Boston United Community Foundation may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes. This policy is effective from May 2018.
1.0 Who we are
Boston United Football Club Community Foundation (Registered Charity 1174561), is a community sports coaching organisation delivering safe and affordable activities to both children and adults in the Lincolnshire area.
We deliver a diverse range of sports, activities and initiatives throughout Lincolnshire, focusing on delivering quality and innovative programmes across a variety of themes:
- Sports Participation
- Football Development
- Health & Physical Activity
- Education & Training
- Schools and Premier League Primary Stars
- Inclusive Sports
- United Cheer Team
2.0 Our commitment to user privacy and data protection
We will tell our contacts exactly how we will use and store their data, not use it for any purpose other than the ones we have consent for and take all reasonable steps to ensure their data is stored and transferred securely.
Boston United Football Club Community Foundation is committed to respecting the personal data you supply us with. The details we store enable us to personalise the service we provide and, with your consent, to keep you updated with details of courses, holiday clubs/fun days and services that may be of interest to you.
With your consent, we may contact you by post, telephone or email and share this information with pre-agreed third parties to provide information to you about other services and products that we think might be of interest to you. If we want to use the data in any way other than for the purpose you have consented to (e.g. sharing with a new third party) we will need to ask for your consent each time.
You have the right to opt out of receiving promotions from us and/or our chosen third parties at any time. This can be done by emailing us at email@example.com.
If you think any information we hold about you is incorrect you should notify us at firstname.lastname@example.org. Any information which is wrong will be corrected within a month.
BUFCCF strives to protect the security of information which you have provided and will use all appropriate security measures to safeguard such data (see 4.0 and 5.0 for more detail).
3.0 Relevant Legislation
We process all personal data, including that collected via this website in accordance with EU General Data Protection Regulation 2018 (GDPR), which governs data protection and user privacy standards throughout the European Union.
GDPR outlines how organisations must collect, handle and store personal information. To comply with the law, personal information must be collected and used fairly, stored safely and not disclosed to any unauthorised parties unlawfully. We must also ensure that your information is protected against accidental loss.
Users who entrust their personal data to companies like Boston United Football Club Community Foundation have the following rights under GDPR:
- The right to be forgotten (you can request for your data to be deleted)
- The right to see all the data we hold on you (by submitting a Subject Access Request)
- The right to data portability (if you ask to see all your data, we’ll give it to you in a commonly used format, like a pdf)
- The right to correct inaccurate information we hold on you
- The right to opt-out of marketing communications as easily as you opted in
- The right to restrict or object to processing (although we may still need to hold on to your data, for example to fulfil a contract)
- The right to complain (this would be to a supervisory authority responsible for data protection).
Given the stringent nature of this regulation, our processing will also be compliant with other international data protection and user privacy legislation. If you are unsure whether our processing meets your country’s data protection and user privacy legislation, please contact our data protection officer (contact details can be found in section 10.0) for clarification.
4.0 Personal information that this website collects and why we collect it
4.1 Site visitation tracking
Cookies are either set by the website you are visiting, in which case they are referred to as ‘first-party cookies’ or are ‘third-party cookies’ set by other websites and services that run content on the page you are viewing.
To make full use of the features on the Boston United Football Club Community Foundation site, your computer or mobile device will need to accept cookies.
We may process this data to analyse how customers use our website. The legal basis of this processing is the cookie consent visitors give when visiting the website.
Some people dislike the idea of a website accessing and storing their data – and if that’s the case, you can accept or decline cookies by modifying the settings in your browser at any time. The ‘help’ function within your browser should tell you how, as will the ‘enabling/disabling cookies’ page on this site. However, you may not be able to use all the interactive features of our site if the cookies are disabled.
As with most websites, we use Google Analytics to measure how visitors move through and engage with the website. We use this data to improve our services, for example by measuring which pages people visit before making a purchase and ensuring those pages are optimised to make relevant information easy to find. To opt out of google analytics please click here: https://tools.google.com/dlpage/gaoptout
Google Analytics records information such as your location, and the device, browser and operating system you are using to view the website (“usage data”). None of this information can be used to identify you. Google Analytics records – but does not grant us access – to your computer’s IP address. For this reason, we treat Google as a third-party data processor (see section 7.0 for more information).
