Wycombe Wanderers Football Club
The General Data Protection Regulation (GDPR), requires Wycombe Wanderers Football Club to make public its’ approach to ensuring the privacy of individuals’ data. For the purpose of this Privacy Statement, the term “Club” is used to cover Wycombe Wanderers Supporters Group Ltd (the Trust), Wycombe Wanderers Football Club (WWFC), Frank Adams Legacy Ltd (FALL), WW Ladies FC (WWLFC), the 500 Club and Chairboys Funders Ltd (CFL).
The General Data Protection Regulation (GDPR) allows the use of Legitimate Interest Assessment (LIA) as a means of obtaining the consent of individuals whose data is held, in cases where the individual might reasonably expect such data to be held and where there is minimal impact on the individual’s privacy. The Club will use LIA as a means of consent wherever appropriate and will seek opt-in consent where the above conditions do not apply.
3. The Individual’s Rights Under GDPR
The Club, in complying with the principles of GDPR, will ensure that:
1. data, in respect of an individual, is held only when there is a lawful basis for doing so. A lawful basis will include, but may not be limited to:
1. a legal obligation
2. a contract
3. the protection of an individual’s vital interest
2. every individual whose data is held by the Club is entitled to request, and the Club will provide, within one month of the request, a copy of the data held for that individual, with a clear explanation of the lawful basis for it being held. The Club will promptly rectify such data, if requested. Such requests should be made by email to firstname.lastname@example.org or in writing to the Club at Adams Park, Hillbottom Road, High Wycombe, Bucks, HP12 4HJ.
3. every individual has the right to request that his data be erased. The Club may refuse to erase data where there is a legal reason for it being held and, in other circumstances, will advise of any disadvantage that might accrue to the individual by the erasure, before acting on the request.
4. it will advise of the right to object should data be used for Direct Marketing and shall immediately cease the processing of data for such purposes.
5. it will not use automated decision making or profiling in the processing of data.
6. data is held on a secure drive with access limited to specific data owners in order to ensure appropriate security.
7. it keeps its’ Privacy Statement under regular review and updates its’ websites accordingly