Your privacy is extremely important to we.data and we are fully committed to providing you with clear and transparent information about how we use your personal information. We value the trust you give us when sharing your personal information.
We will ensure that robust organisational and technical measures are in place to keep your information secure and will only use it for the purposes outlined in this policy.
Who We Are
Here are the details that the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regards to the processing of personal data and on the free movement of such data, known as General Data Protection Regulation (GDPR) says we are obliged to give you as the data controller:
- Our company name is we.data Ltd
- Our website address is www.wedata.co.uk
- Our registered address is Vevey 109 North Deeside Road Aberdeen AB15 9DS
- Our Data Protection Officer is Yvonne Milton and she can be contacted at email@example.com.
- We are registered as a Data Controller with the Information Commissioners Office (registration number – ZA313952)
What we may collect and how we collect it
When you register with we.data or when you renew your membership we need to collect information about you. Some of this information is essential for us to provide your membership but it is your choice whether you provide all the information we have requested.
Not providing information may affect our ability to provide all the benefits of membership to you.
The information we collect will vary depending on the role(s) you perform but may include the following:
- Information you put into forms or surveys on our site at any time which includes name, date of birth, gender, contact details, confirmation of the roles you undertake, name of club to which you wish to be attached, medical and emergency contact information, PVG certification if required, equality profile
- Participation and performance data input by club and match officials on our other applications including we.ref
- Accident or incident reports from club and match officials
- A record of any correspondence from you or relating to you
- Details of any qualifications, training or achievements that you tell us about
- Details of transactions you carry out through our site (we do not store any card or payment details)
- Details of your visits to our site and the resources you use
- Information about your computer (e.g. your IP address, browser, operating system, etc.) for system administration and to report aggregate information to our advertisers. Click for more information on the cookies we use on our website
How we use what we collect
We are joint controllers of your data, along with the relevant club(s) and football association(s). We will share certain items of your data with them where appropriate and they may share some of your data with us. We will jointly share the responsibility for ensuring the accuracy and security of your data.
We will share some information with Press Associations and other media outlets.
We may also use information about you to:
- Provide information, products and services that you request.
- Carry out our contracts with you.
- Present our site content effectively to you.
- Allow you to use our interactive services if you want to.
- Tell you about other goods and services that might interest you, including from our affiliated and partner organisations *.
If you don’t want to be contacted for marketing purposes, please tick the relevant box at time of registration, amend your settings at anytime in your account or click unsubscribe on any of the emails you receive.
Why we collect and use your personal data
Under GDPR we will ensure that your personal data is processed lawfully, fairly, and transparently, without adversely affecting your rights.
We will process your personal data with the following lawful basis –
- For contractual purposes –
When you register as a member of we.data Ltd we need to use your personal information to provide the services to which you have subscribed. We will set up your we.data account and use your email address as a login and send you electronic confirmation of your membership number. We will use your information to provide you with our membership services and information - any communications will be relevant, timely and not excessive.
- For Legitimate Interests (of we.data and our partner organisations) –
The aim of we.data is to create a unique global sports data management system. The system can be used to promote wellbeing, equality, and best practice in addition to creating individual user profiles which will allow you to record participation and performance throughout your time and various roles in the game.
The system will streamline current processes for club and match officials and also offers the benefits of live up to the minute participation data and clear development pathways for players, coaches and referees.
We will also collect data that the GDPR classes as Special Category sensitive personal information. This information is noted below with an additional lawful processing condition for us to request this data, in order to comply with GDPR Article 9.
Your medical information and emergency contact details – we will seek your explicit consent for processing this information and it would always be input by you.
Your equality profile – this will be confidential and only used for anonymous statistical purposes – we will seek your explicit consent for processing this information and it would always be input by you.
Your PVG certification (if required) – we will seek your explicit consent for processing this information and it may be input by you or by the relevant club.
Where we store your data
We use a secure web hosting and storage service. Our current data centres are based in the UK, are GDPR compliant and work to extremely high standards of Information Security.
By giving us your personal data, you agree to this arrangement. We will do what we reasonably can to keep your data secure.
We may share your personal information with our group of companies and associates, which may involve transferring your data out-with the European Economic Area (EEA).
