In this Privacy Notice, references to “we”, “us”, “our” or “DUFC” are to Dundee United Football Club Limited.
For the purposes of the General Data Protection Regulation or “GDPR” (and all other laws relating to the use your Personal Data), we are the “data controller”, meaning that we are responsible for deciding how your Personal Data is used and more importantly, for keeping your Personal Data safe and only using it for legitimate reasons.
We are committed to protecting your privacy and will take all steps necessary to comply with our legal obligations when using your Personal Data. This Privacy Notice explains how we fulfil this commitment, so please read this document carefully.
What Personal Data do we collect?
You may provide us with the following types of Personal Data when you interact with us (when using our digital platforms or otherwise):
- Identity – first name, surname, gender, date of birth
- Contact – email address and address
- Financial – payment card details, billing address, purchase information, payment history
- Profile – username, profile image
- Usage – information about how you use our digital platforms, including time spent on page, click-throughs, download errors
- Technical – IP address, browser type, hardware type, network and software identifiers, device information, operating system and system configuration
We may also receive information about you from third parties, including our commercial partners, ticketing providers and other service providers, social media platforms and law enforcement agencies.
How do we use your Personal Data?
DUFC uses the information collected from you for purposes including the following:
- to provide you with products and services you request (such as tickets, hospitality and merchandise)
- to administer competitions or promotions that you enter into
- to process payments that you make through our digital platforms
for internal administration and record keeping
- to notify you of changes to this Privacy Notice, our terms and conditions or other changes to our services or products
- to answer your enquiries which may involve contacting you by post, e-mail or phone
- to contact you about third-party products and services which we believe may be relevant to you or pass your details on to third parties to contact you directly about the same (in each case, only where you have consented to hear about these)
- to send you certain types of direct marketing
- to improve and personalise your experience of our digital platforms by delivering more relevant content and advertising whilst you browse
- to administer our digital platforms, including trouble shooting, testing and analysis and
- to enable you to participate in interactive features of our digital platforms
- to manage legal claims and other compliance/regulatory matters
- to verify your identity and detect and prevent fraud and security issues
- to give you the opportunity to provide us with feedback through reviews and surveys
- to process job applications
In addition to the above, we may also anonymise and aggregate your personal data in a way which means you cannot be identified. This may be helpful to us for testing our internal systems, carrying out research and general data analysis. Because this data is not personally identifiable, we can use it for any purposes.
What is our legal basis for processing your Personal Data?
We use your Personal Data on the following bases:
- To perform a contract, such as providing products or services to you
- To comply with legal and regulatory obligations
- For legitimate business purposes (see “How do we use your Personal Data” section above)
- In certain cases, with your consent
- We may process your Personal Data for more than one lawful basis depending on the specific purpose for which we are using it. Importantly, we will only use your Personal Data when the law allows us to.
Who do we share your Personal Data with?
DUFC may on occasions pass your Personal Data to third party suppliers who provide services to us (for example in relation to ticketing, payment processing, stadium access, retail operations, recruitment, logistics, legal and accountancy, database management and marketing). DUFC requires these parties to agree to process this information based on our instructions and requirements consistent with this Privacy Notice and GDPR.
We may pass on your Personal Data to government or regulatory authorities or law enforcement officials to assist with their requests and comply with our legal obligations.
DUFC may also disclose your Personal Data to other football clubs and the football authorities to the extent necessary to comply with any football regulations or any investigations in relation to incidents at our matches.
We will not pass on your Personal Data to any third party to market their products/services to you unless we have obtained your consent.
Do we send your Personal Data outside the EEA?
The European Economic Area or “EEA” is deemed to have good standards when it comes to data privacy. As such, we consciously limit the occasions when we may need to transfer or handle your Personal Data outside of the EEA. Where we do, for example where our service providers are based outside of the EEA, we make sure that your Personal Data is still treated fairly and lawfully in all respects (including making sure we have a legal ground for sending your data outside the EEA and putting in place all necessary safeguards for such arrangement).
What is our Personal Data retention policy?
We will keep your Personal Data for as long as you are a registered user of one of our digital platforms, or for as long as is necessary for us to provide products or services for you, and for a limited period of time afterwards.
Once you no longer wish to be engaged with DUFC we may still need to keep hold of your data if there is a legal reason for doing so (such as for tax purposes where you have made purchases through one of our digital platforms or where we need to resolve any disputes with you).
How do we keep your Personal Data secure?
We adopt industry standard security processes to ensure your data is kept safe and secure and to prevent unauthorised access or use or loss of your data. We also make sure that third parties who need to handle your data when helping us to deliver our services are subject to suitable confidentiality and security standards.
Despite the security measures we implement, please be aware that the transmission of data via the internet is not completely secure. As such, we cannot guarantee that information transmitted to us via the internet will be completely secure and any transmission is at your own risk.
Your rights as a data subject
At any point whilst DUFC is in possession of or processing your Personal Data, you have the following rights:
- Right of access – you have the right to request a copy of the Personal Data that we hold about you.
- Right of rectification – you have a right to correct Personal Data that we hold about you that is inaccurate or incomplete.
- Right to be forgotten – in certain circumstances you can ask for the Personal Data we hold about you to be erased from our records.
- Right to restriction of processing – where certain conditions apply you have a right to restrict the processing of your Personal Data.
- Right of portability – you have the right to have the Personal Data we hold about you transferred to another organisation.
- Right to object – you have the right to object to certain types of processing such as direct marketing, as well as processing we undertake based on our legitimate interests.
- Right to object to automated processing, including profiling – you also have the right not to be subject to the legal effects of automated processing or profiling.
If you want to exercise any of these rights, please contact us in writing. You don’t have to pay a fee to exercise your rights, unless your request is clearly unfounded, repetitive or excessive (in which case we can charge a reasonable fee). Alternatively, we may refuse to comply with your request in these circumstances. Where your request is legitimate, we will always respond within one month (unless there is a legal reason to take longer, such as where your request is particularly complex). We will also need you to confirm your identify (Passport or driving licence) before we proceed with your request if it is not clear to us who is making the request.
In addition to the above, you may get in touch with the ICO (Information Commissioner’s Office) if you are concerned about the way in which we are handling your Personal Data. However, where possible, we would really appreciate you speaking with us first if you have any concerns.
How to opt-out of DUFC marketing
To unsubscribe from DUFC newsletters or any other marketing emails, you simply need to click on the unsubscribe link at the bottom of the relevant communication you have received. Alternatively, please contact us (as detailed below) to opt-out of these communications.
Changes to this Privacy Notice
If we amend our Privacy Notice, it will be published on the relevant DUFC digital platform(s) so please check back regularly to see if there have been any updates. If we make any substantial changes, we may also email you if it’s appropriate.
If you would like to discuss anything in this Privacy Notice or if you want to exercise your rights, please get in touch:
Dundee United Football Club Limited,
By Email: firstname.lastname@example.org