enforce ticket terms and conditions
- Processing job applications
- Legal claims, compliance, regulatory and investigative matters including using incident reports and CCTV footage to protect the security of spectators and staff and pass information to law enforcement agencies
- Responding to comments or complaints
- Receipts for purchases made
- Checking/verifying credit or debit card details in order to process transactions or prevent fraudulent activity
- Analysing your engagement with us to help tailor information we send to you
- Sharing data with committee members to provide information about club activities, membership renewals or invitation to social events sharing data with third party service or facility providers safeguarding issues and concerns
You have a right to object to any processing that we undertake for our legitimate interests.
We are legally required to process your personal data in cases where we need to comply to a legal obligation to which the Club is subject under UK or EU Law.
This may include:
- Responding to requests by government or law enforcement authorities such as HMRC
- Local council safety requirements to collect CCTV footage
Performance of a contract
Where we have a contract with you we will rely on the contractual provisions in order to process your personal data.
This may include:
- Processing membership forms and payments/ subs
- Organising matches
- Sending out match or Club information and updates
- Sharing data with coaches, managers or officials to run training sessions or enter events
- Sharing data with leagues we are in membership of, county associations and other competition providers for entry in events
Whereever we rely on consent to process your personal data you can withdraw your consent at any time by writing to us at the email address below.
You will have opted-in to receive information about the Club in the form of a newsletter or email and such will contain offers, promotions or information specifically relating to the Club and our commercial partners.
You will have set your preferences on our website or have been talked through it at the point of purchase.
We will only ever send you information you have requested to receive by email, SMS or phone and you can update and/or amend your preferences at any time.
Who we share your personal data with
The Club is a member of the English Football League (“EFL”) and is subject to the EFL rules and regulations. We may disclose your personal information to the EFL where required for the purposes of complying with the rules and regulations. The EFL will respect the security of your personal data and treat it in accordance with the law. Further information about the EFL’s use of personal data generally can be found in the EFL Privacy Notice available at https://www.efl.com/efl-privacy-notice.
When you become a member of the Club, your information, if you are a coach or volunteer will be or if you are another participant may be (depending upon which league(s) your team plays in) entered onto the Whole Game System database, which is administered by the FA. We also pass your information to the County FA and to leagues to register participants and the team for matches, tournaments or other events, and for affiliation purposes.
We may share your personal data with selected third parties, suppliers and sub-contractors such as referees, coaches or match organisers. Third-party service providers will only process your personal data for specified purposes and in accordance with our instructions.
We may disclose your personal information to third parties to comply with a legal obligation; or to protect the rights, property, or safety of our participants, members or affiliates, or others. The Club’s data processing may require your personal data to be transferred outside of the UK. Where the Club does transfer your personal data overseas it is with the sufficient appropriate safeguards in place to ensure the security of that personal data.
The following applies to the processing handled by our commercial partner FanLogic (the registered trade name for Fan Data Pools Limited), and is permissible under the consent you have given relating to our third party / commercial partners mailing list.
FanLogic will process the personal data you have provided us (i.e. your name, email address, telephone number/s, address and date of birth) with other personal data (such as your lifestyle data) that you have already provided to public sources and is publicly available (such as research surveys, open data, government data), to provide you with rewards, special offers and promotions. Your personal data will be used only for these purposes and it will not be shared or disclosed to any anyone other than FanLogic’s appointed sub-processors (click here for the most up to date list).
FanLogic stores your personal data securely using suitable physical, electronic and managerial procedures, security measures and appropriate safeguards to prevent its unauthorised access, use or disclosure. It is stored in the UK and is not transferred to any countries outside the EU. It is kept and used only for as long as is necessary for the stated purposes and it is deleted when those purposes no longer apply and / or you withdraw your consent, which you may do at any time.
You have the right to request access to and rectification or erasure of your personal data; or restriction of the processing concerning it; and, you may object to its processing. You may ask for your data in a portable format, or for it to be transmitted to another company on your behalf. You may also ask that the data is not processed for automated decision making. You may contact us to withdraw your consent to processing by FanLogic at any time and you also have the right to lodge a complaint with the supervisory authority (the UK’s Information Commissioner's Office).
If you would like to know what personal data FanLogic holds about you or would like a copy of the data or exercise any of your rights, please contact us via the email address as shown below.
Notice effective date: 2 August 2019
Protection of your personal data
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
How long we hold your personal data
We keep personal data on our participants and members while they continue to be a participant or member or are otherwise actively involved with the Club and for a limited period of time afterwards (in case, for example, you decide to reactive your membership). We will delete this data after a participant or member has left or otherwise ended their membership or affiliation, or sooner if specifically requested and we are able to do so. We may need to retain some personal data for longer for legal or regulatory purposes.
Your rights regarding your personal data
As a data subject you may have the right at any time to request access to, rectification or erasure of your personal data; to restrict or object to certain kinds of processing of your personal data, including direct marketing; to the portability of your personal data and to complain to the UK’s data protection supervisory authority, the Information Commissioner’s Office about the processing of your personal data.
We may update this Privacy Notice from time to time, and will inform you to any changes in how we handle your personal data but we advise that you check by on this page for any changes from time to time.
Policy effective date 21 May 2018. If you have any questions about this Privacy Notice then please contact GDPR@safc.com