West Bromwich Albion Football Club Limited (the Club) respects the privacy of all fans and other customers and everyone else associated with them. We will collect and use personal data responsibly and in ways that are consistent with our obligations and your rights under the law.
This Privacy Notice explains how the Club uses and protects your personal data, as well as your rights in respect of it, how to exercise your rights and how to contact us. More information about how the Club processes personal data in general can be found in our Privacy Policy at https://www.wba.co.uk/privacy-policy.
Information about other people
If you provide information to us about any other people, you must give them a copy of this Privacy Notice so that they understand how their information will be used. You should only provide information about them if you are authorised to do so.
Changes to this Privacy Notice
Privacy laws and practice are constantly developing and we aim to meet high standards. Our policies and procedures are, therefore, under continual review. We may, from time to time, update our Privacy Notice. If we want to make any significant changes to the way in which we will use your personal data we will contact you and, if required, seek your consent.
About Us
Unless we say otherwise, the Club is the data controller in respect of all personal data we obtain about you. This means that we are responsible for ensuring that we do so in full compliance with data protection and all other related privacy laws.
You can contact us as follows:
Address: West Bromwich Albion Football Club, The Hawthorns, West Bromwich, West Midlands B71 4LF
Phone: 0121 524 3470
Email address: dataprotection@wbafc.co.uk
If you have any questions or concerns about how we are handling your personal data, you can direct them to Club’s HR Department at dataprotection@wbafc.co.uk or you can make a complaint to the Information Commissioner’s Office (www.ico.org.uk).
Security
We take the security of personal data seriously. We use security technology, including firewalls, password protection and encryption to safeguard information and have procedures in place to ensure that our paper and computer systems and databases are protected against unauthorised disclosure, use, loss and damage. We have processes in place to deal with a data breach in the unlikely event one should occur.
We only use third party service providers where we are satisfied that they provide adequate security for your personal data.
Categories of personal data that we process
The personal data we process may very depending on the goods or services you are getting and whether they are paid for or free. You should expect the following types of personal data to be processed for our purposes and the Club is the controller of this data.
Personal details Title, name, any ‘known as’ name and personal pronoun Contact details such as address, email address and phone number Relationship with others you book or purchase for or who have booked or purchased for you Age / date of birth Photograph (where you hold a myalbion account and/or it is required to provide a product/service to you) myalbion account details Social media identifiers Disability / health conditions / dietary preferences (if applicable) Medical passport / certificate / pass or vaccine certificate (if applicable) Travel certificate / confirmation (if applicable) Vehicle registration number (if applicable)
| History Products and services you have asked us to provide (and whether we have done so) Products and services others have asked us to provide for you (and whether we have done so) Key events (birthday, celebratory events, key work projects) How you are known to the Club Details of any feedback you provide Details of any incident involving you or someone else in your party
| Diversity and inclusion (where relevant) Marital status Age / date of birth Religious beliefs Gender / Gender reassignment Ethnicity Sexual orientation Political opinions Disability / health conditions / pregnancy and maternity
|
Preferences Details of any consents and preferences chosen
| Safeguarding information Safeguarding concerns (including information about concerns raised, details of those persons involved, witness details, welfare reports, actions recommended and taken)
| Payment details Details of payments received and declined and any refunds given
|
The Club does not usually receive any payment card details. Instead, we use a PCI compliant service provider (such as Secutix / Adyen for ticketing and Optomony for merchandising) to process payments. |
Certain personal data is designated as ‘special category data’ in law, which means it has special protection. This includes: information about health, race or ethnicity, genetic and biometric data and information concerning a person’s sex life or sexual orientation.
Sources of personal data
You Someone else who has made a booking or purchase for you (if applicable) Other clubs you are associated with (for example, if you or purchase a ticket as an ‘away ‘fan or you purchase one for someone else)
| Our sponsors or partners where they provide goods or services for you
| Stakeholders in anti-corruption matters including other sports organisations, the Gambling Commission, betting operators and sports related integrity units Social media Insurers Police and other law enforcement agencies Statutory Agencies (e.g. Children Services or Adult Services) Entities or individuals that book events that you are to attend at the Club Legal and other professional advisers Regulators
|
Automated decisions using personal data
We do not normally take any solely automated decisions.
Sponsor and partner programmes
The Club teams up with a variety of sponsors and commercial partners each of which bring value to the game and many of them are happy to make offers and opportunities available to you so that you can also benefit from them being in the WBA family.
