- visit our website (regardless of where you visit it from);
- purchase tickets from us;
- sign up to receive marketing communications from us
In this privacy notice, “Data Protection Legislation” means all applicable legislation which relates to the protection of individuals with regards processing personal data, including the Data Protection Act 2018, the General Data Protection Regulation (EU) 2016/679, and the Privacy and Electronic Communication Regulations 2003.
Important Information and who we are
Purpose of this privacy notice
THE SCOTTISH FOOTBALL ASSOCIATION MUSEUM TRUST which has its registered office at Hampden Park, Glasgow G42 9BA with Company Number SC152276 and Charity Number SCO22796 is the controller and responsible for your personal data (referred to as the “Scottish Football Museum Trust“, “we“, “us” or “our” in this privacy notice).
We have notified the Information Commissioner’s Office that we are a data controller under registration number Z2221121. This means that we are responsible for deciding how we hold and use personal information about you. We are required under Data Protection Legislation to notify you of the information contained in this privacy notice. Our contact details are set out at section 15 below.
Information that we collect from you
What is personal data?
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data from which an individual can no longer be identified (anonymous data).
What personal data do we collect from you?
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together follows:
- Identity Data: includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender;
- Contact Data: includes billing address, delivery address, email address and telephone numbers;
- Financial Data: includes bank account and payment card detail;
- Transaction Data: includes details about payments to and from you and other details of products, tickets and services you have purchased from us;
- Technical Data: includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website;
- Profile Data: includes your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses;
- Competition Entry Data: includes your name, address and email address and any other information you provide when entering a competition;
- Gift voucher purchases:
- Usage Data: includes information about how you use our website, products and services;
- Equal Opportunity Data: includes information on your gender, sexual orientation, ethnicity, age, religion, and any disability that you may have;
- Marketing and Communications Data: includes your preferences in receiving marketing from us and our third parties and your communication preference;
How is your personal data collected?
We use different methods to collect data from and about you including through:
Direct interactions: You may give us your Identity, Contact, Financial Data, Ticket Purchase data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:
- purchase tickets or merchandise on our website, or any other products or services which we offer;
- fill in any forms on our website;
- create a ticket purchase account on our website,
- subscribe to our service or publications;
- request marketing to be sent to you;
- register to receive or download information, newsletters or other documentation;
- submit a nomination or vote in respect of any awards;
- sign up to attend any events;
- enter a competition, promotion or survey;
- give us some feedback.
- When completing the Hot Shots Challenge on the Stadium Tour
Automated technologies or interactions: As you interact with our website, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. We may also receive Technical Data about you if you visit other websites employing our cookies. Please see paragraph 8 below for more information.
How we use your personal data
What processing grounds do we rely on?
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
- Where you have provided us with your consent to send you marketing communications;
- Where we need to perform the contract, we are about to enter into or have entered into with you (for example, to provide you with any products and/or services which you have requested);
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests (for example, undertaking analysis and research for the purposes of improving our website user experience); and
- Where we need to comply with a legal or regulatory obligation (for example, equal opportunities monitoring).
Please note that we may process your personal information without your knowledge or consent, where this is required or permitted by law. Generally, we do not rely on consent as a legal basis for processing your personal data other than in relation to sending direct marketing communications to you via email. You have the right to withdraw consent to marketing at any time by contacting us.
We may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us by emailing email@example.com if you need details about the specific legal ground we are relying on to process your personal data.
How do we use your information?
We use your information:
- to enable us to supply you with the goods, services and information which you have requested and/or purchased;
- to analyse the information we collect so that we can administer, support and improve and develop our business and the services we offer;
- to contact you in order to send you details of our goods and services (for example, details of upcoming events) which may be of interest to you;
- for all other purposes consistent with the proper performance of our operations and business;
- to contact you for your views on our products and services;
- to help us with understanding more about how our website and services are used;
- for all other purposes consistent with the proper performance of our operations, including promoting equal opportunities.
We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will explain the legal basis which allows us to do so.
Disclosure of your information
Disclosure to selected third parties
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.
We may also hold your personal information for longer where it is necessary to do so for the management of any active or potential legal proceedings, to resolve or defend claims, and for the purpose of making any necessary remediation payments.
A “cookie” is a piece of software that attaches to the hard drive of your computer and remembers information about the configuration of your computer. You can choose not to accept cookies from our website. We use a number of cookies on our website, including cookies provided by Google Analytics and Facebook.
We use the following categories of cookies on our websites:
Strictly necessary: These cookies are essential for certain features of our websites to work (for example, when you make payments to us for purchasing goods or services). These cookies do not record identifiable personal information and we do not need your consent to place these cookies on your device. Without these cookies some services you have asked for cannot be provided.
