Derby County FC Fans Forum
updated 15th February 2018
ATTENTION: IMPORTANT LEGAL NOTICE
This notice is issued by Derby County FC Fans Forum, owned and operated by Mr David Hinds, ("we", "us", “our”) and we are committed to protecting and respecting your privacy.
For the purpose of the Data Protection Act 1998 (the “Act”), and the General Data Protection Regulation (“GDPR”) the data controller is Mr David Hinds.
You are not required to provide the personal information that we request, but, if you choose not to do so, it may not be possible for us to provide the level of service that you would otherwise receive.
1. Information we may collect from you
1.1. Information collected directly from you
1.We may collect the following information directly from you:
(a) Your name, gender, e-mail address; and
(b) Information that you provide by engaging in forums on the website, by filling in forms on www.dcfcfans.uk; or by corresponding with us by e-mail or otherwise, for instance, through surveys.
2. We may also collect information when you:
(a) report a problem with the Site;
(b) register to use the Site;
(c) enter a competition, promotion, or survey; or
(d) participate in discussion boards or other social media functions on the Site (including our blog).
1.2 Information collected automatically
We may collect some information automatically and store it in log files. This information includes Internet Protocol (“IP”) addresses, browser type and language, Internet Service Provider (“ISP”), referring and exit websites and applications, operating system, date/time stamp, and clickstream data.
We use this information to understand and analyse trends, to administer the Site, to learn about, subscribers’, users’, visitors’, members’ or guests’ (“Visitor”) behaviour on the Site, to improve our product and services, and to gather demographic information about our Visitors as a whole.
1.3 Information collected via Third Parties
We may collect the information via trusted third parties who provide services to you through different websites we operate or other services we provide including business partners, sub-contractors, advertising networks, analytics providers, search information providers, credit reference agencies, and website, hosting and maintenance providers.
2.2. Unless otherwise indicated, the Site does not store any information that would, on its own, allow us to identify Visitors without their permission. Any cookies that may be used by this Site are used either solely on a per session basis or to maintain Visitor preferences. Cookies are not shared with any third parties.
2.4. If you wish to disable cookies, you may do so through your individual browser options. More detailed information about cookie management with specific web browsers can be found at the browsers' respective websites.
3. Uses made of the information
3.1. We use information held about you in the following ways:
3.1.1 to manage any registered accounts that you hold with us;
3.1.2 to verify your identity;
3.1.3. to train our employees in respect of providing services to Visitors;
3.1.4. to ensure that content from our Site is presented in the most effective manner for you and for your computer and as part of our efforts to keep our Site safe and secure;
3.1.5. to administer our Site;
3.1.6. to carry out internal operations, including troubleshooting, data and statistical analysis, testing and research;
3.1.7. to send you our promotional materials (or promotional materials of Derby County Football Club) or provide you with information regarding special offers and new ranges that you request from us or which we feel may interest you;
3.1.8. to monitor and understand the interests and preferences of fans of Derby County Football Club and Visitors;
3.1.9. to allow you to participate in interactive features of our service, when you choose to do so;
3.1.10. to notify you about changes to our service; and
3.1.11. where we have a legal duty to use or disclose your information (for example, in relation to an investigation by a public authority or in a legal dispute).
4. Legal basis for us processing your personal data
In general, we only rely on consent as a legal basis for processing in relation to sending direct marketing communications to you via email or post.
You have the right to withdraw consent at any time and where consent is the only legal basis for processing, we will cease to process data after your consent is withdrawn.
4.1.1. We collect and use your personal data because it is necessary for:
(a) complying with our legal obligations; or
(b) the pursuit of our legitimate interests including but not limited to:
(i) supplying services to you;
(ii) protecting Visitors, employees and other individuals and maintaining their safety, health and welfare;
(iii) promoting, marketing and advertising our products and services or those of Derby County Football Club;
(iv) understanding our Visitors’ behaviour, activities, preferences, and needs;
(v) improving existing services and developing new ones;
(vi) complying with our legal and regulatory obligations;
(vii) preventing, investigating and detecting crime, fraud or anti-social behaviour and prosecuting offenders, including working with law enforcement agencies;
(viii) handling Visitor contacts, queries, complaints or disputes;
(ix) protecting us, our employees and Visitors, by taking appropriate legal action against third parties who have committed criminal acts, or are in breach of legal obligations to us;
(x) effectively handling any legal claims or regulatory enforcement actions taken against us;
(xi) training our employees in respect of providing services to Visitors.
