The Walking Football Association Ltd (the WFA) Privacy Notice
(Last Modified: 25th May 2018 PN 1.0)
About this Privacy Notice
(Compliant with GDPR)
The WFA is committed to protecting your personal data when you are using our services. Personal data is any information relating to an identifiable living person who can be directly or indirectly identified, in particular by reference to an identifier such as a name, postal, email and ISP addresses and cookies.
This privacy notice relates to our use of any personal data that we collect from you.
We will comply with data protection law which requires that personal data we hold about you is:
- Used lawfully, fairly and in a transparent way;
- Collected only for valid purposes that we have clearly explained to you and not used in any way incompatible with those purposes;
- Relevant to the purposes we have told you about and limited only to those purposes;
- Accurate and kept up to date;
- Kept only as long as necessary for the purposes we have told you about; and
- Kept securely.
This privacy notice will, therefore, inform you as to who we are, what personal data we collect, the purposes for which we use it, for how long we retain it and how we keep it secure, your rights in relation to your personal data and how you can contact us to discuss, query or obtain details of the personal data we hold about you.
1 Who we are
The WFA is registered in England and Wales with company number 10479575, and has its registered office at Kemp House,160 City Road, London. EC1V 2NX
How to Contact Us
We operate from one location and can be contacted directly about your personal data on the details below:
The Data Protection Manager
2 Whose personal data we process
We collect and process personal data about our:
- TOURNAMENT ENTRIES
- E-NEWSLETTER SUBSCRIBERS
3 Why we process your personal data
We collect and process personal data:
- with your consent; and/or
- to perform the contract we have entered with you (or discharge other contractual obligations); and/or
- to comply with our legal obligations; and/or
- to pursue our legitimate interests (and your rights do not override our interests).
4 Personal data sources
We can collect personal data from any number of sources including:
Information you provide by visiting our website, filling in forms online requesting our products and/or services, contacting us, contracting with us and responding to surveys.
Third party providers such as debt recovery agencies.
5 How we will inform you about our privacy notice
You can request a free hard copy of this privacy notice by contacting us using the details set out above.
Where we obtain your personal data indirectly, for example from a business contact or website, we will inform you where you can access this privacy notice within one month of obtaining that data.
We will not use your personal data for any purposes other than those set out below without first informing you.
Changes made to this privacy notice will be updated on our website and clearly signposted on our key documents.
6 The purposes for which your personal data is collected and processed
We collect personal data with the overall aim of providing a better service to all of our customers and industry partners.
We will not collect sensitive personal data from you. For example, we will never ask for or process data relating to race, religion or ethnicity.
The personal data categories identified below are relevant and specific for the products and services that we offer or obtain. The listing also describes how and why we process them.
6.1 Name, address and contact details (including company details, contact names, telephone numbers and email addresses)
This data allows us:
- To carry out our obligations arising from any contracts entered into between you and us including delivery of product, invoicing and reporting; and
- To provide you with information on products and/or services you specifically request from us or which we believe may be of interest to you.
If you are an existing customer we will only contact you by email and/or SMS with information about products and/or services similar to those which we have previously supplied to you.
If you are a new customer, we will contact you by email only with your consent.
Most contact details will be provided by you at the point that you make an online enquiry or complete a form.
6.2 Employment and education details
This data allows us to carry out recruitment. We will dispose of all unsuccessful candidates` data securely unless we are asked to retain the CV on file.
6.3 Bank and payment details
This data may be provided to us at the start of or at any time during our business relationship with you. Such data can relate to the setting up of a direct debit, which we will process in accordance with the direct debit guarantee scheme.
We also take credit and debit card payments over the telephone and may ask you to confirm your bank details by email and over the telephone should we need to make any payments to you.
These processing activities allow us charge you for our products and services and make payments to you.
6.4 Telephone call recordings
No telephone calls are recorded for training, security and auditing purposes.
6.5 Electronic and hardcopy correspondence and other documentation
We may collect and process electronic and hardcopy correspondence and other documentation (such as emails, invoices, contracts, tenders and letters) as part of either a contractual obligation or a wider legitimate interest.
When you contact the WFA for any reason, we may keep a record of our communication to help us deal with any queries and/or to support our customer service delivery operation.
6.6 IP addresses and cookies
When you access our website and web portal we may collect data relating to your computer including its IP address. Such data is anonymous in its form and allows us to carry out statistical analysis of browsing behaviour.
The cookies provide us with anonymous information showing us the number of visitors to our website, the device used to access it and which web browser they are viewing it on.
This data allows for statistical analysis and helps us understand our customer behaviour better and optimise your online experience. Cookies, also, provide a convenience feature to save you time. For example if you personalise
a web page or navigate within a site, a cookie helps the site to recall your specific information on subsequent visits. This simplifies the process of delivering relevant content and eases site navigation.
You can set your browser not to accept cookies and the above websites tell you how to remove cookies from your browser. However, in a few cases some of our website features may not function as a result.
7 Who we will share your personal data with
We may share your personal data with:
- Regulatory authorities (such as Trading Standards), Government departments (such as HMRC) or the police in order to comply with any legal obligations or to assist in fraud prevention and detection;
- Credit agencies (for the purpose of credit risk management), and professional advisors to enforce or apply the terms of any contracts between us and you;
- Third party suppliers where we have subcontracted to them the performance of any or all of our obligations under our contract with you;
- The buyer and its professional advisors should we wish to sell any or all of our business and/or our assets in which case personal data we hold about our customers will potentially be one of the assets we sell; and
- Other third parties where we reasonably believe that such action is necessary to comply with a legal obligation, or to protect our rights and property, or act in urgent circumstances to protect the personal safety of our staff or agents, users of our products or services or members of the public.