We are subject to the provisions of the General Data Protection Regulations that protect your personal data and where we transfer your data to third parties outside of the EEA we will ensure that certain safeguards are in place to ensure a similar degree of security for your personal data. As such:
- We may transfer your data to countries that the European Commission have approved as providing an adequate level of protection for personal data, OR
- If we use US based providers that are part of the EU/US Privacy Shield, we may transfer data to them as they have equivalent safeguards in place, OR
- Where we use certain service providers who are established outside of the EEA, we may use specific contracts or codes of conduct or certification mechanisms approved by the European Commission which give personal data the same protection it has in Europe.
If none of the above safeguards are available we will request your explicit consent prior to any transfer of data. You will have the right to withdraw this consent at any time.
Disclosing your information
We are allowed to disclose your information in the following cases:
- If we want to sell our business, or our company, we can disclose it to the potential buyer.
- We can disclose it to other businesses in our group.
- We can disclose it if we have a legal obligation to do so, or in order to protect other people’s property, safety or rights.
- We can exchange information with others to protect against fraud or credit risks.
- We may contract with third parties to supply services to you on our behalf. These may include payment processing, search engine facilities, advertising and marketing. In some cases, the third parties may require access to some or all of your data. Please click here to see a list of the third parties that have access to some or all of your information. We do not allow third party service providers to use your personal information for their own purposes and only permit them to process your data for specified purposes and in accordance with our instructions.
Where any of your data is required for such a purpose, we will take all reasonable steps to ensure that your data will be handled safely, securely, and in accordance with your rights, our obligations, and the obligations of the third party under GDPR and the law.
Under the GDPR, you have various rights in respect of the data we hold about you – these are set out in more detail below. If you wish to exercise any of these rights, or for more information about your rights please contact our Data Protection Officer – firstname.lastname@example.org
You have the right to request access to any data which we hold about you. This is called a subject access request. You can log into your account at any time to view the information held there and you can also request a copy of any other personal information we hold. You can do this by completing this SAR Form or by writing to us at the address above. If we do hold data about you, we will respond within one month** to:
- Describe the information held and tell you why we are holding it
- Tell you who it could be shared with, and
- Provide you with a copy of the requested information in an easy to understand format
- You have the right to request rectification for inaccurate or missing data. If we do hold any information about you, you can ask us to correct any inaccurate or incomplete information by contacting us in writing. We will either make the requested amendments or provide an explanation as to why we are not making changes. You can also login to your account and amend or delete certain items of data that has changed or is no longer accurate.
- You have the right to request erasure of any and all data – You can contact us requesting erasure of your data at any time. This request must be in writing. We will either agree to make the request or provide an explanation as to why we are unable to erase your data.
- You have the right to restrict processing of your data – You can request that we retain but do not process your personal information. These requests should be made in writing.
- You have the right to object to processing of your data – You can object to our processing of your data if you felt that our legitimate interests impeded your rights and freedoms. This does not apply to the data provided for fulfilment of a contract between us.
- You have the right to object to any automated decision making or profiling – you have the right to request human intervention in any decisions made which have a legal or similarly significant impact on you.
We will retain your personal data only as necessary to provide the services to which you have subscribed. At your request, or if you do not renew your membership within two years, we will delete any information that we do not have a legitimate reason to retain.
We need to retain sufficient information about you in the event of an insurance claim in the future so that we can identify you and confirm that you held membership for the relevant period. We may need to retain other information, for example PVG Scheme Membership records for a longer period to comply with legal or statutory requirements.
As the reason for retaining certain types of information varies, the retention periods can vary significantly. Please contact us directly if you require further information on specific retention periods.
We may also choose to anonymise some of your data for research or statistical purposes. Any data that is anonymised and can no longer be associated with you is no longer your personally identifiable information - in which case we may use this information indefinitely without further notice to you.
Security of your personal information
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Please be aware that the transmission of information via the internet is not always completely secure. Although we will do our best to protect your personal data, we cannot guarantee the complete security of your data transmitted to us electronically; any transmission is at your own risk.
Links to other sites
Please note that our terms and conditions and our policies will not apply to other websites that you get to via a link from our site. We have no control over how your data is collected, stored or used by other websites and we advise you to check the privacy policies of any such websites before providing any data to them.
If you are unhappy about any aspect of our Data Protection Policies & Procedures or our handling of your personal data please contact us in the first instance. If your issue remains unresolved you have the right to make a complaint to the relevant supervisory authority. In the UK our supervisory authority is the Information Commissioners Office.Information Commissioners Office Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF Tel. 0303 123 1113 www.ico.org.uk