Celtic FC Foundation and its foreign counterparts, such as Celtic FC Foundation, Inc. (referred to as “we”, “us” or “our” in this Policy) respects your privacy and is committed to protecting your personal data. This Policy provides you with information regarding your rights and obligations and explains why, when and how we collect and process your personal data.
We want to be as transparent as possible to ensure that you are fully informed of your rights and how we use your data. This will allow us to provide you with the best experience when you interact with us.
Celtic FC Foundation is a Scottish Charitable Incorporated Organisation (SCIO), with registered number SC024648. Our registered office is at Celtic Park, Glasgow G40 3RE.
We only process your personal data in accordance with our legal, regulatory and contractual obligations and to provide our products and services. If you consent to receiving marketing communications, we will process your personal data in order to provide this. We will not process your data unnecessarily, or in any way other than what is outlined in this Policy.
What personal data do we collect?
We use a variety of personal data depending on the services we deliver to you. When you interact with us through our website/apps or offline, we may collect and process the following information about you:
|Personal Information:||Including name, title, date of birth, gender, username or similar online identifier, password, your interests, preferences, feedback and survey responses.|
|Contact Information:||Including address(es), email address(es) and telephone number(s).|
|Health Data:||Including disability and health information provided to ensure we provide suitable accessibility and dietary arrangements where applicable.|
|Billing and Transaction Data:||Including bank account, payment card details, billing address, details about payments to and from you, products and/or services you have purchased from us and other details of registrations or orders made by you.|
|Technical Data:||Including internet protocol (IP) address, your login data, browser type and version, time zone setting and location, your login history, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.|
|Usage Data:||Including information about how you use our website, events and services.|
|Marketing and Communications Data:||Including your preferences in receiving marketing from us and your communication preferences.|
What special category data do we collect (if applicable)?
From time to time we may process special category data, such as health information, and/or criminal offence data. Data of this kind will only be processed with your explicit consent and only when required in order to deliver a specific project, event or service to you, or to facilitate any additional requirements you may have when attending or participating in one of our projects or events.
Celtic F.C. Foundation takes your privacy seriously. Please be aware that we must collect the contact details of all visitors to Celtic Park or any other locations used by us to support NHS Scotland’s Test and Protect strategy. There is a legal obligation for us to do so. Data collected for the purpose of NHS Scotland’s Trace and Protect will only be shared when directly requested by NHS Scotland will not be used for any other purpose(s) and will be held by us for at least 3 weeks (21 days). For further information on the NHS Scotland Test and Protect strategy please visit the NHS website.
How do we collect your data?
We use personal data which we have obtained for the purposes described in this policy. This may include when you make a donation, sign up to receive updates and/or marketing from us, complete a form (online or offline), or attend or participate in an event or otherwise expressly provide us with your personal data. Your personal data may be gathered in the following ways:
|Directly From You:||Indirectly:|
|· When you subscribe to our mailing list|
· When you visit our website
· When you donate directly to us
· When you receive (or request to receive) a product/service from us
· When you participate in (or request to participate in) one of our events
· When you volunteer or work with us
· When you submit an application or inquiry in relation to volunteering/working with us
· When you engage with us on social media
|· When you have consented to other organisations sharing your data with us (including Celtic FC Limited)|
· When we deliver services as part of a contract
· When you fundraise and/or donate to us via an independent event organiser or fundraising site (e.g. Just Giving), where you have consented to sharing your data with us.
How do we use your data?
We will only use your personal data when the law allows us to. We will not disclose or share your data without your consent, unless we are required to do so by law. Your personal information will only be processed for as long as is necessary for the purposes outlined in this Policy. Most commonly, we will use your personal data in the following circumstances:
- To keep you informed on the work carried out by us and provide you with information on upcoming projects, fundraising initiatives and events, etc.;
- To provide you with products or services ordered or purchased from us or a third party through our websites (such as tickets, event registrations, etc.);
- To allow payments to be made, where required, in advance of the provision of any products or services that you have ordered or purchased. We will share this information with third party payment processors where required for this purpose;
- To administer any competitions or prize draws, which you enter into or to ask you to give feedback or take part in surveys or market research;
- For record keeping;
- For fraud screening and prevention;
- To market to you, where you have agreed to receive marketing communications from us or our partners and personalising our communications with you;
- To personalise and improve your experience on our digital platforms; and/or
- To comply with our legal obligations.
Automated decision making
We do not make any decisions about you by solely automated means.
We may use your personal data to send you marketing communications, where you have:
- Provided us with your express consent to do so; or
- You have purchased goods or services from us and the marketing communications which we send to you relate to similar goods or services to that which you have purchased (soft opt-in).
