The Football Foundation (UK registered charity number 1079309) and the Football Stadia Improvement Fund (registered company number 4007132) (together the “Foundation”, “we”, “us”) are committed to ensuring our site is absolutely secure for you to use and takes great care to protect your information.
This privacy statement (“Statement”) explains what personal information we collect about you, how we may use it, and the steps we take to ensure that it is kept secure. We also explain your rights and how to contact us.
This Statement contains important information about your personal rights to privacy. Please read it carefully to understand how we use your personal information.
The provision of your personal information to us is voluntary. However, without providing us with your personal information, your use of our services will be impaired. For example, you will be unable to apply for a grant.
1. Grant Awards
If you apply for any of our grants, you submit personal information through an online application form providing details of your proposal and contact details of individuals relating to the grant. As part of the grant agreement, those who are awarded grants are required to provide progress reports and participate in surveys and meetings to ensure the aims and objectives of the grant are being met. With our larger grants, the Foundation, and any person authorised by the Foundation, may make unannounced visits for the purposes of monitoring the project, the facilities and the grant agreement. This is because there is a greater accountability requirement for the financial management of larger grants.
Any personal information that is provided during the application process, or at any time during the term of the grant to enable the Foundation to carry out its monitoring and evaluation, is used only for the purpose of reviewing the progress of the grant or project, and the ongoing administration and management of any grants that are awarded.
2. We collect personal information about you:
When you give it to us directly
For example, personal information that you submit through our website by applying for a grant, signing up for our email newsletter or personal information that you give us when you communicate with us by email, phone or letter.
When we obtain it indirectly
For example, your personal information may be shared with us by third parties including our funding partners (such as The FA and the Premier League) or search engine. To the extent we have not done so already, we will notify you when we receive personal information about you from them and tell you how and why we intend to use that personal information.
When it is available publicly
Your external information may be available to us from external publicly available sources, for example information about you published online in relation to a facility your organisation develops with a Foundation grant which we may need to consult ahead of a site visit.
When you visit our website
When you visit our website, we automatically collect the following types of personal information:
Technical information, including the internet protocol (IP) address used to connect your device to the internet, browser type and version, time zone setting, browser plug-in types and versions and operating systems and platforms.
Information about your visit to our website, including the uniform resource locator (URL) clickstream to, through and from the website (including date and time), services you viewed or searched for, page response times, download errors, length of visits to certain pages, referral sources, page interaction information (such as scrolling or clicks) and methods used to browse away from the page.
We also collect and use your personal information by using cookies on our website – please see our Cookie Notice.
3. What personal information do we use?
We may collect, store and otherwise use the following kinds of personal information:
- your name and contact details, including postal address, telephone number and email address;
- your or your organisation’s financial information and other payroll information, such as account holder name, sort code, account number, tax code and NI for the payment of grants and staff salaries paid as part of grants;
- your date of birth and gender;
- details of your qualifications/experience;
- your social media identity;
- your position within an organisation, and details about what you do there;
- information about your computer/mobile device and your visits to, and use of, our website, including, for example, your IP address and geographical location;
- information about our services which you use/which we consider may be of interest to you; and/or
- any other personal information which you choose to share with us as per section 2 of this Statement.
Do we process special categories of your personal information?
The EU General Data Protection Regulation (“GDPR”) recognises certain categories of personal information as sensitive and therefore requiring more protection, for example information about your health, ethnicity and political opinions.
In certain situations, the Foundation may collect and/or use these special categories of information (for example, health information about users of facilities you may develop with our funding). We will only collect and/or use these special categories of your personal information if there is a valid reason for us doing so and where the GDPR allows us to do so (for instance, because we have obtained explicit consent from the relevant individuals).
4. How and why will we use your personal information?
Your personal information, however we obtain it, will be used for the purposes specified in this Statement.
These purposes are:
- to confirm identification when you contact us
- to communicate with you about a grant application
- to provide you with the services or information you have requested
- to monitor and assess that the aims and objectives of grant agreements are met
- to invite you to participate in surveys relating to a grant
- to provide further information about our work, services or activities (where necessary, only where you have provided us with your consent to receive such information)
- to further our charitable aims in general
- to process your application for a job with us
- to run/administer our website, keep it safe and secure and ensure that content is presented in the most effective manner for you and for your device
- to update you on material changes to policies and practices
- to publish information about our projects on our website and via social media channels
- to analyse and improve our work, services or activities (including our website)
- to audit and/or administer our accounts
- to satisfy legal obligations which are binding on us, for example in relation to regulatory, government and/or law enforcement bodies with whom we may work (for example requirements relating to the payment of tax or anti-money laundering)
- for the prevention of crime, fraud and misuse of services
- for the establishment, defence and/or enforcement of legal claims
5. Lawful bases
The GDPR requires us to rely on one or more lawful bases to use your personal information. We consider the bases listed below to be relevant:
- Where you have provided your consent for us to use your personal information in a certain way (for example, we may ask for your consent to use your personal information to send you promotional material by email)
- Where necessary so that we can comply with a legal obligation to which we are subject (for example, where we are obliged to share your personal information with regulatory bodies which govern our work and services).