Performance: These cookies are used to collect anonymous information about how you use our websites. This information is used to help us improve our websites and understand how effective our adverts are. In some cases we use trusted third parties to collect this information for us but they only use the information for the purposes explained.
Functionality: These cookies are used to provide services or remember settings to enhance your visit for example text size or other preferences. The information these cookies collect is anonymous and does not enable us to track your browsing activity on other websites.
Targeting and Advertising: These cookies are used by trusted third parties to deliver adverts more relevant to you and your interests. They are also used to limit the number of times you see an advertisement as well as help measure the effectiveness of the advertising campaign. Information contained in these cookies is anonymous and doesn’t contain your personal information. To find out more about cookies used for targeting and advertising follow youronlinechoices.com and www.networkadvertising.org or contact us for further information about the trusted third parties we use.
Managing our cookies: If you would prefer to restrict, block or delete cookies from us and our third party advertisers, or any other website, you can use your browser to do this. Each browser is different, so check the “Help” menu of your particular browser to learn how to change your cookie preferences. If you choose to disable all cookies we cannot guarantee the performance of our websites and some features may not work as expected. Please contact us for details of the specific cookies which we use on our website.
For further information on cookies and how to disable them, please refer to www.allaboutcookies.org.
Marketing by us
We may use your Identity, Contact, Technical, Usage, Competition Entry Data, Ticket Purchase and and Profile Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you (we call this marketing).
You will receive marketing communications from us:
- if you have given us your express consent to receive marketing communications, or
- if you have purchased goods, services, tickets from us and, in each case, you have not opted out of receiving that marketing.
- Where you have given us your express consent, we will send marketing communications to you on behalf of our third party sponsors and partners.
Third party marketing
We will get your express opt-in consent before we share your personal data with any company outside the Scottish FA group of companies for marketing purposes.
We are committed to providing you with information on products and offers which are relevant to you. If you have consented to receiving marketing we will therefore use your email address to promote our adverts to you on Facebook, Google and/or other social media channels. These adverts may appear on your Facebook newsfeed if you have a Facebook account linked to an email address that has been provided to us. If you no longer wish to receive the advertisements detailed above you can unsubscribe at any time by contacting us at firstname.lastname@example.org.
Please note, you may receive adverts from us which are not connected to having provided us with your email address. An example of this may be when Facebook uses the information provided by users in accordance with its privacy and cookies policies to advertise. We cannot accept responsibility for any such advertisements.
You can ask us or third parties to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or by contacting us at any time. Where you opt out of receiving these marketing messages, you may still receive messages from us for non-marketing purpose, for example, service messages providing important announcements regarding an event which you have purchased tickets for.
Third party websites
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so. In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further policy to you. Please be aware that the transmission of information via the internet is not always completely secure. Although we will do our best to protect your personal data, we cannot guarantee the complete security of your data transmitted to us electronically; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to restrict unauthorised access. All credit/debit card data taken through our website is encrypted in accordance with industry standards, including PCI-DSS.
Under Data Protection Legislation, you are entitled to exercise the following rights over your personal data:
Right to object: You can object to our processing of your information.
Access to your personal information: You can request access to a copy of your information that we hold, along with information on what personal information we use, why we use it, who we share it with, how long we keep it for and whether it has been used for any automated decision making. You can make a request for access free of charge.
Right to withdraw consent: If you have given us your consent to use your information to send you marketing emails, you can withdraw your consent at any time or by clicking the “unsubscribe” link in any marketing email which you receive.
Rectification: You can ask us to change or complete any inaccurate or incomplete personal information held about you.
Erasure: You can ask us to delete your information where it is no longer necessary for us to use it, you have withdrawn consent, or where we have no lawful basis for keeping it.
Portability: You can ask us to provide you or a third party with some of the personal information that we hold about you in a structured, commonly used, electronic form, so it can be easily transferred.
Restriction: You can ask us to restrict the personal information we use about you where you have asked for it to be erased or where you have objected to our use of it.
Make a complaint: You can make a complaint about how we have used your information to us by contacting us, or to a supervisory authority – for the UK this is the Information Commissioner’s Office, at https://ico.org.uk/.
If you would like to exercise any of your rights above, please contact us by email to email@example.com.
Changes to this policy
Your duty to inform us
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
If you have any questions about this privacy notice, including any requests to exercise your legal rights or making a complaint to us about how we have used your personal data, please contact us by emailing firstname.lastname@example.org, or by writing to us at “The Scottish Football Association Museum Trust, Hampden Park, Glasgow, G42 9BA”.