Privacy Notice

Please Read This Notice Carefully

Who We Are

Stirling Albion Supporters’ Trust, registered with the Financial Conduct Authority under the Co-operative and Community Benefit Societies Act 2014 as the Stirling Albion Supporters’ Society Limited, Registration Number 29560R (the Trust) and operating from Forthbank Stadium, Springkerse, Stirling FK7 7UJ  is committed to protecting and respecting your privacy.

This notice (along with our rules/constitution, together our Terms of Use) applies to your membership and/or your use of our website and services. 

Please note that any reference to Data Protection Law we make in this document refers  to the EU General Data Protection Regulation ((EU) 2016/679) and the UK Data Protection Bill 2018, which came into effect in the UK on 25th May 2018.

We are required by law to treat your personal information legally and fairly.  We must also give you the means to correct it if it is wrong, allow you to object to our processing it and, in some instances, delete it from our systems if you ask us to do so.

Legal Basis For Processing Your Personal Data

 If you take out a Trust membership, our legal basis for processing your personal information is that it is necessary for the performance of a contract.  We offer you a number of member benefits in return for an annual fee.

If you are not a member but are browsing our website or contacting us about Trust related matters then our legal basis for processing your personal information is that we have a legitimate interest in

  • dealing with any queries that you might have so that we can maximise Trust membership and encourage people to join
  • developing our website
  • analysing what our visitors do when they come to our website so that we can improve the services we offer

We Are Your Data Controller

For the purpose of Data Protection Law, we are the Data Controller in relation to the processing of your personal data.  

Information We Collect From You

We will collect and process the following personal data about you:

Personal data you give us when you apply for, or renew your, membership:

Name, Address, Post Code, Telephone Number, Email Address, Date of Birth. 

We need your name, address and contact details to send you information or contact you if there is a problem.  We ask for your email address so that we can communicate with you electronically.  We need your date of birth because the Trust rules dictate that certain activities are limited by age.  If you sign up for an account on our website you will also be asked to choose a valid username.

We may collect this information by the following means:

  • Through paper forms sent to us by post or handed it in to the Trust office
  • Through electronic forms downloaded from our website and sent to us electronically
  • Through digital forms on our website
Personal data you give us when you contact us:

Name, Email Address, Internet Protocol (IP) address

If you want to contact us you can do so using a form on our website.  You can do this whether you are a valid member or not.  To allow us to contact you and keep you up to date with your request you must give us a valid email address. 

In some instances, we collect your IP address for security purposes, for example if we are collecting opinions or running surveys.  This allows us to ensure that any surveys or opinion polls are used fairly.

Personal data you give us when you use our online voting system:

IP Address

When you vote, we collect your IP address and information about the device you are using for security purposes.  This allows us to ensure that the voting system operates fairly.  More information about Online Voting can be found below.

Personal data you give us when you vote on our own website:

Name, Membership Number

Occasionally, we run votes and surveys on our own website rather than using ElectionRunner.  In this instance we collect information using a custom-designed form.  The form and its data are stored on our server until the vote or survey closes and then retained in line with our retention policy, which is covered below.

Personal data we collect when you leave a comment:

When visitors leave comments on our web site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.  An anonymised string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/.  After approval of your comment, your Gravatar profile picture is visible to the public in the context of your comment.

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Personal data we may generate about you:

Membership number

We generate a unique membership number for you when you become a valid Trust member.  We will use this number in communications with you, for example by email and we may ask for it along with other personal information we hold to help establish your identity in relation to some activities such as voting.

Personal data we collect about you when you use our website:

When you use our website we collect data that helps us understand how you are using the service so that we can improve it over time.  Most of this information is not personal data but we do collect your IP address when you access the site.  Every device that connects to the internet has an IP address and we use it to identify the geographic locations from which people access our website.  We use Matomo to collect this data and there is more information on Matomo below

Uses Made Of The Personal Data

We use personal data held about you in the following ways:

  • To allow you to sign up for membership and participate in Trust membership activities;
  • To send you information relevant to Stirling Albion Football Club, your membership and the operation of the Trust;
  • To help you with any queries you may have in relation to membership or the operation of the Trust in general;
  • To develop and improve the website and the services we offer;
  • To protect both you and the Trust from possible fraudulent or malicious use
  • To fulfil our legal obligations

Disclosure of your Personal Data

We will not sell your information or disclose it for direct marketing purposes. 