- Where necessary for the performance of a contract to which you are a party or to take steps at your request prior to entering a contract (for example, if you apply to work with us).
- Where there is a legitimate interest in us doing so.
The GDPR allows us to collect and process your personal information if it is reasonably necessary to achieve our or others’ legitimate interests (as long as that use is fair, balanced and does not unduly impact your rights).
In broad terms, our “legitimate interests” means the interests of running the Foundation as a charitable and commercial entity and pursuing our aims and ideals; for example providing funding for community sports projects which encourages participation in sport in under-privileged areas, or assisting with the running of Football Foundation Trading Limited, our incorporated trading arm.
When we process your personal information to achieve such legitimate interests, we consider and balance any potential impact on you, both positive and negative, and your rights under data protection laws. We will not use your personal information for activities where our interests are overridden by the impact on you, for example where use would be excessively intrusive (unless, for instance, we are otherwise required or permitted to by law).
6. Communications for marketing purposes
We may use your contact details to provide you with information about our work and/or services which we consider may be of interest to you. For example, we offer regular emails and newsletters to let you know about the work of the Foundation, or from time to time we may want to contact you about your project or facility to help with our promotional activity.
Where we contact you via email, SMS or telephone (where you are not registered with the Telephone Preference Service) for marketing purposes, we will not do so without your prior consent (unless allowed to do so via applicable law).
Where you have provided us with your consent previously but do not wish to be contacted by us about our projects and/or services in the future, please let us know by email at email@example.com. Or you can opt out of receiving emails by following the instructions at the bottom of our emails.
7. Children’s personal information
When we collect and use children’s personal information, where required we will not do so without their consent or, where required, the consent of a parent/guardian. We will always have in place appropriate safeguards to ensure that children’s personal information is handled with due care.
8. How long do we keep your personal information?
In general, unless still required in connection with the purpose(s) for which it was collected and/or used, (for example to enable the Foundation to carry out its own monitoring and evaluation of grants), we remove your personal information from our records six years after the date it was collected. However, if before that date (i) your personal information is no longer required in connection with such purpose(s), (ii) we are no longer lawfully entitled to use it or (iii) you validly exercise your right of erasure (please see section 12 below), we will remove it from our records at the relevant time.
If you request to receive no further contact from us, we will keep some basic information about you on our suppression list in order to comply with your request and avoid sending you unwanted materials in the future.
Our data retention policy and schedule, which sets out our grant retention periods, can be accessed at: https://www.footballfoundation.org.uk/assets/data-retention.pdf
In relation to job applications, if you are successful in your application, the information you provide during the application process will be retained by us as part of your employee file for the duration of your employment, plus 6 years following the end of your employment.
If you are unsuccessful at any stage of the process, the information you have provided until that point will be retained for 6 months from your being notified that your application has been unsuccessful.
9. Will we share your personal information?
We do not sell or rent your personal information to third parties for marketing purposes. However, in general, we may disclose your personal information to selected third parties in order to achieve the purposes set out in this Statement.
Those parties may include:
- suppliers and sub-contractors for the performance of any contract we enter into with them, for example IT service providers such as mailing houses or cloud storage providers;
- our funding partners in connection with grants that have been awarded;
- County FA’s who help support the implementation and performance of some of our grants;
- third parties to provide you with, for example, kit or equipment or training and coaching services, where these are included as part of a grant award;
- professional service providers such as accountants and lawyers;
- parties assisting us with research to monitor the impact/effectiveness of our services; and
- regulatory authorities (such as tax authorities).
In particular, we reserve the right to disclose your personal information to third parties:
- in the event that we sell or buy any business or assets, in which case we will disclose your personal information to the (prospective) seller or buyer of such business or assets;
- if substantially all of our assets are acquired by a third party, personal information held by us may be one of the transferred assets;
- if we are under any legal or regulatory duty to do so; and/or
- to protect the rights, property or safety of the Foundation, its personnel, users, visitors or others.
