This Privacy Policy describes the way in which Rotherham United Football Club (SCFC) deal with the information and data you provide to us to enable us to manage your relationship with SCFC.

We will process any personal information provided to us or otherwise held by us relating to you in the manner set out in this Privacy Policy. Information may be provided via the official club website of Rotherham United (the "Website"), telephone calls, business and ticketing partners, or any other means.

By accepting this Privacy Policy you agree that you understand and accept the use of your personal information as set out in this policy. If you do not agree with the terms of this Privacy Policy please do not use the Website or otherwise provide us with your personal information.


WHO ARE WE?

References in this Privacy Policy to “Rotherham United Football Club”, “SCFC”, “we”, “us” or “our” relate to the Rotherham United Football Club group of related companies which includes:

• Rotherham United Football Club Limited

• Rotherham United Community Trust 

All the group companies are registered at the following address: Rotherham United Football Club Ltd, The AESSEAL New York Stadium, New York Way, Rotherham, S60 1AH

We control the ways your Personal Data is collected and the purposes for which your Personal Data is used by SCFC, acting as the “data controller” for the purposes of applicable European data protection legislation.

SCFC acts as the Data Controller for the purposes of applicable European data protection legislation.  If you have any questions regarding your Personal Data, how it is processed or which specific company is the lead controller contact retail@rotherhamunited.net


CONTACTING US

If you have any concerns, or would like more detail about how we process your Personal Data, you can contact us using any of our normal customer service channels or the information on the Contact Us section of our website.

Contacting us through any of these routes ensures you will receive a quick and efficient response. We also have a Data Protection Officer (or DPO as it’s sometimes called) who can be reached at retail@rotherhamunited.net but your first point of contact should be the normal customer service channels.  


WHAT WE COLLECT

The information and data about you which we may collect, use and process includes the following:

• Information that you provide to us by filling in forms on the Website or any other information you submit to us via the Website or email (e.g. participating in offers, competitions or promotions)

• Information that you provide to us when requesting products and services including health and equality information needed to ensure we cater for your needs, comfort and safety

• Records of correspondence, whether via the Website, email, telephone or other means

• Your responses to surveys or customer research that we carry out

• Details of the transactions you carry out with us, whether via the Website, telephone or other means

• Details of your visits to the Website including, but not limited to, traffic data, location data, weblogs and other communication data

• Information passed to us by our business and ticketing partners


When you visit any of our websites we may collect the following types of information, this will be predominantly used to understand how our websites are used so that we can improve and (where appropriate) tailor visitors’ experiences on our sites to their particular interests.

• Your IP address, which is the unique identifier for your computer on the internet

• The browser you are using on the internet and any particular plug-ins you have for it

• Your operating system and its version

• How you arrived at our websites (e.g. an internet search or a link on another site)

• How you move through our websites including how many clicks you made to move around, how long you stayed on a page, and other general page interaction information

• What videos you watched and how long you watched them for

• Which pop-up messages, adverts or push messages you have seen or responded to

We also use Cookies; please refer to the How We Use Cookies section. 


TELEPHONE CALLS

Telephone calls to and from any of our contact numbers may be recorded for quality, training and security purposes along with the resolution of any queries arising from the service you receive. 


CCTV

For your safety and security, CCTV is in operation in and around all of our premises which are open to the public. This includes sports grounds, ticket offices and retail stores.


PARTICIPANT DATA

To enable us to provide some of the services we offer we collect, store and process personal data of the people participating in those services. These services include both the club lottery and all of our charity and community work.

The data collected for these reasons may include name, age, address, email address, telephone number, date of birth and some medical data. Certain elements of that data are considered to be Sensitive Personal Data / Special Category Data and where this is the case all requirements for Data Protection and Safeguarding compliance are followed including information security, data minimisation, data retention periods and the provision of all Data Subject rights.


CHILDRENS DATA

Some of the programs and services we offer require us to process the Personal Data of children and young adults. Where this is the case we treat all such information with care and ensure compliance with all legal and regulatory requirements.  In the case of both children and young adults we encourage them to obtain the consent of their parent or guardian before communicating their personal data to us. We also seek parent or guardian consent at all relevant points of processing the data of children or young adults.


HOW WE USE COOKIES

A cookie is a small file which asks permission to be placed on your computer's hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.

Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us. You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.


LINKS TO OTHER WEBSITES

Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.


WHAT DO WE DO WITH YOUR PERSONAL DATA?