8 Safeguarding your personal data
The WFA takes all reasonable steps to ensure that appropriate safeguards are in place to protect your personal data. We have policies in place dealing with information security (both physical and digital) and data breaches. We ensure that our staff are properly trained so that they can process your data securely and safely.
Safeguards are regularly reviewed by senior management as part of our wider data protection policy which sets out how we aim to preserve the confidentiality, integrity and availability of personal data we hold.
9 How long we retain your personal data
Your personal data will be retained by us for as long as there remains a valid lawful basis for retaining it. We will keep data retention under regular review.
Accounting information (such as invoices) will be retained for at least 6 years in line with current tax legislation. Contractual documentation will be held for at least 6 years.
10 Your rights as a data subject
To ensure fair and transparent processing it is important that we inform you of your rights with regards to how your personal data is processed. Where you wish to exercise a right, we have signposted the best contact details for you to get in touch with us. Naturally we will need to confirm your identity before your request can be processed.
10.1 Your right to be informed
This is our privacy notice which informs you of who we are, why we are processing your personal data, with whom we share your personal data and how we have collected it. These details are set out above.
Our privacy notice can be found on our website and is signposted on our web portals and other key business documentation (such as on contracts and invoices). Our staff are trained to provide this notice in hard copy, soft copy or orally on request.
If you would like to discuss this privacy notice or suggest ways which we could improve the content or its communication then please email email@example.com
10.2 Your right to access
As a data subject you have the right to access the personal data we hold about you and check that we are lawfully processing it.
In line with legal requirements we do not have a data protection officer due to the nature and volume of our processing activities. However, we have appointed a data protection manager who will act in an equivalent capacity.
Once we receive your request we will ask you to verify your identity and ask you to specify the data or processing activity that you require so that we can confirm your expectations and respond within one month.
We do have the right to refuse a DSAR should it be manifestly unfounded or excessive and we can apply a reasonable fee and/or extend the time to respond should the request be complex (in which case you would be informed within 1 month). We do have the right to charge a reasonable fee if you make numerous requests for the same information.
10.3 Your right to rectification
Where personal data is inaccurate or incomplete you have the right for it to be rectified on our systems. In such cases we will act promptly to put things right.
So that we can quickly resolve your query we may ask you to provide some supporting evidence to show that the data needs to be altered.
If you require your personal data to be rectified, you can email firstname.lastname@example.org.
10.4 Your right to erasure
This enables you to ask us to delete or remove personal data where there is no good reason for us to continue to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to withdraw consent (see below).
Sometimes, however, we may refuse a request to erase such data in order, for example, to comply with a legal obligation.
If you require your personal data to be erased, you can email email@example.com
10.5 Your right to restricted processing
This enables you to ask us to restrict the processing of your personal data. For example, if you do not want us to erase your data you may ask us to restrict our processing activities instead. A good example would be electronic invoicing.
10.6 Your right to data portability
To help strengthen your control over your data, you have the right, in certain circumstances, to receive personal data from us in a format which allows you to easily access it. For example, you may want your invoicing data in an Excel format.
We may ask you to specify what data you wish us to provide to you, or we may direct you to an existing service that we already provide where you can freely obtain the information. Where we can we will try and provide you the data in a common format which is transferable with other data controllers.
10.7 Your right to withdraw consent
In circumstances where you may have provided your consent to the processing of your personal data for a specific purpose, you have the right to withdraw your consent for that specific processing activity at any time.
To withdraw your consent, you can email firstname.lastname@example.org
Once we have received notification that you have withdrawn your consent, we will no longer process your data for the purpose or purposes you originally agreed to, unless we have another lawful basis for doing so such as a contractual or legal reason.
11 Reporting a concern to us or to the Information Commissioner’s Office
If you have a concern regarding how we handle your personal data, then we kindly request that you inform us about it first so that we can work with you in an effort to resolve it.
You can report a concern or raise a complaint with us initially by email email@example.com
We aim to acknowledge your complaint within two business days and provide a resolution within 28 days. If we are unable to meet this timescale we will write to notify you in advance.
If you are not satisfied with our proposed resolution to your complaint you can raise the matter directly with the Information Commissioner’s Office (ICO). The ICO will take steps to address your concern and provide guidance and support to us to so that we can put things right.
Details as to how to get in touch with the ICO or report a concern can be found on their webpage https://ico.org.uk/concerns/
12 Your right to lodge a complaint with a supervisory authority
If you consider that the processing of personal data infringes any of your rights set out in paragraph 11, you have the right to lodge a complaint with the relevant supervisory authority in the European State that you reside, or work or in the place of the alleged infringement; the relevant supervisory authority for the UK is the Information Commissioner`s Office.
The supervisory authority with which the complaint has been lodged shall inform you of its progress and the outcome of the complaint including the possibility of a judicial remedy.
13 Other Websites
14 Getting in touch with us
If you would like to discuss this privacy notice or suggest ways in which we could improve the content or its communication then please contact us by email firstname.lastname@example.org.