We will disclose the personal data we process about you to the following third parties for the purposes indicated in the table below:

Data

Recipient

Purpose

membership number, name, email address

The Mailchimp email service

To send you information relevant to Stirling Albion Football Club, your membership and the operation of the Trust

name, address

Trust solicitors

To maintain an official register of members as required by the Trust rules

Name, Email address, IP address, device information

The ElectionRunner voting platform

To allow you to participate in some of our votes and to protect the integrity of the voting process

 

In addition, we may disclose your personal data to third parties:

  • If we are under a duty to disclose or share your personal data in order to comply with any legal or regulatory obligation or request;
  • In order to:
  • enforce or apply the Terms of Use, and other agreements you have agreed to with us or to investigate potential breaches; or
  • protect the rights, property or safety of our users or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection.

Where We Store Your Personal Data

All personal data you provide to us is stored on computer equipment in the UK with the following exceptions:

MailChimp

We use the Mailchimp service to send you periodic newsletters and this means that some of your personal data is transferred to servers in the USA. 

The Mailchimp service is covered by both the EU-US and Swiss-US Privacy Shield regimes and is used by many EU and worldwide businesses.  As such, in our opinion, it poses a minimal threat to your privacy rights and freedoms.

We have also completed a Data Processor Agreement addendum with Mailchimp that specifically covers customers located in the EU.

You can read more about Mailchimp’s privacy measures at:

https://blog.mailchimp.com/gdpr-tools-from-mailchimp/

ElectionRunner

We use the ElectionRunner service to operate some of our online votes.  You should be aware that some of your personal data will be transferred to servers in the United States.  You can read more about ElectionRunner’s privacy measures at

https://electionrunner.com/privacy-policy

How Long We Will Keep Your Data For

We will keep your data for as long as your membership is active.  If you fail or elect not to renew your annual membership we will retain your data for a period of two years following the expiry of your annual membership, at which point your personal data will be deleted.  If you wish to renew your membership after that period you will need to take out a new membership and re-submit your details.  Please note that we may be obliged to retain some information about you to allow us to fulfil our legal obligations.

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

When we are running an online vote, we will retain your personal information until the vote has been decided and the decision ratified after which it will be deleted.  We do not retain your personal information between votes.  If we run a subsequent online vote we will upload a new register of eligible voters.

We keep visitor log data for 6 months after which it is deleted.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your personal data in transit; any transmission is at your own risk. Once we have received your personal data, we will use strict procedures and security features as outlined above to try to prevent unauthorised access to your personal data.

Your Rights

You have the following rights:

  • You can seek to restrict our processing of your personal data or object to us processing your personal data at any time by contacting us at privacy@safctrust.com or by writing to us at Forthbank Stadium, Springkerse, Stirling FK7 7UJ. Please note that if you do this you may no longer be able to enjoy some or all membership benefits.
  • You have the right to lodge a complaint with the Information Commissioners Office (ICO) if you think that we have infringed your rights. You can find more information about reporting a matter to the ICO at the following link: https://ico.org.uk/
  • If you have left comments on the site, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us by contacting us at privacy@safctrust.com or by writing to us at Forthbank Stadium, Springkerse, Stirling FK7 7UJ.
  • You have the right to access personal data held by us about you. If you wish to view, correct or update any information we hold about you please get in touch by email to privacy@safctrust.com or in writing to Forthbank Stadium, Springkerse, Stirling FK7 7UJ.
  • In certain circumstances you have the right to ask us to delete all the information we hold about you. You can do so by contacting us via email at privacy@safctrust.com or by writing to us at Forthbank Stadium, Springkerse, Stirling FK7 7UJ.  Please note that we may be obliged to retain some information about you to allow us to fulfil our legal obligations. 

Please note that when you exercise your rights we are obliged by law to verify your identity using reasonable means.  To do this, we may ask you to supply corroborating information before we can carry out any request you make.

Our Newsletter

When you take out a membership and supply us with your email address, we will sign you up for our newsletter which is our preferred way to contact you.  This allows us to keep our costs to a minimum and allocate more of the money you pay in subscriptions to the overall benefit of the Trust and its members.

