MILLSTONE FC (Club) ("we", "our", "us") take your privacy very seriously.
This Privacy Notice sets out how we use and look after the personal information we collect from you. We are the data controller, responsible for the processing of any personal data you give us. We take reasonable care to keep your information secure and to prevent any unauthorised access to or use of it.
What personal data we hold on you
Personal data means any information about an individual from which that individual can be identified.
We collect, use, store and transfer some personal data of our participants [and their parents or guardians], and other Club members.
You provide information about yourself when you register with the Club, and by filling in forms at an event or online, or by corresponding with us by phone, e-mail or otherwise.
The information you give us may include your name, date of birth, address, e-mail address, phone number, gender, and the contact details of a third party in the case of an emergency. We may also ask for relevant health information, which is classed as special category personal data, for the purposes of your health, wellbeing, and welfare and safeguarding. Where we hold this data, it will be with the explicit consent of the participant or, if applicable, the participant’s parent or guardian.
Where we need to collect personal data to fulfill Club responsibilities and you do not provide that data, we may not be able to honour or administer your membership.
Why we need your personal data
We will only use personal data for any purpose for which it has been specifically provided.
The reason we need participants’ and members’ personal data is to be able to run the football club and arrange matches; to administer memberships and provide the membership services you are signing up to when you register with the club. Our lawful basis for processing your personal data is that we have a contractual obligation to you as a participant or member to provide the services you are registering for.
We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
Who we share your personal data with
When you become a member of the Club, your information, if you are a coach or volunteer will be or if you are another participant may be (depending upon which league(s) your team plays in) entered onto the Whole Game System database, which is administered by the FA. We also pass your information to the County FA and to leagues to register participants and the team for matches, tournaments or other events, and for affiliation purposes.
We may share your personal data with selected third parties, suppliers and sub-contractors such as referees, coaches or match organisers. Third-party service providers will only process your personal data for specified purposes and in accordance with our instructions.
We may disclose your personal information to third parties to comply with a legal obligation; or to protect the rights, property, or safety of our participants, members or affiliates, or others.
The Club’s data processing may require your personal data to be transferred outside of the UK. Where the Club does transfer your personal data overseas it is with the sufficient appropriate safeguards in place to ensure the security of that personal data.
Protection of your personal data
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
How long we hold your personal data
Your rights regarding your personal data
As a data subject you may have the right at any time to request access to, rectification or erasure of your personal data; to restrict or object to certain kinds of processing of your personal data, including direct marketing; to the portability of your personal data and to complain to the UK’s data protection supervisory authority, the Information Commissioner’s Office about the processing of your personal data.
As a data subject, you are not obliged to share your personal data with the Club. If you choose not to share your personal data with us we may not be able to register or administer your membership.
We may update this Privacy Notice from time to time and will inform you of any changes in how we handle your personal data.
If you have any questions about this Privacy Notice, then please contact The Club Chair Hayley Smedley or Secretary Hannah Watson.
Data Protection Policy
About this Policy
1.1. This Policy is to help clubs, County Football Associations and football leagues deal with data protection matters internally. This should be kept with other clubs/ County Football Association/football league policies and a copy should be given (or made available) to all staff members, volunteers and others who come into contact with personal data during the course of their involvement with the club / County Football Association/football league.
1.2. Millstone FC (Club), (“we”, “our”, “us”) handle personal data about current, former, and on occasion prospective players and their parents or guardians, employees, volunteers, committee members, other club members, referees, coaches, managers, contractors, third parties, suppliers, and any other individuals that we communicate with.
1.3. In your official capacity with the club, you may process personal data on our behalf and we will process personal data about you. We recognise the need to treat all personal data in an appropriate and lawful manner, in accordance with the EU General Data Protection Regulation 2016/679 (GDPR).
1.4. Correct and lawful treatment of this data will maintain confidence in the club and protect the rights of players and any other individuals associated with the club. This Policy sets out our data protection responsibilities and highlights the obligations of the club, which means the obligations of our employees, committee, volunteers, members, and any other contractor or legal or natural individual or organisation acting for or on behalf of the club.