10. Security/storage of and access to your personal information
The Foundation is committed to keeping your personal information safe and secure and we have appropriate and proportionate security policies and organisational and technical measures in place to help protect your personal information.
Your personal information is only accessible by appropriately trained staff, volunteers and contractors, and stored on secure servers which have features to prevent unauthorised access.
11. International transfers of your personal information
Given that we are a UK-based organisation and our grants are provided to UK organisations, we will normally only transfer your personal information within the UK or European Economic Area (“EEA”), where all countries have the same level of data protection law as under the GDPR.
However, because we use some third parties to process personal information on our behalf, it is possible that personal information we collect from you will be transferred to and stored in a location outside the UK or EEA.
Please not that some countries outside the UK or EEA have a lower standard of protection for personal information, including lower security requirements and fewer rights for individuals. Where your personal information is transferred, stored and/or otherwise processed outside the UK or EEA in a country that does not offer an equivalent standard of protection to the UK or EEA, we will take all reasonable steps necessary to ensure that the recipient implements appropriate safeguards (such as by entering into standard contractual clauses approved by the European Commission) designed to protect your personal information and to ensure that your personal information is treated securely and in accordance with this Statement. If you have any questions about the transfer of your personal information, please contact us using the details in section 15 below.
Unfortunately, no transmission of your personal information on the internet can be guaranteed to be 100% secure – however, once we have received your personal information, we will use strict procedures and security features to try and prevent unauthorised access.
12. What are your rights and how can you exercise them?
Where we rely on your consent to use your personal information, you have the right to withdraw that consent at any time. This includes the right to ask us to stop using your personal information for marketing or fundraising purposes or to unsubscribe from our email list at any time. You also have the following rights:
Right of access – you can write to us to ask for confirmation of what personal information we hold on you and to request a copy of that personal information. Provided we are satisfied that you are entitled to see the personal information requested and we have successfully confirmed your identity, we will provide you with your personal information subject to any exemptions that apply.
Right of erasure – at your request we will delete your personal information from our records as far as we are required to do so.
Right of rectification – if you believe our records of your personal information are inaccurate, you have the right to ask for those records to be updated. You can also ask us to check the personal information we hold about you if you are unsure whether it is accurate/up to date.
Right to restrict processing – you have the right to ask for processing of your personal information to be restricted if there is disagreement about its accuracy or legitimate usage.
Right to object – you have the right to object to processing where we are (i) processing your personal information on the basis of the legitimate interests basis (see paragraph 4), (ii) using your personal information for direct marketing or (iii) using your information for statistical purposes. If you object to direct marketing, we will retain certain limited personal information about you to ensure that we do not contain you again.
Right to data portability – to the extent required by the GDPR, where we are processing your personal information (that you have provided to us) either (i) by relying on your consent or (ii) because such processing is necessary for the performance of a contract to which you are a party or to take steps at your request prior to entering into a contact, and in either case we are processing using automated means (i.e. with no human involvement), you may ask us to provide the personal information to you – or another organisation – in a machine-readable format.
Rights related to automated decision-making – you have the right not to be subject to a decision based solely on automated processing of your personal information which produces legal effects or similarly significant affects you, unless such a decision (i) is necessary to enter into/perform a contract between you and us/another organisation; (ii) is authorised by EU or UK law (as long as that law offers you sufficient protection); or (iii) is based on your explicit consent.
Please note that some of these rights only apply in limited circumstances.
For more information, we suggest that you contact us using the details in section 15 below.
We encourage you to raise any concerns or complaints you have about our data processing by contacting us using the details provided in paragraph 15 below.
You are further entitled to make a complaint to the Information Commissioner’s Office – www.ico.org.uk. For further information on how to exercise this right, please contact us using the details in section 15 below.
13. Changes to this Statement
We may update this Statement from time to time. We will notify you of any significant changes by contacting you directly where reasonably possible for us to do so and by placing an update notice on our website. This Statement was last updated on 17 May 2018.
14. Links and third parties
We link our website directly to other sites. This Statement does not cover external websites and we are not responsible for the privacy practices or content of those sites. We encourage you to read the privacy policies of any external websites you visit via links on our website.
15. How to contact us
Please let us know if you have any questions or concerns about this Statement or about the way in which the Foundation uses your personal information by contacting us using the channels below. Please ask for/mark messages for the attention of Head of Business Services.
Telephone: 0345 345 4555
Post: Football Foundation, 10 Eastbourne Terrace, London, W2 6LG