We use your personal data to understand your needs and provide you with a better service, and in particular for the following reasons:

• Customising the website according to your interests through creating an individual profile for your interests and preferences.

• Providing products and services or information on those products and services which you have requested, purchased or expressed interest in

• Communicating with you regarding your account with us or the provision of any products or services which you have requested from us

• Improving our products and services, including tailoring them to your specific preferences and interests.

• Sending promotional emails about new products, special offers or other information which we think you may find interesting (where we are allowed to do so)

• Administering any offers, competitions or promotions which you have entered

• Conducting market research. 

• Protecting your safety and security when at any of our locations or activities we organise.

• Meeting our Safeguarding responsibilities for children and vulnerable adults.

• Preventing and detecting fraud, inappropriate behaviour or other criminal activities

• Internal record keeping.

• Complying with any legal. regulatory or contractual obligations that we have

In order to fulfil some contractual arrangements to provide products or services that you have requested or otherwise permitted, or to meet our legal obligations, we may have to use another company to process your data on our behalf.  These companies are considered Data Processors and are always strictly controlled by contracts with us to ensure your information is protected and only processed as we say it can be.  For more information see our Sharing Your Personal Data section below.


CONTROLLING YOUR PERSONAL DATA

Your Personal Data isn’t just protected by our quality, commitment and high standards; it’s also protected by law. The law states that we can only process your Personal Data when there is a genuine reason to do so and it must be one of the following:

• To fulfil any contract that we have with you

• We have a legal obligation

• Where you have consented to the processing

• When it is in our legitimate interest

• When it is in the public interest

• When it is in your vital interests

WHAT ARE LEGITIMATE INTERESTS?

When we have a business or commercial reason to process your Personal Data this is referred to as a legitimate interest. Your Personal Data is still protected and we must not process it in a way that would be unfair to you or your interests.  

If we do use legitimate interests as a reason to process your Personal Data we will provide you with a method to raise any questions or objections you may have. However, compelling grounds for processing such information may over-ride any objections you raise.


WHY WE PROCESS YOUR PERSONAL DATA

 What we do

 How it's justified

 Our legitimate interests

  • Manage customer relationships
  • Develop new products and services for our customers and to grow our business
  • Create, develop and send marketing
  • Learn from how our customers use our products and services
  • To provide support for our products and services
  • Your consent
  • Fulfilling contracts
  • Our legitimate interests
  • Legal obligations
  • Maintaining our records
  • Letting you know about relevant products and services
  • Developing or improving products and services and determining who may be interested in them
  • Obtaining your consent when needed
  • Being efficient about how we fulfil our legal duties and contractual duties
  • Develop and manage our brands
  • Develop and manage our products and services
  • To test new products, systems or services
  • To manage our relationship with and the performance of other companies that provide services to us and our customers
  • Fulfilling contracts
  • Our legitimate interests
  • Legal obligations
  • Developing or improving products and services and determining who may be interested in them
  • Being efficient about how we fulfil our legal and contractual duties
  • Conducting brand image and reputation protection activities to support and grow the business 
  • Deliver quality products and services to you
  • Create and manage customer accounts and profiles
  • Responding to any customer complaints
  • Prevent and detect improper use of our systems 
  • Fulfilling contracts
  • Our legitimate interests
  • Legal obligations
  • Being efficient about how we fulfil our legal and contractual duties
  • Complying with laws or regulations that apply to us
  • Prevention of crime
  • Detect, investigate, and report crime
  • Managing risk for us and our customers
  • Complying with any laws and regulations that apply to us
  • Look after your health and safety at any of our locations or events 
  • Safeguarding of children and vulnerable adults
  • Fulfilling contracts
  • Our legitimate interests
  • Legal obligations
  • Your vital interests
  • Developing and improving how we deal with crime and attempted crime
  • Protecting our customers and ourselves from the impacts of crime
  • Complying with laws or regulations that apply to us
  • Being efficient about how we fulfil our legal and contractual duties
  • Manage and run our business to efficiently and effectively provide quality products and services
  • Manage our finances
  • Ensure corporate governance and compliance to all legal and regulatory obligations. To run our business in an efficient and proper way
  • Fulfil our obligations as an accountable and responsible organisation 
  • Our legitimate interests
  • Legal obligations
  • Complying with laws or regulations that apply to us
  • Being efficient about how we fulfil our legal and contractual duties
  • Fulfil our obligations to provide adults, children, young adults and vulnerable individuals with a safe environment when taking part in our activities or events.
  • To provide appropriate care and medical attention should this be required
  • Legal obligations
  • Your vital interests
  • Your consent
 
  • To exercise our rights set out in agreements or contracts
  • Fulfilling contracts
 

If you choose not to provide your Personal Data it may prevent us from meeting legal obligations, fulfilling a contract, or performing services required to run your account.  Not providing your Personal Data may mean we are unable to provide you with products or services. 