1.5. You are obliged to comply with this policy when processing personal data on behalf of the club, and this policy will help you to understand how to handle personal data.
1.6. The club committee/board will be responsible for ensuring compliance with this Policy. Any questions about this Policy or data protection concerns should be referred to the committee.
1.7. We process employee, volunteer, member, referee, coach, manager, contractor, committee, supplier and third-party personal data for administrative and club management purposes. Our purpose for holding this personal data is to be able to contact relevant individuals on club business or administer the terms of your employment, and our legal basis for processing your personal data in this way is the contractual relationship we have with you. We will keep this data for 12 months after the end of your official relationship with the club, unless required otherwise by law and / or regulatory requirements. If you do not provide your personal data for this purpose, you will not be able to carry out your role or the obligations of your contract with the club.
1.8. All the key definitions under GDPR can be found here.
2. What we need from you
2.1. To assist with our compliance with GDPR we will need you to comply with the terms of this policy. We have set out the key guidance in this section but please do read the full policy carefully.
2.2. Please help us to comply with the data protection principles (set out briefly in section 3 of this policy and in further detail below):
2.2.1. Please ensure that you only process data in accordance with our transparent processing as set out in our Privacy notice;
2.2.2. Please only process personal data for the purposes for which we have collected it (i.e. if you want to do something different with it then please speak to Hayley Smedley first);
2.2.3. Please do not ask for further information about players and / or members and / or staff and / or volunteers without first checking with club secretary Hannah Watson;
2.2.4. If you are asked to correct an individual’s personal data, please make sure that you can identify that individual and, where you have been able to identify them, make the relevant updates on our records and systems;
2.2.5. Please comply with our retention periods listed in our Privacy Notice and make sure that if you still have information which falls outside of those dates, that you delete/destroy it securely;
2.2.6. Please treat all personal data as confidential. If it is stored in electronic format, then please consider whether the documents themselves should be password protected or whether your personal computer is password protected and whether you can limit the number of people who have access to the information. Please also consider the security levels of any cloud storage provider (and see below). If it is stored in hard copy format, then please make sure it is locked away safely and is not kept in a car overnight or disposed of in a public place;
2.2.7. If you are looking at using a new electronic system for the storage of information, please talk to Hayley Smedley first so that we can decide whether such a system is appropriately secure and complies with GDPR;
2.2.8. If you are planning on sharing personal data with anybody new or with a party outside the FA structure, then please speak to Hayley Smedley or Hannah Watson before doing so who will be able to check that the correct contractual provisions are in place and that we have a lawful basis to share the information;
2.2.9. If you receive a subject access request (or you think somebody is making a subject access request for access to the information we hold on them) then please tell Hayley Smedley or Hannah Watson as soon as possible because we have strict timelines in which to comply;
2.2.10. If you think there has been a data breach (for example you have lost personal data or a personal device which contains personal data or you have been informed that a coach has done so, or you have sent an email and open copied all contacts in) then please speak to Hayley Smedley or Hannah Watson who will be able to help you to respond.
If you have any questions at any time, then please just ask Hayley Smedley or Hannah Watson. We are here to help.
3. Data protection principles
3.1. Anyone processing personal data must comply with the enforceable principles of data protection. Personal data must be:
3.1.1. Processed lawfully, fairly and in a transparent manner;
3.1.2. Collected for only specified, explicit and legitimate purposes;
3.1.3. Adequate, relevant and limited to what is necessary for the purpose(s) for which it is processed;
3.1.4. Accurate and, where necessary, kept up to date;
3.1.5. Kept in a form which permits identification of individuals for no longer than is necessary for the purpose(s) for which it is processed;
3.1.6. Processed in a manner that ensures its security by appropriate technical and organisational measures to protect against unauthorised or unlawful processing and against accidental loss, destruction or damage;
3.2. We are responsible for and must be able to demonstrate compliance with the data protection principles listed above.
4. Fair and lawful processing
4.1. This Policy aims to ensure that our data processing is done fairly and without adversely affecting the rights of the individual.