5. Disclosure of your information to third parties
5.1. Service Providers
1. In order to make certain services available to you, we may need to share your personal data with members of our group and some of our service partners including:
(a) Derby County Football Club in order to assist them in tailoring their communications to you and understanding the interests and preferences of their fans and Visitors;
(b) advertisers and advertising networks that require the data to select and serve relevant adverts to you and others;
(c) analytics and search engine providers that assist us in the improvement and optimisation of our Site;
(d) business partners, suppliers and sub-contractors for the performance of any contract we enter into with them in relation to processing or delivering your goods; and/or
(e) any other business partner, supplier or subcontractor.
5.2. Other Third Parties
5.2.1 Aside from our service providers and/or Derby County Football Club, we will not disclose your personal data to any third party, except as set out below and we will never sell or rent your data to other organisations for marketing purposes.
5.2.2 We may, however, share your data with:
(a) prospective sellers or buyers, in the event that we sell or buy any business or assets, in which case we may need to disclose your personal data to a prospective buyer or seller; and
(b) prospective third parties which acquire our assets, in the event that we are acquired by a third party, in which case personal data we hold will be transferred to the third party acquiring our other assets.
(c) Governmental bodies, regulators, law enforcement agencies, courts/tribunals and insurers:
(i) in order to enforce or apply our terms of website use or terms and conditions of sale and other agreements;
(ii) to protect the rights, property, or safety of, our Visitors, or others (this includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction; or
(iii) where we are required to do so to comply with our legal obligations, to exercise our legal rights (for example in court cases), for the prevention, detection, investigation of crime or prosecution of offenders; and for the protection of our employees and Visitors.
6. Where we store your personal data
7. How we protect your data
7.1. We are committed to keeping your personal data safe and secure.
1. Our security measures include:
(a) encryption of data;
(b) regular cyber security assessments of all service providers who may handle your personal data;
(c) regular scenario planning and crisis management exercises to ensure we are ready to respond to cyber security attacks and data security incidents;
(d) monthly penetration testing of systems; and
(e) security controls which protect our entire infrastructure from external attack and unauthorised access.
Where we have given you (or where you have chosen) a password which enables you to access certain parts of our Site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the Internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our Site; any transmission is at your own risk.
8. Duration of storage
8.1. We will not retain your data for longer than necessary for the purposes set out in this policy unless a longer retention period is required or permitted by law.
9. Links to other Websites
9.1. Our Site may contain links to third party websites, and some of our services provide you with access to third party services (such as social networks).
9.2. We have no control over how third-party websites and services process your personal information. We do not review third party websites and services, and we are not responsible for such third-party websites and services or their privacy practices. Please read the privacy statements of any third-party websites or services that you access from our websites or services.
10. Your rights
10.1. The rights that you have in your personal data are due to be expanded significantly after a new law, the GDPR, comes into force on 25 May 2018.
10.2. We are committed to handling your personal data in the right way and we welcome the new rights introduced; your enhanced rights as from 25 May 2018 are set out below:
10.2.1. You may opt out of any marketing communications that we send you, even after initially consenting.
10.2.2. Your information will be treated securely and strictly in accordance with the Data Protection Act 1998 (and the GDPR, when it comes into force).
10.2.3. You have the right to access information held about you. Any access request may be subject to a fee specified by law (currently of £10.00). After 25 May 2018, we will not charge a standard administrative fee of £10.00 but please note we may still be able to recover costs from you where your request is vexatious or very repetitive in nature.
10.2.4. You have the right to ask us (at no cost) to update and correct any personal information which is out of date or incorrect.
10.2.5. You have the right to ask us to erase your personal data or restrict our processing of the data if you wish.
10.2.6. Where you have consented to our processing your data in a certain manner, you have the right to withdraw that consent at any time.
10.2.7. You have the right to make a complaint directly with the Information Commissioner’s Office (“ICO”). In order to report a concern, you should follow the directions given on www.ico.org.uk which contains details about available methods of complaint.
10.2.8. You have the right to receive from us a copy of the personal data in a commonly used, machine readable format and the right to store it for further personal use on a private device.
You have the right to transmit the personal data to another entity where this is technically possible.
You can help ensure that your contact information and communication preferences are accurate, complete, and up to date by contacting us via the Contact Us page available here.
If you want to learn more about the rights you have in respect of your personal data, you should visit the ICO’s website at www.ico.gov.uk.