Wycombe Wanderers Football Club
The General Data Protection Regulation (GDPR), requires Wycombe Wanderers Football Club to make public its’ approach to ensuring the privacy of individuals’ data. For the purpose of this Privacy Statement, the term “Club” is used to cover Wycombe Wanderers Football Club (WWFC), and WW Ladies Football Club (WWLFC).
The General Data Protection Regulation (GDPR) allows the use of Legitimate Interest Assessment (LIA) as a means of obtaining the consent of individuals whose data is held, in cases where the individual might reasonably expect such data to be held and where there is minimal impact on the individual’s privacy. The Club will use LIA as a means of consent wherever appropriate and will seek opt-in consent where the above conditions do not apply.
3) The Individual’s Rights Under GDPR
The Club, in complying with the principles of GDPR, will ensure that:
a) data, in respect of an individual, is held only when there is a lawful basis for doing so. A lawful basis will include, but may not be limited to a legal obligation, a contract or the protection of an individual’s vital interest.
b) every individual whose data is held by the Club is entitled to request, and the Club will provide, within one month of the request, a copy of the data held for that individual, with a clear explanation of the lawful basis for it being held. The Club will promptly rectify such data, if requested. Such requests should be made by email to firstname.lastname@example.org or in writing to the Club at Adams Park, Hillbottom Road, High Wycombe, Bucks, HP12 4HJ.
c) every individual has the right to request that his data be erased. The Club may refuse to erase data where there is a legal reason for it being held and, in other circumstances, will advise of any disadvantage that might accrue to the individual by the erasure, before acting on the request.
d) it will advise of the right to object should data be used for Direct Marketing and shall immediately cease the processing of data for such purposes.
e) it will not use automated decision making or profiling in the processing of data.
f) data may be held on a secure drive with access limited to specific data owners in order to ensure appropriate security, or, in the case of ticket data, is held by the Data Processor who has confirmed its commitment to GDPR compliance in its contract with the Club.
g) it keeps its Privacy Statement under regular review and updates its’ websites accordingly
4) Data Retention
The Club confirms that it will retain ticket related data for historical, statistical purposes only for as long as it considers such data to be of use. All other data will be retained for a maximum of 7 years