4.2 . Lawful processing means data must be processed on one of the legal bases set out in the GDPR. When special category personal data is being processed, additional conditions must be met.
5. Processing for limited purposes
5.1. The club collects and processes personal data. This is data we receive directly from an individual and data we may receive from other sources.
5.2. We will only process personal data for the purposes of the club as instructed by the committee, the County FA or the FA, or as specifically permitted by the GDPR. We will let individuals know what those purposes are when we first collect the data or as soon as possible thereafter.
6.1. One of the lawful bases on which we may be processing data is the individual’s consent.
6.2. An individual consent to us processing their personal data if they clearly indicate specific and informed agreement, either by a statement or positive action.
6.3. Individuals must be easily able to withdraw their consent at any time and withdrawal must be promptly honoured. Consents should be refreshed every season.
6.4. Explicit consent is usually required for automated decision-making and for cross-border data transfers, and for processing special category personal data. Where children are involved then the consent must be in writing from parent/guardian.
6.5. Where consent is our legal basis for processing, we will need to keep records of when and how this consent was captured.
6.6. Our Privacy Notice sets out the lawful bases on which we process data of our players and members.
7. Notifying individuals
7.1. Where we collect personal data directly from individuals, we will inform them about:
7.1.1. The purpose(s) for which we intend to process that personal data;
7.1.2. The legal basis on which we are processing that personal data;
7.1.3. Where that legal basis is a legitimate interest, what that legitimate interest is;
7.1.4. Where that legal basis is statutory or contractual, any possible consequences of failing to provide that personal data;
7.1.5. The types of third parties, if any, with which we will share that personal data, including any international data transfers;
7.1.6. Their rights as data subjects, and how they can limit our use of their personal data;
7.1.7. The period for which data will be stored and how that period is determined;
7.1.8. Any automated decision-making processing of that data and whether the data may be used for any further processing, and what that further processing is.
7.2. If we receive personal data about an individual from other sources, we will provide the above information as soon as possible and let them know the source we received their personal data from;
7.3. We will also inform those whose personal data we process that we, the club, are the data controller in regard to that data, and which individual(s) in the club is responsible for data protection.
8. Adequate, relevant and non-excessive processing
8.1. We will only collect personal data that is required for the specific purpose notified to the individual.
8.2. You may only process personal data if required to do so in your official capacity with the club. You cannot process personal data for any reason unrelated to your duties.
8.3. The club must ensure that when personal data is no longer needed for specified purposes, it is deleted or anonymised.
9. Accurate data
We will ensure that the personal data we hold is accurate and kept up to date. We will check the accuracy of any personal data at the point of collection and at the start of each season. We will take all reasonable steps to destroy or amend inaccurate or out-of-date data.
10. Timely processing
We will not keep personal data longer than is necessary for the purpose(s) for which they were collected. We will take all reasonable steps to destroy or delete data which is no longer required, as per our Privacy Notice.
11. Processing in line with data subjects’ rights
11.1. As data subjects, all individuals have the right to:
11.1.1. Be informed of what personal data is being processed;
11.1.2. Request access to any data held about them by a data controller;
11.1.3. Object to processing of their data for direct marketing purposes (including profiling);
11.1.4. Ask to have inaccurate or incomplete data rectified;
11.1.5. Be forgotten (deletion or removal of personal data);
11.1.6. Restrict processing;
11.1.7. Data portability; and
11.1.8. Not be subject to a decision which is based on automated processing.
11.2. The club is aware that not all individuals’ rights are absolute, and any requests regarding the above should be immediately reported to the committee, and if applicable escalated to the County FA for guidance.
12. Data security
12.1. We will take appropriate security measures against unlawful or unauthorised processing of personal data, and against the accidental loss of, or damage to, personal data.
12.2. We have proportionate procedures and technology to maintain the security of all personal data.
12.3. Personal data will only be transferred to another party to process on our behalf (a data processor) where we have a GDPR-compliant written contract in place with that data processor.
