Burton Albion Community Trust Privacy Notice

Burton Albion Community Trust take your privacy very seriously.

This Privacy Notice sets out how we use and look after the personal information we collect from you. We are the data controller, responsible for the processing of any personal data you give us. We take reasonable care to keep your information secure and to prevent any unauthorised access to or use of it.

What personal data we hold on you Personal data means any information about an individual from which an individual can be identified. We collect, use, store and transfer some personal data of our participants (and their parents or guardians if under 18) our employees, trustees, service users and service providers. You provide information about yourself when you register with the Trust, by completing programme booking or enrolment forms, personal detail forms where employees and trustees are concerned and service level agreements for our service users and providers.

The information you give us may include your name, date of birth, address, e-mail address, phone number, gender, and the contact details of a third party in the case of emergency. We may also ask for relevant health information, which is classed as special category personal data, for the purposes of your health, wellbeing, welfare and safeguarding. Where we hold this data, it will be with the explicit consent of the participant or, if applicable, the participant’s parent or guardian.

Why we need your personal data We will only use personal data for any purpose for which it has been specifically provided.

The reason we need participants’, employees, trustees, service users and service providers personal data is to be able to run the Trust and deliver programmes in line with our strategic plan and to provide the services you are signing up to when you register with the Trust. Our lawful basis for processing your personal data is that we have a contractual obligation to you as a participant, employee, trustee, service user or service provider to provide the services you are registering for.

We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.

Purpose/ Processing Activity  Lawful Basis for processing under Article 6 of the GDPR
 Processing booking forms and payments  Performance of a contract 
 Processing employee personal details  Legal obligation
 Sending out Trust / sessional updates    Performance of contract
 Sharing data with delivery staff to run training sessions or enter events  Performance of contract
 Sharing data with Burton Albion Football Club for promotion of events   Performance of contract
 Sharing data with third party services  The Trust has a legitimate interest to run the organisation efficiently and as it sees fit. Provision of some third-party services is for the benefit of employees, trustees, service users and service providers. 
 Sharing anonymised data with a funding partner as condition of grant funding e.g. Premier League / EFL Trust  The Trust has a legitimate interest to run the organisation efficiently and as it sees fit. Application for funding is a purpose that benefits the Trust, employees, trustees and service users/participants.
 Sending out marketing information such as newsletters, information on our programmes and events  Consent. We will only send you direct marketing if you are an existing participant, service user, service provider or other associated individual and you have not previously objected to this marketing, or, you have actively provided your consent.
 To ensure we understand possible health risks  Consent. We will only process details on your medical history with your consent. 

Who we share your personal data with We may share your personal data with selected third parties. Third-party service providers will only process your personal data for specified purposes and in accordance with our instructions.

We may disclose your personal information to third parties to comply with a legal obligation; or to protect the rights, property, or safety of our participants, employees, trustees, service users and service providers.

Protection of your personal data We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.

How long we hold your personal data We keep personal data on our participants, employees, trustees, service users and service providers while they continue to be affiliated or are otherwise actively involved with the Trust. We will delete this data 2 years after a participant has ceased attending sessions, or sooner if specifically requested and we are able to do so. This applies for service users and providers also. We will retain personal data for employees for 5 years after they have left the Trust as per legal obligation.

Your rights regarding your personal data As a data subject you may have the right at any time to request access to, rectification or erasure of your personal data; to restrict or object to certain kinds of processing of your personal data, including direct marketing; to the portability of your personal data and to complain to the UK’s data protection supervisory authority, the Information Commissioner’s Office about the processing of your personal data.

As a data subject you are not obliged to share your personal data with the Trust. If you choose not to share your personal data with us we may not be able to allow you access to our services.

We may update this Privacy Notice from time to time, and will inform you to any changes in how we handle your personal data.

If you have any questions about this Privacy Notice then please contact Head of Community, Matt Hancock.