Legal basis to process data
We will only use your personal data where we have a lawful basis to do so, which will include one or more of the following:
- That we need to use the personal data to perform a contract with you, for example where you have ordered a product or service from us;
- That we need to use the personal data to comply with our legal obligations;
- Where it is fair to use the personal data either in our interests or someone else’s interests, where there is no disadvantage to you, such as asking you to complete a survey to help improve our services; and/or
- That we have your consent, where required.
Your privacy rights
You have the right to see what personal data we hold about you, to ask us to correct inaccuracies or to delete your personal data. You also have the right to ask us to restrict the processing of or object to our processing of your personal data. You are entitled to exercise any of the following privacy rights:
|Right to Object:||You can object to our processing of your personal data. Please contact us as noted below, providing details of your objection.|
|Access to your Personal Data:||You can request access to a copy of your personal data that we hold, along with information on what personal data we use, why we use it, who we share it with, how long we keep it for and whether it has been used for any automated decision making. You can make a request for access free of charge by contacting us as noted below.|
|Right to Withdraw Consent:||If you have given us your consent to use your personal data to send you marketing emails, you can withdraw your consent at any time by emailing us at [email protected]|
|Rectification:||You can ask us to change or complete any inaccurate or incomplete personal data held about you.|
|Erasure:||You can ask us to delete your personal data where it is no longer necessary for us to use it, you have withdrawn consent, or where we have no lawful basis for keeping it.|
|Portability:||You can ask us to provide you or a third party with some of the personal data that we hold about you in a structured, commonly used, electronic form, so it can be easily transferred.|
|Restriction:||You can ask us to restrict the personal data we use about you where you have asked for it to be erased or where you have objected to our use of it.|
If you have any queries or complaints about how we have used your personal data, or would like any further information relating to exercising your rights under this policy, please email us at [email protected] marked for the attention of Secretary. You may also raise a complaint with the supervisory authority – for the UK this is the Information Commissioner’s Office, at https://ico.org.uk/.
You can ask us to stop sending you marketing communications at any time by contacting us at [email protected].
We are committed to providing you with information on products and offers which are relevant to you. If you provide us with your consent to receive marketing communications, we may use your personal data to promote our adverts to you on social media platforms (for example, Facebook or Twitter). Please note, you may receive adverts from us which are not connected to having provided us with your personal data. An example of this may be when a social media platform uses the information provided by users in accordance with its privacy and cookies policies to tailor and target advertisements. We are unable to accept any responsibility for advertisements of this nature.
Sharing your data with others
We will share personal data with relevant third parties where:
- We need to fulfil our contractual obligations with you, such as payment processing, delivery of products and services;
- We look to serve you relevant adverts and for analytical purposes via social media platforms and search engines; and/or
- When we are required to do so contractually (e.g. to receive the appropriate funding or grant);
- We have a legal obligation to do so.
We will only share your personal data with third parties to the extent needed for those purposes. We will also share your personal data with our sub-contractors where it is necessary to do so as follows:
|IT Suppliers:||Information may be stored and processed on systems provided and supported by our third party IT suppliers (such as our provider(s) of cloud hosting services).|
|Payment processors:||For the purposes of processing any payment which you make to us.|
|Delivery organisations:||For the purpose of delivering goods or services ordered from us. This may include Celtic F.C. Limited, where relevant.|
|Funding and Grant Providers:||Data may be shared to monitor participation and report on progress of events/projects.|
Transferring your data outside the EEA
We may need to store or transfer your personal data outside the European Economic Area (EEA) and the UK (to the extent that the UK does not form part of the EEA) to service providers, agents, subcontractors and regulatory authorities in countries where data protection laws may not provide the same level of protection as those in the EEA, such as the USA.
We will only transfer your personal data outside the EEA where either:
- The transfer is to a country which the EU Commission has decided ensures an adequate level of protection for your personal data. Some US providers may also be certified under the EU-US Privacy Shield which confirms they have appropriate measures in place to ensure the protection of your data; and/ or
- We have put in place our own measures to ensure adequate security as required by data protection law. These measures include ensuring that your personal data is kept safe by carrying out strict security checks on our overseas partners and suppliers, backed by strong contractual undertakings approved by the relevant regulators such as the EU style model clauses.
How long do we keep your data?
We will retain your personal data for as long as is necessary to fulfil the purposes for which it was collected, and always in accordance with applicable law. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity, the potential risk of harm from unauthorised use or disclosure, the purposes for which we process your personal data and any relevant legal obligations.
We may update this policy and only notify you if we make any material changes to the manner in which we process and use your personal data. We recommend that you check this page periodically to review the latest version.
Last Updated: March 2020