In this Privacy Notice, references to “we”, “us”, or "our" refer to ST JOHNSTONE FOOTBALL CLUB LTD.
For the purposes of the General Data Protection Regulation or “GDPR” (and all other laws relating to the use your Personal Data), we are the “data controller”, meaning that we are responsible for deciding how your Personal Data is used and more importantly, for keeping your Personal Data safe and only using it for legitimate reasons.
We are committed to protecting your privacy and will take all steps necessary to comply with our legal obligations when using your Personal Data. This Privacy Notice explains how we fulfil this commitment, so please read this document carefully.
We will comply with our obligations under GDPR by:
using personal data lawfully and transparently
collecting personal data only for specified, express and legitimate purposes
ensuring the data we collect is adequate, relevant, limited, accurate and kept up to date
keeping data for no longer than is necessary
processing data in accordance with the subject’s rights
ensuring appropriate security
Who are we?
St Johnstone Football Club Ltd
What is personal data?
Personal data means any information relating to an identified or identifiable person (‘data subject’); an identifiable person is one who can be identified, directly or indirectly, by reference to an identifier such as:
an identification number
What is sensitive data?
Under GDPR sensitive data uses the term ‘special categories of personal data’ meaning personal data that reveals:
racial or ethnic origin
religious or philosophical beliefs
trade union membership
data concerning health
data concerning a person’s sex life or sexual orientation
What is data processing?
Data processing includes:
Which personal data do we collect?
Identity – first name, surname,
Contact – email address and address
Financial – payment card details, billing address, purchase information
How do we collect this data?
You may give us your Identity, Contact, Financial, certain Profile Data by completing forms or by corresponding with us using contact details we provide on our online facilities. This includes, amongst other things, personal data you provide when you: complete a purchase; subscribe to our newsletter; provide us with feedback.
Which payment processors do we use?
We use Global Payments to process your payment transaction.
Which communication processors do we use?
We use Mailchimp.
What legitimate interest do we have in holding and processing your personal data?
We use the information collected from you for purposes including the following:
to verify your identity and detect and prevent fraud and security issues
to answer your enquiries which may involve contacting you by post, e-mail or phone
for internal administration and record keeping
to provide you with products and services you request (such as tickets and merchandise)
to administer competitions or promotions that you enter into
to notify you of changes to this Privacy Notice, our terms and conditions or other changes to our services or products
to send you certain types of direct marketing
to give you the opportunity to provide us with feedback through reviews and surveys
Who do we share your personal data with?
We do not share your personal data with anyone.
How long do we hold your personal data for?
We will hold your personal data for as long as you continue to be a subscriber.
What are your rights under GDPR?
You have the following rights with respect to your personal data under GDPR:
the right to data portability
the right to have inaccurate personal data rectified, blocked, erased or destroyed
the right to prevent processing for direct marketing
the right of access to a copy of the information comprised in your personal data
the right to be informed
the right to object to processing that is likely to cause or is causing damage or distress
the right to object to decisions being taken by automated means
the right to be forgotten
the right to withdraw consent
What is our Data Breach Policy?
A data breach is a breach of security leading to the accidental or unlawful destruction of, alteration of, unauthorised disclosure of, or access to personal data transmitted, stored or otherwise processed.
In the event of a security breach St Johnstone FC (data controller) will make a report to the Information Commissioner’s Office (ICO) without delay and at the latest, within 72 hours of becoming aware of it if it presents a risk to the rights and freedoms of the data subjects.
How do you opt out of marketing communications from us?
To unsubscribe from SJFC newsletters or any other marketing emails, you simply need to click on the unsubscribe link at the bottom of the relevant communication you have received. Alternatively, please contact us (as detailed below) to opt-out of these communications.
How do you contact us?
You can contact us by email at firstname.lastname@example.org or write to us at:
St Johnstone FC Ltd