Privacy policy

In this Privacy Notice, references to “we”, “us”, or "our" refer to ST JOHNSTONE FOOTBALL CLUB LTD. 

For the purposes of the General Data Protection Regulation or “GDPR” (and all other laws relating to the use your Personal Data), we are the “data controller”, meaning that we are responsible for deciding how your Personal Data is used and more importantly, for keeping your Personal Data safe and only using it for legitimate reasons.

We are committed to protecting your privacy and will take all steps necessary to comply with our legal obligations when using your Personal Data. This Privacy Notice explains how we fulfil this commitment, so please read this document carefully. 


We will comply with our obligations under GDPR by:

   using personal data lawfully and transparently

   collecting personal data only for specified, express and legitimate purposes

   ensuring the data we collect is adequate, relevant, limited, accurate and kept up to date

   keeping data for no longer than is necessary

   processing data in accordance with the subject’s rights

   ensuring appropriate security


Who are we?

St Johnstone Football Club Ltd

McDiarmid Park

Crieff Road




What is personal data?

Personal data means any information relating to an identified or identifiable person (‘data subject’); an identifiable person is one who can be identified, directly or indirectly, by reference to an identifier such as:

a name
an identification number
location data
online identifier
What is sensitive data?

Under GDPR sensitive data uses the term ‘special categories of personal data’ meaning personal data that reveals:

racial or ethnic origin
political opinions
religious or philosophical beliefs
trade union membership
genetic data
biometric data
data concerning health
data concerning a person’s sex life or sexual orientation
What is data processing?

Data processing includes:


Which personal data do we collect?

Identity – first name, surname, 
Contact – email address and address
Financial – payment card details, billing address, purchase information

How do we collect this data?

You may give us your Identity, Contact, Financial, certain Profile Data by completing forms or by corresponding with us using contact details we provide on our online facilities. This includes, amongst other things, personal data you provide when you: complete a purchase; subscribe to our newsletter; provide us with feedback.


Which payment processors do we use?

We use Global Payments to process your payment transaction. 

Which communication processors do we use?

We use Mailchimp.

What legitimate interest do we have in holding and processing your personal data?

We use the information collected from you for purposes including the following:

   to verify your identity and detect and prevent fraud and security issues

   to answer your enquiries which may involve contacting you by post, e-mail or phone

   for internal administration and record keeping

   to provide you with products and services you request (such as tickets and merchandise)

   to administer competitions or promotions that you enter into

   to notify you of changes to this Privacy Notice, our terms and conditions or other changes to our services or products

   to send you certain types of direct marketing

   to give you the opportunity to provide us with feedback through reviews and surveys

Who do we share your personal data with?

We do not share your personal data with anyone.


How long do we hold your personal data for?

We will hold your personal data for as long as you continue to be a subscriber.

What are your rights under GDPR?

You have the following rights with respect to your personal data under GDPR:

   the right to data portability

   the right to have inaccurate personal data rectified, blocked, erased or destroyed

   the right to prevent processing for direct marketing

   the right of access to a copy of the information comprised in your personal data

   the right to be informed

   the right to object to processing that is likely to cause or is causing damage or distress

   the right to object to decisions being taken by automated means

   the right to be forgotten

   the right to withdraw consent

What is our Data Breach Policy?

A data breach is a breach of security leading to the accidental or unlawful destruction of, alteration of, unauthorised disclosure of, or access to personal data transmitted, stored or otherwise processed.

In the event of a security breach St Johnstone FC (data controller) will make a report to the Information Commissioner’s Office (ICO) without delay and at the latest, within 72 hours of becoming aware of it if it presents a risk to the rights and freedoms of the data subjects.


How do you opt out of marketing communications from us?  
To unsubscribe from SJFC newsletters or any other marketing emails, you simply need to click on the unsubscribe link at the bottom of the relevant communication you have received. Alternatively, please contact us (as detailed below) to opt-out of these communications.

How do you contact us?

You can contact us by email at or write to us at: 

Data Controller

St Johnstone FC Ltd

Crieff Road