We use this data to improve our services, for example by measuring which pages people visit before making a purchase and ensuring those pages are optimised to make relevant information easy to find. The legal basis for this processing is the implied cookie consent you give us when you visit our website.
Disabling cookies on your internet browser will stop Google Analytics from tracking any aspect of your journey through our website.
4.2 Course application forms
Data provided via the course application forms is securely held and stored solely by us – see Section 5.1 for more information on this.
Your data is securely inputted to Upshot, a performance management software solution that is secure and is password protected. We then access these details via Upshot, logging into their secure servers, where your details are only accessed by authorised admin personnel at Boston United Football Club Community Foundation.
For online bookings we use Booking Bug, a password protected online booking system. When you book on to a course via the Booking Bug system, we collect data to enable you to make an online booking. This information is stored in a secure, password protected system that is only accessible by designated members of staff at BUFCCF. We never store any of your payment details.
4.3 Email newsletter
If you opt-in to receive our email newsletters, your email address will be securely stored on our secure, password protected MailChimp account, which we use for their email marketing services as a third-party data processor (see section 7.0). Your mail address will not be stored anywhere on the website. We contact our customers with newsletters and periodic additional communications around specific promotions.
We will keep your email address on both databases (Upshot and Mailchimp) until either you specifically request removal from the list, which can be done by following an Unsubscribe link included in all our communications or requesting removal by email. Please note that you will need to email us using the email account you want to have removed from our records.
We may need to keep your contact information on file on Upshot for non-marketing purposes (e.g. if your child attends one of our clubs / sports sessions – we need to keep your information in case we have to contact you for information purposes, such as cancellation due to adverse weather, in case of an emergency and so on). In these scenarios, we will retain the bare minimum of information (i.e. your email address), to ensure we do not contact you again once you have opted out or been removed from our email lists.
You must obtain parental consent before subscribing to our email newsletter if you are under 13 years old.
4.4 Parental Data (once you are a BUFCCF customer)
What information we store on your profile:
When you sign your child up for a BUFCCF course, we collect the following information from you: name, address, date of birth, ethnicity, contact telephone number, email address, emergency phone numbers, the child’s school, GP surgery and address, medical conditions, photography consent. In some cases, we will require payment details (e.g. when paying through Booking Bug) however this information will never be stored.
How we will use it:
We collect parent’s name, email address, phone number and home address. If required, we will also request financial information for billing purposes – but these are never stored by BUFCCF. We require an email and contact number, so we are able to send you information relating to your booking if required (e.g. if your child needs to bring a certain item of clothing, or if there has been a change of timing or location).
If you opt-in to receiving emails, we send a community newsletter, as well as occasional marketing emails filled with content we think you’ll be interested in.
Our justification for holding this data
We have a contractual need to keep information relating to billing, and we have informed consent from you to send you marketing information. We may also need to get in touch with you in the event of an emergency relating to your child.
With whom we may share your data
We will only share your information with those parties who may need to see this, for example members of staff to process your child’s membership. Some of our technical support processors may also see sight of your information, and you can read more in Section 5 about where your data is stored in relation to servers, and web-based marketing systems we use to deliver emails.
We occasionally have to share data with partners such as the Football Association. We’ll always tell you before sharing your data with a new third-party or anonymise the data, so it can’t be linked to you or your child.
How long we’ll keep your data
We reserve the right to delete customer’s marketing data from our system if you no longer fulfil our sales criteria – i.e. if you have not made a purchase from us for the past two years, have not opened the last 11 of our emails, or if the children you are booking courses for are now older than the age range we deliver to.
In these scenarios, we will retain the bare minimum of information (i.e. your email address) on a Suppressed list held within Upshot, to ensure we do not contact you again once you have been removed from our email lists.
Customers will be emailed every 12 months to check their communication preferences are up to date. This will be handled via Mailchimp. Information about where a contact has come from, what their email preferences are and when this information was given will all be stored via MailChimp.
If parents want to withdraw consent for marketing, they can update their communication preferences by emailing email@example.com.
4.5 Children’s Data
What information we will hold on your child
When you sign your child up for a BUFCCF course, we collect the following information from you about your child: name, date of birth, gender, name of school, ethnicity, GP name / surgery and address, and medical information. We will also store information on photography and video consent. During BUFCCF courses, we will also need to record attendance using a register. This information is stored on our password protected and secure Booking Bug and Upshot accounts.
