WEMBLEY STADIUM PRIVACY POLICY
OVERVIEW
This policy will inform you about how Wembley National Stadium Limited (“Wembley”, “we” or “us”), will make use of your personal data when you interact with us.
It applies to you if you have interacted with Wembley Stadium through www.wembleystadium.com, or visited Wembley Stadium, contacted us to purchase tickets or membership, and/or signed up to receive updates from us about our upcoming events, offers and memberships.
WHAT INFORMATION DO YOU PROVIDE TO US?
The terms “personal data” or “personal information” are used to describe any information about an individual from which that person can be identified.
We may collect, use, store and transfer different kinds of personal data about you in order to communicate with you, or to provide you with services or information. We may also collect data about you as part of your role in football. Depending on the nature your relationship with us, this may include:
|
CATEGORY OF DATA |
TYPE OF DATA |
|
Identity Data |
such as your first and last name, date of birth and gender; |
|
Contact Data |
such as your home address, email address and telephone number(s); |
|
Profile Data |
such as your FAN number and password; |
|
Financial Data |
such as your bank account, payment card details and billing address (via SmartPay); |
|
Marketing Data |
such as your marketing preferences, emails you have received, opened and interacted with; |
|
Ticketing Data |
such as your purchase history and record of attendance; |
|
Membership Data |
such as your membership status, attendance and record; |
|
CCTV Data |
such as image and audio captured at Wembley Stadium; and |
|
Technical Data |
such as your internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and information about how you use our website, products and services. |
In the event that you choose to provide us with unsolicited personal data, this personal data will be handled with the same care as any other personal data we process and in accordance with data protection legislation as laid out in this notice.
We may also receive data about you from third parties, such as our group companies (such as the Football Association Limited), law enforcement bodies, regulatory bodies, other football stakeholders, other event venues and/or ticket sellers (such as Ticketmaster).
We will also collect personal information about website usage through cookies in accordance with our Cookie Policy.
HOW DO WE USE YOUR PERSONAL DATA?
The tables below set out how we might use your personal data and our lawful basis for doing so:
|
Use |
Lawful Bases |
|
To administer tickets you purchase and manage our relationship with you, including processing payments and providing support. |
Legitimate interest (to manage our relationship with you and administer tickets you have purchased).
Performance of your ticket purchase contract. |
|
To administer your membership account(s) and manage our relationship with you, including processing payments, providing support with respect to your membership and communicate with you about your membership package. |
Legitimate interest (to manage and administer your membership).
Performance of your membership contract. |
|
To monitor and ensure the security of Wembley Stadium. |
Legitimate interest (ensure the security of Wembley Stadium and your safety at our events, and the prevention and detection of crime). |
|
To take any steps necessary to protect our products, facilities or services we offer. |
Legitimate interest (protect and improve the running of Wembley Stadium and ensure compliance with our contracts/terms and conditions). |
|
To facilitate and manage your attendance at Wembley Stadium. |
Legitimate interest (conduct our business and stage our events). |
|
To process feedback and improve our services. |
Legitimate interest (to develop and improve our services). |
|
To manage and improve the web system and troubleshoot problems. |
Legitimate interest (protect and improve the running of our IT services and network security). |
|
To send you marketing communications. |
Consent. |
|
For the purpose which we explain at the time, on other occasions where we ask for consent. |
Consent. |
|
In response to requests by legal advisers, government or law enforcement authorities conducting an investigation. |
Legitimate interest (prevention and detection of crime).
Legal obligation. |
HOW DO WE SHARE YOUR INFORMATION?
We might have to share your personal data with the parties set out below for some of the purposes outlined in the section above:
· Our group companies: your data may be shared with our group companies, such as the Football Association Limited.
· Service Providers: your data may be shared with third party service providers, who will process it on behalf of the controllers for the purposes identified above, for example, providers of payment processing services, security providers, IT providers, contractors or suppliers and legal advisors.
· Law enforcement or other government and regulatory agencies: your data may be shared where required by law or on the request of the police or another relevant authority in circumstances where we consider it necessary to share the information (e.g. to assist a criminal investigation or where you or someone else is at risk of harm).
We may also receive requests from third parties requesting the disclosure of personal data. We will only fulfil such requests where we are permitted to do so in accordance with applicable law or regulation.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We only permit them to process your personal data for specified purposes and in accordance with our instructions.
WHAT ABOUT INTERNATIONAL DATA TRANSFERS?
Occasionally we may transfer personal data outside the UK where necessary to provide you with a service or to fulfil one of our functions. Whenever we do this, we will ensure that the transfer is compliant with UK data protection laws and that your personal data is treated securely and transferred via a legally approved mechanism.
HOW WILL WE PROTECT INFORMATION ABOUT YOU?
We take the protection of your privacy extremely seriously and do our utmost to ensure that our security systems are able to protect your personal data. Data protection laws require us to ensure that we have effective security procedures in place regarding the storage and disclosure of personal data to guard against unauthorised loss or access.
Your data is protected by industry-standard security and procedures to protect it from unauthorised misuse and loss. We have an established set of protocols to respond to suspected personal data breaches and will notify you and the Information Commissioner’s Office (or any other applicable regulator) of a breach where we are legally required to do so.
HOW LONG DO WE RETAIN YOUR DATA FOR?
We will only retain your personal data for as long as it is necessary for the purpose we collected it for, or where we’re required to keep it for any legal, accounting or reporting requirements. Different retention periods apply for different types of personal data. For further details on this, please contact dataprotection@thefa.com.
Where your data is held on FA systems, then at the end of the retention periods set out above, we will not irrevocably delete your information for another 3 months – your data will be held in an inactive form for this time to ensure that any consequential links across our systems remain intact in the event that your data is removed in a particular location.
WHAT RIGHTS DO YOU HAVE IN RELATION TO YOUR PERSONAL DATA?
Under certain circumstances, you may have the following rights in relation to your personal data:
|
Right |
What does this mean? |
|
1 |
A right to access the personal data we hold about you (known as a "data subject access request"). |
|
2 |
A right to request that we rectify any inaccurate personal data we hold about you.This right is qualified and we will need to verify the accuracy of any new data you provide. |
|
3 |
A right to request that we erase personal data we hold about you where we no longer need to process it. This right will only apply where, for example, we no longer need the personal data we collected; or where we collected data based on your consent and you withdraw that consent. |
|
4 |
A right to restrict processing of personal data we hold about you. This right allows you to limit the way that we use your data and is an alternative to requesting the erasure of your data. |
|
5 |
A right to receive personal data you have provided to us, in a structured, commonly used and machine readable format. You can also require us to transfer this personal data to another organisation. |
|
6 |
A right to object to our processing of personal data we hold , which applies when we use your data for marketing, or where we are relying on a legitimate interest (or those of a third party), and you object as you feel it impacts on your rights and freedoms. In some cases, we may demonstrate that we have legitimate grounds to continue processing your data which override your rights and freedoms. |
|
7 |
A right to withdraw your consent, where we are relying on it to use your personal data. We will advise you if withdrawal of consent means that we are unable to provide certain services to you. |
|
8 |
A right to ask us not to make automated decisions about you. |
HOW CAN YOU CONTACT US?
If you wish to make a request, you can do so via our online form, which can be found here. If you have any questions or queries about how we process your data, you can get in touch at dataprotection@thefa.com or by writing to: Data Protection Officer, Wembley Stadium, PO Box 1966, London, SW1P 9EQ.
You also have the right to lodge a complaint with the UK Information Commissioner's Office and details can be found here. The ICO recommend that you should first discuss any concerns with the organisation before going to them, so please do contact us in the first instance to see if we can help to put things right.