12.4. We will maintain data security by protecting the confidentiality, integrity and availability of the personal data.
12.5. Our security procedures include:
12.5.1. Entry controls. Any stranger seen in entry-controlled areas should be reported.
12.5.2. Secure desks, cabinets and cupboards. Desks and cupboards should be locked if they hold personal data.
12.5.3. Methods of disposal. Paper documents should be shredded. Digital storage devices should be physically destroyed.
12.5.4. Equipment. Screens and monitors must not show personal data to passers-by and should be locked when unattended. Excel spreadsheets will be password protected.
12.5.5. Personal Devices. Anyone accessing or processing the club’s personal data on their own device, must have and operate a password only access or similar lock function, and should have appropriate anti-virus protection. These devices must have the club’s personal data removed prior to being replaced by a new device or prior to such individual ceasing to work with or support the club.
13. Disclosure and sharing of personal information
13.1. We share personal data with the County FA and the FA, and with applicable leagues using Whole Game System.
13.2. We may share personal data with third parties or suppliers for the services they provide and instruct them to process our personal data on our behalf as data processors. Where we share data with third parties, we will ensure we have a compliant written contract in place incorporating the minimum data processer terms as set out in the GDPR, which may be in the form of a supplier’s terms of service.
13.3. We may share personal data we hold if we are under a duty to disclose or share an individual’s personal data in order to comply with any legal obligation, or in order to enforce or apply any contract with the individual or other agreements; or to protect our rights, property, or safety of our employees, players, other individuals associated with the club or others.
14. Transferring personal data to a country outside the EEA
We may transfer any personal data we hold to a country outside the European Economic Area (EEA), provided that one of the appropriate safeguards applies.
15. Reporting a personal data breach
15.1. In the case of a breach of personal data, we may need to notify the applicable regulatory body and the individual.
15.2. If you know or suspect that a personal data breach has occurred, inform a member of the committee immediately, who may need to escalate to the County FA as appropriate. You should preserve all evidence relating to a potential personal data breach.
16. Dealing with subject access requests
16.1. Individuals may make a formal request for information we hold about them. Anyone who receives such a request should forward it to the board/committee immediately, and where necessary escalated to the County FA for guidance. Nobody should feel bullied or pressured into disclosing personal information.
16.2. When receiving telephone enquiries, we will only disclose personal data if we have checked the caller's identity to make sure they are entitled to it.
17.1. The club must implement appropriate technical and organisational measures to look after personal data, and is responsible for, and must be able to demonstrate compliance with the data protection principles.
17.2. The club must have adequate resources and controls in place to ensure and to document GDPR compliance, such as:
17.2.1. Providing fair processing notice to individuals at all points of data capture;
17.2.2. Training committee and volunteers on the GDPR, and this Data Protection Policy; and
17.2.3. Reviewing the privacy measures implemented by the club.
18. Changes to this policy
We reserve the right to change this policy at any time. Where appropriate, we will notify you by email.
Terms and Conditions
Welcome to the official Club website for Millstone FC.
If You purchase services, products or digital content through this Site, separate terms and conditions will apply to such transaction(s) and You must read those terms and conditions carefully.
1. The Site
1.2. We reserve the right to withdraw or amend the service(s) provided on the Site without notice. We do not guarantee the Site will be available without interruption and will not be liable if for any reason the Site is unavailable at any time or for any period. We aim, but are not obliged, to update the Site regularly, and may change the content at any time. If the need arises, we may suspend access to the Site, or close it indefinitely. See sections 7 and 9 below for further information. This is however subject to the terms and conditions for any paid-for services or digital content delivered through the Site and does not affect your rights in relation to the same.
1.3. You are responsible for using Your own virus protection and security software when using the Site and lawfully installing any necessary software on and otherwise configuring Your computer or other personal devices so as to access, view content on and interact with the Site. We will not be liable for any loss or damage caused by a distributed denial-of-service attack, viruses or other technologically harmful material that may infect your computer equipment, computer programs, data or other proprietary material due to Your use of the Site or to Your downloading of any material posted on it, or on any website linked to it.