How we will use it
We collect this data to help BUFCCF programmes for monitoring and reporting purposes, and to allow us to proper prepare and deliver our sports sessions.
This means we can see how many children are / have participated, in which regions, and what the overall impact on their attainment and health has been. We also need to know about any medical conditions / history, so we can proper prepare our staff and coaches for any medical emergencies that may/can arise.
We have a safety need to record your child’s attendance in our courses by taking registers and keeping a record of their medical information in case of an emergency during a BUFCCF session.
Our justification for holding this data
We ask for your consent when you sign your child up to a BUFCCF course to hold their name, date of birth, gender, name of school, ethnicity, GP name / surgery and address, and any medical conditions. We require this information, so we can create a register for the sport session / event, and so we can be properly prepared.
Keeping a record of their attendance and medical information is known as a ‘vital interest’ justification, as we need to know this to safeguard your child and is also required to comply with our legal obligations.
Who we share your data with
See Section 5 for information about where your data is stored in relation to servers, and web-based marketing systems we use to deliver emails.
We have to share data with partners such as The Football Association and relevant leagues and competitions in order for the participant to engage in that activity. We’ll always tell you before sharing your child’s data with a new third-party, or anonymise the data so it can’t be linked to your child.
How long we’ll keep your data
We will retain data during the life of the relationship with the customer and then for three years thereafter. Data referring to your child will be stripped back to non-data subject level (i.e. anonymised so it can’t be linked back to you or your child) for the purpose of impact reporting.
5.0 How we store your personal information
5.1 Where your data is stored
If you create an account through our online booking system, Booking Bug, your information is stored within our password protected online server with Booking Bug (Booking Bug are ISO 27001 certified, and all of their staff are fully trained to be compliant with their own stringent data security protocols and their policy is rigidly adhered to with the help of their Information Security department.) BUFCCF staff are trained on how to use Booking Bug safely and securely.
If you complete a paper course application form, this information will be stored on Upshot, which is password protected and can only be accessed by BUFCCF staff.
If you opt in to marketing communications, your data will be transferred to Mailchimp, a third-party data processor. There, the data is stored on computer servers in a controlled, secure environment, protected from unauthorized access, use or disclosure.
We reserve the right to delete your data from our system if you no longer fulfil our sales / promotion criteria. In these scenarios, we will retain the bare minimum of information (i.e. your email address) on a Suppressed list, to ensure we do not contact you again once you have been removed from our email lists.
6.0 About this website’s server (inc. security info)
Our server, which is managed externally, is hosted in the UK with a company called United Agency (www.unitedagency.co.uk). The server Operating System is kept up to date via automatic security patches and all software used is still supported (including PHP).
All our sites use HTTPS encryption to protect any sensitive data in transit from the server to the browser.
7.0 Our third-party data processors
We use several third-party organisations to process personal data on our behalf. These organisations have been selected in part due to their commitment to data security. All are GDPR-compliant as outlined in Section 2.
- Booking Bug
- Mail Chimp
8.0 Data Breaches
In the event of an unlawful data breach of this website or any of our data held on third-party data processors, we will inform the Information Commissioner’s Officer within 72 hours of the breach, if the fundamental rights and freedoms of those individuals whose data has been compromised is at risk. We will inform the people whose data has been compromised of the breach if the data compromised could have a significant negative impact on the individuals concerned (e.g. if it affects their financial or medical data).
9.0 Data Controller
The data controller of this website is Boston United Football Club Community Foundation, Charity number 1174561
Registered address & operating office:
Boston United Football Club, The Jakemans Stadium, York Street, Boston, PE21 6JN
10.0 Data Protection Officer
Our Data Protection Officer’s contact information is: Mike Hardy / Nick Reeson
11.0 The Information Commissioners Office (ICO)
If you need to contact the ICO to report any issues with the way we have handled your personal data, you contact them through the following channels:
Call the helpline: 0303 123 1113
Visit their website: https://ico.org.uk/
Start a live chat with them: https://ico.org.uk/global/contact-us/live-chat/
We will continue to review and update this policy in line with the latest industry guidance. Any changes will be recorded in this section.