When we register you, we will send an e-mail to the registered e-mail address in which you will be asked to confirm your newsletter subscription (Double-Opt-In). When you accept, your IP Address and the date and time of your acceptance will be saved.  Under no circumstances will we sell your personal data for advertising or marketing purposes to third-parties or otherwise make them available for such.  We will only share your personal information with technical services that are needed to deliver your newsletter.  You are free to unsubscribe to our newsletter service whenever you want by clicking on the unsubscribe button in the newsletter or sending an e-mail to privacy@safctrust.com.

Online Voting

To allow members to vote online, we upload a list of eligible voters from the official membership list to the ElectionRunner system.  This helps us make sure that as many Trust members as possible can participate in our decision-making processes. We upload your name, your email address and a unique identifier that we assign to each voter. 

When we run an online vote, we send a voting link to your registered email address.  The link will allow you to login using a special code that’s included in the email.  The code is valid only for that particular vote.  If we do not have your email address then we will not upload your personal data as part of the list of eligible voters and you will not be able to vote online.

We often run Online Voting alongside more traditional methods such as in-person voting.  To protect the integrity of the voting process, we will cross-check online voters against those voting in a different way.  This means we will download a list of people who have voted online so that we can compare it with other voting sources we use.  Note that we only ever know that people have voted.  We do not know what choices they made.

Our Website

Our website may, from time to time, contain links to and from the websites of third parties.  If you follow a link to any of these websites, please note that these websites and any services that may be accessible through them have their own privacy notices and that we do not accept any responsibility or liability for these notices or for any personal data that may be collected through these websites or services, such as contact and location data.  Please check these notices before you submit any personal data to these websites or use these services.

Social Media Plugins

Our website may use Social Media Plugins (Plugins) for Facebook, Twitter or Youtube. If you call up one of our website pages which has a Plugin of this kind, your browser sets up a direct link to the Facebook, Twitter or Youtube servers. The content of the Plugin is passed by the provider directly to your browser and integrated by it into the website. This means that we have no influence over the data that Facebook, Twitter or Youtube obtain with the help of these Plugins. 

We therefore inform you that through these Plugins, the providers obtain information about you, even if you do not own a profile with those providers or are not logged in at the time.  This information, including your IP address, will be passed from your browser directly to the provider and stored on their servers. The server location may be outside the European Union/EEA.

Matomo Analytics

Our website uses Matomo Analytics to collect non-personally-identifying information of the sort that web browsers and servers typically make available, such as the browser type, language preference, referring site, and the date and time of each visitor request.  This helps us understand how visitors use our website by compiling the collected data into usage reports.

We also collect potentially personally-identifying information like IP addresses. We do not use such information to identify our visitors, however.  We use it entirely to see where in the world our visitors are located.  We anonymise the IP addresses that we collect so that they cannot be traced back to an individual.  We store all of the information we collect on our hosting platform in the UK and do not share it with or disclose it to any third party.

We have configured Matomo to respect Do Not Track preferences.  Do Not Track is a technology that enables users to opt out of tracking by websites they do not visit, including analytics services, advertising networks, and social platforms.  For more information about Do NotTrack, please see http://donottrack.us 

You can read more about Matomo and what it does at https://matomo.org/

Cookies

We uses cookies (small text files that we place on your device) to help provide our services to you.  For more information, please read our Cookie Policy – https://safctrust.com/cookie-policy

reCAPTCHA

Our website uses Google reCAPTCHA, a service provided by Google that helps protect our website from spam by using analysis techniques that can identify if a user is human rather than a machine.

Your entry in the reCAPTCHA field will be sent to Google in the USA and processed by Google for this purpose. The reCAPTCHA application will also send your IP address and other data to Google to enable it to provide the reCAPTCHA service.  By using reCAPTCHA, you agree to Google processing your data for this purpose.  The IP address provided as part of Google reCAPTCHA will not be merged with other Google data.

For more information about Google’s Terms of use and Privacy for reCAPTCHA, please visit

https://www.google.com/about/company/user-consent-policy.html

Changes To This Privacy Notice

Any changes we may make to our privacy notice in the future will be posted on our website and, where appropriate, notified to you when you next visit. The new terms may be displayed on-screen and you may be required to read and accept them to continue your use of the service.

Contact

Questions, comments and requests regarding this privacy notice are welcomed and should be addressed by email to privacy@safctrust.com or in writing to Forthbank Stadium, Springkerse, Stirling FK7 7UJ.   

Version 1.2

Last Updated 01/05/2019