2.2. We may ask Users to confirm their age before accessing certain parts of the Site and/or certain services on it, and children or young people may be required to verify through their parent or guardian.
2.3. Some of the facilities or functions accessible through the Site (including betting facilities advertised or accessed through it) are not intended to be accessible by, or actively advertised to, minors.
2.4. Parents or legal guardians should supervise minors when online and we recommend parental control tools be put in place. Any minor using the Site and services offered is confirming that they have received the consent of their parent or a guardian to do so.
3. Links to the Site
3.1. You may link to the Site's pages where reasonably relevant and provided You do so in a way that is fair and legal and does not damage or take advantage of our reputation, but You must not establish a link in such a way as to suggest any form of association, approval or endorsement on the part of the Club where none exists, nor in any unlawful manner. This permission is for a basic link only and, for the avoidance of doubt does not extend to display of any other content or material or Ours or our licensors.
4. Links from the Site
This Site contains links to other websites and resources provided by third parties. The Club controls its official ticketing, merchandise and hospitality sales website to which the Site links, and __________________ control the __________________.
Other than that, we have no control over the content of websites linked to from the Site and accept no responsibility for them nor for any loss or damage that may arise from Your use of them. We recommend you read any terms and conditions and privacy policies relating to all other websites and any services or products sold on them.
5. Acceptable Use Policy
5.1. You must not misuse the Site by knowingly introducing viruses, trojans, worms, logic bombs or other material which is malicious or technologically harmful. Nor may You attempt to gain unauthorised access to the Site, the server on which the Site is stored, or any server, computer or database connected to the Site, or attack the Site via a denial-of-service attack or a distributed denial-of-service attack. By breaching this provision, you may commit a criminal offense under the Computer Misuse Act 1990.
5.2. If You contribute materials to the Site (“Contributions”) through any facility We may, in our discretion, make available for that purpose from time to time, You must:
5.2.1. Own the content (or have permission to post it from the owner) of the Contribution;
5.2.2. Ensure matters expressed as facts are accurate, and opinions genuinely held; and
5.2.3. Ensure your Contribution complies with applicable law of the UK and any other country from which you make it.
5.3. Contributions must not:
5.3.1. Be offensive, hateful, defamatory of any person, threatening, obscene, inflammatory, sexually explicit, violent, cause distress, discriminatory on grounds of race, sex, religion, nationality, disability, sexual orientation, or age;
5.3.2. Infringe the intellectual property, confidentiality, privacy or other rights of any other person or organisation;
5.3.3. Contain viruses, trojans, worms, logic bombs or other material which is malicious or technologically harmful;
5.3.4. Be contributed or sent for commercial gain (including ‘spam’);
5.3.5. Otherwise, be illegal or promote illegal activity.
5.4. We do not monitor Contributions but reserve the right to do so from time to time including (amongst other things) editing, refusing to post, removing or responding to Contributions in Our absolute discretion. No failure by Us to do so however constitutes any acceptance or endorsement of that Contribution.
5.5. We accept no liability in respect of any Contributions submitted by Users and published on the Site. No Contribution shall be deemed to express any of Our opinions.
6. Restricted Areas
6.1. Users may be able to subscribe and/or register to receive additional restricted access to certain areas of the Site or to receive information from Us (“Restricted Areas”). Access to Restricted Areas may be subject to you accepting further terms and conditions which will be brought to your attention when you register or subscribe.
6.2. Subject to applicable law and any additional terms and conditions relating to the Restricted Area, we are not obliged to accept Your request for registration or subscription to Restricted Areas and reserve the right to suspend or terminate access at any time. Unless we expressly state otherwise, any acceptance of Your registration or subscription will be for You as a single user only. You must not share Your password, other access details or any content from the Restricted Areas with any other person or User nor with multiple users on a network.