You can view an up-to-date list of club sponsors & partners by clicking the link.
Purposes for which we process personal data and the legal basis for doing so
We process personal data for a number of purposes, which are:
| Purpose | Legal basis | |||||||||||
| Administration. Administration of any requests you make of us such as to purchase tickets, set up a myalbion account, to purchase items from our shop, to provide wba.tv , send you newsletters, administer competitions and prize draws. |
| |||||||||||
Match and event administration and security. Includes match / event admission, match / event security, dealing with incidents. obtaining insurance
| ||||||||||||
Direct marketing. Including creating a personal profile for you and maintaining details of your preferences. This may include offers from club sponsors & partners and club affiliates
| ||||||||||||
Commercial activities. Administration and carrying out Club commercial activities including those that have been specifically agreed with you / the person who has booked / purchased for you (asapplicable). This may include offers from club sponsors & partners and club affiliates
| ||||||||||||
Health and welfare. Dealing with any medical issues, injuries, allergies, special needs and mental health concerns, providing physical and emotional support
|
| |||||||||||
| Safeguarding matters. Administration of support in safeguarding children and adults at risk Including dealing with safeguarding concerns raised/suspected. |
| |||||||||||
Anti-corruption and fraud. Monitoring, compliance and enforcement
|
| |||||||||||
Diversity and inclusion monitoring.Diversity monitoring and compliance(such as in respect of ethnicity, gender, race, age and disability) and providing equal opportunities
|
| |||||||||||
Quality and improvement monitoring
|
| |||||||||||
Record keeping. Maintaining Club records including historical records of resources, incidents and compliance
| ||||||||||||
Reputation. Club reputationmanagement
| ||||||||||||
Publicity. Publicity and media activity
| ||||||||||||
Security. Including maintaining security and safety at our stadium and other premises
|
| |||||||||||
Legal matters. Including dealing with legal claims and dispute.
|
|
Who we may disclose your personal data to
You Your agent / representative(s) Family members Emergency contacts Football governing bodies such as The FA, EFL and English Premier League, UEFA, FIFA The Club’s owner(s) and shareholders Professional staff (including external medical professionals if applicable) Relevant service providers that provide services for the Club for example, if you book a DJ as part of a wedding package The world at large via Club websites, social media, brochures, match day programmes. press / media releases, newsletters and publicity materials The media / press / broadcasters Media agencies
| Stakeholders in anti-corruption matters including other sports organisations, the Gambling Commission, betting operators and sports related integrity units Fans and club members (where relevant) Disciplinary panels club affiliates such as the albion foundation Complainants Insurers HM Revenue & Customs Local authorities and relevant agencies regarding safeguarding Police and other law enforcement agencies Statutory agencies (e.g. Children Services or Adult Services) Professional advisers Regulators Courts or tribunals Government agencies (where we have a legal obligation to do so)
|
Location of your personal data
| In most cases, we normally keep your personal data within the United Kingdom or the European Economic Area. However, some of our services providers (such as those providing technology services to the Club) use facilities in other countries and this may mean your personal data is held in these other countries. We may also transfer personal data to our owners who may be in other countries. |
Wherever we transfer your personal data outside of the United Kingdom, we will take proper care to ensure that it is protected in accordance with this Privacy Notice and applicable privacy laws. Where we use service providers that provide their services in countries that are not deemed to have an adequate level of protection for personal data, we will normally use the United Kingdom approved ‘Standard Contractual Clauses’ as the legally accepted mechanism to allow the transfer and protect your data protection rights. |
| How long we keep your personal data for | |
| The duration for which we keep personal data depends on your relationship with us. The normal expectation is detailed below. | |
General records Normally for 6 years after you cease to be involved with the Club or 6 years after our last contact with you (whichever is longer) | Safeguarding and anti-corruption data and sanctions At least 7 years after the incident and may be longer, potentially indefinitely, where there is a continued risk or where statutory or other official guidance requires otherwise. |
After this time period we will securely delete your personal data or anonymise / pseudonymise it unless we have a legal basis for keeping it. | |
| In the unlikely event that there is a complaint or incident which involves or affects you, we may keep your personal data for 6 years after the matter is resolved. | |
| Your legal rights in respect of your personal data | |||||||||||||||||||||
You have a number of legal rights over your personal data which are:
| |||||||||||||||||||||
Some of these legal rights are subject to exceptions which means that we may be entitled, or required, to refuse to comply with a request |
Click here to view a pdf version of the Customer Privacy Notice.