SECURITY

We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure your personal data.


YOUR RIGHTS OVER YOUR PERSONAL DATA

We will assist you if you choose to exercise any of your rights over your Personal Data, including:

• Withdrawing your previously granted consent; however, this will not invalidate any previously consented processing

• Lodging a complaint with any relevant Data Protection Authority

• Access to your Personal Data that we hold or process

• Correction of any Personal Data that is incorrect or out of date

• Erasure of any Personal Data that we process

• Restrict processing of your Personal Data in certain circumstances

• Asking us to provide you or another company you nominate with certain aspects of your Personal Data, often referred to as ‘the right to portability’

• The ability to object to any processing data where we are doing it for our legitimate interests

• The ability to contest a decision made entirely by automated processing, to express your point of view and to request that a human review the decision

For more information on these rights you can contact us using our Contact Us information.


SHARING YOUR PERSONAL DATA

We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so. 

Where we are permitted and legally able to do so we may share your Personal Data within our group of related companies which includes:

• Rotherham United Football Club

• Rotherham United Community Trust 

and with these other organisations:

• Law enforcement agencies, regulators and other authorities 

• Credit reference agencies 

• Fraud prevention agencies 

• Identity verification agencies

• Sports governing bodies

• Sports program funding bodies (e.g. Rotherham United Community Trust funded programs)

• Organisations that introduce you to us 

• Third parties you ask us (or permit us) to share your data with such as our sponsors or partners

• Third parties necessary to provide products or services which you have requested

• Advertising networks or social media platforms in order to provide you with relevant adverts where you have permitted this

• Search engines and providers of analytical services

Sheffield City Council

• Third parties who may provide medical treatment where needed

• Sports Ground Safety Authority

Depending on the products you choose to use we may need to share your Personal Data with the third parties that provide those services. Where your Personal Data are transferred outside of the European Economic Area (“EEA”), we require that appropriate safeguards are in place.

We may also disclose personal information to other companies within associated or subsidiary companies and to business partners, or successors in title to our business.


DATA TRANSFER OUTSIDE THE EEA

We will only transfer your Personal Data outside of the EEA where: 

• You have given your explicit consent; or

• It is necessary for us to set up or fulfil a contract you have entered into with us; or

• To comply with a legal duty or obligation.

If we do transfer your Personal Data outside of the EEA, within the group or to our business partners, we will take measures to ensure it is protected to the same standards as it would be within the EEA by relying on one of the following: 

• The country that is receiving your Personal Data has been found by the European Commission to offer the same level of protection as the EEA.  More information can be found on the European Commission Justice website.

• We will use contracts that require the recipient to protect your Personal Data to the same standards as it would be within the EEA

• Where the transfer is to the USA and the recipient is registered with Privacy Shield.  Privacy Shield is a framework that ensures Personal Data is protected to a level approved by the EU.  Read more about Privacy Shield on the European Commission Justice website.

In some instances we may be compelled by law to disclose your Personal Data to a third party and may have limited control over how it is protected by that party.


STORING AND RETAINING YOUR PERSONAL DATA

We are committed to protecting the security of your personal data, which is held in secure data centres in the United Kingdom in accordance with current legislative requirements, industry standards and technology. 

We will keep the personal data you have provided for as long as we have a relationship with you; once that relationship has ended we will retain it in accordance with this Policy only for as long as we reasonably require it to comply with internal policies and any legal or regulatory obligations.  It will then be deleted and / or destroyed.  

Your Personal Data may be kept longer if we cannot delete it for technical reasons.


UPDATES TO THIS PRIVACY POLICY

We may update this policy from time to time, so please review it frequently.

If any material changes are made to this Privacy Policy we will use reasonable endeavours to inform you in advance by email, notice on the Website or other agreed communications channels.  We will communicate the changes to you in advance, giving an appropriate amount of time for you to consider and understand the changes before they become effective.

We will not enforce material changes to the Privacy Policy without your express consent.  If you decline to accept the changes to the Privacy Policy, or otherwise do not accept the changes within the time period, we may not be able to continue to provide some or all products and services.