7.1. ALTHOUGH WE USE REASONABLE ENDEAVORS TO ENSURE THAT INFORMATION AND MATERIAL CONTAINED ON THE SITE IS CORRECT, WE DO NOT MAKE ANY REPRESENTATION OR WARRANTY THAT USE OF THE SITE WILL BE UNINTERRUPTED, OR INFORMATION AND/OR MATERIAL CONTAINED ON OR ACCESSIBLE VIA THIS SITE IS ACCURATE, COMPLETE OR CURRENT OR THAT USE OF THIS SITE IS FREE OF RISK, VIRUSES OR OTHER DAMAGE.
7.2. TO THE EXTENT PERMITTED BY LAW, WE EXCLUDE ANY LIABILITY, LOSS AND DAMAGE INCURRED BY ANY USER OF THE SITE IN CONNECTION WITH THE USE, INABILITY TO USE, OR RESULTS OF USE OF THE SITE, ANY WEBSITE LINKED TO IT OR ANY MATERIALS POSTED ON IT, INCLUDING, WITHOUT LIMITATION ANY DIRECT, INDIRECT OR CONSEQUENTIAL LOSS, DAMAGE AND LIABILITY.
7.3. THE SITE IS PRIMARILY INTENDED FOR PRIVATE DOMESTIC USE ONLY AND THEREFORE, WITHOUT LIMITING THE ABOVE, WE WILL NOT BE LIABLE FOR BUSINESS LOSSES INCLUDING LOSS OF INCOME OR REVENUE, PROFITS, BUSINESS, ANTICIPATED SAVINGS, OR LOSS OR CORRUPTION OF DATA AND ANY OTHER LOSS OR DAMAGE OF ANY KIND, HOWSOEVER ARISING AND WHETHER CAUSED BY TORT (INCLUDING NEGLIGENCE), BREACH OF CONTRACT OR OTHERWISE, EVEN IF FORESEEABLE.
8. Intellectual Property Rights
8.1. Except as set out at section 8.6 below, all intellectual property rights in the Site and the materials and content published on it including, without limitation, the design, text, photographs, images, illustrations, graphics, data, trademarks, logos, audio and/or video content, written and other materials, the selection and arrangement thereof and software but excluding Contributions (“Site Material”) are owned by Us and/or Our respective licensors and commercial partners and are protected by copyright, design right, database right, trademark rights and other intellectual property rights. All such rights are reserved.
8.2. Permission is granted to You to view the Site Materials on a single personal computer or other device and to print a single hard copy of such Site Materials solely for personal, non-commercial use. Access to some Site Materials may be subject to payment and acceptance of further terms and conditions by You (see section 6 above). Any other use of materials on this Site, including (amongst others) download, reproduction, modification, transmission, distribution, extraction, commercial exploitation or republication, without the prior written permission to the Club (email), is strictly prohibited and You agree not to, nor assist any person to, carry out such acts.
8.4. In relation to any Contribution you make, you grant Us a permanent, free of charge, worldwide right to display it on the Site to other Users and otherwise use and permit others to use that Contribution including (amongst other things) to adapt, broadcast, copy, disclose, sub-license, publish, sell and/or transmit the Contribution for all commercial and non-commercial purposes.
8.5. Photography: The sports archive photographs on the Site are owned by Us or supplied and used under licence from the Club Officially Photographer. Some photos also supplied by Officially and licence sources only.
8.6. Fixtures: No copyright (or related rights) are asserted with the match fixture list(s) on this Site (‘Fixtures’) inside the EU. Outside the EU, copyright (and/or related rights) protect the Fixtures in certain territories, in which territories all rights are reserved.
9. Termination or Suspension
9.1. We may at any time terminate or suspend Your use of all or part of the Site and/or access to Restricted Areas if:
9.1.2. We are unable to verify or authenticate any information You have provided to Us, where we reasonably need to do so;
9.1.3. We decide to no-longer make the Site or Restricted Area (or part of it) available to Users. If access to Restricted Areas has been paid for, this is subject to any additional terms and conditions and/or applicable refund policy;
9.1.4. We are required to do so by law; or
9.1.5. We need to undertake updating, repair or maintenance to the Site or technology relating to it. See the terms and conditions of any paid for Restricted Area.
10. Information about You
12. Applicable Law