Latest news
  1. CHAPTER 8 – 125 YEARS AT THE HAWTHORNS
  2. FOXES ON A FRIDAY
  3. Chapter 7 (Part 1) – THE MEMORABLE FIFTIES
  4. Derby
  5. CHAPTER 6 – PROMOTION AND THE FIRST DIVISION
Old Baggies > Privacy Policy

Privacy Policy

Privacy Notice of the West Bromwich Albion Former Players Association

Introduction

This Privacy Notice sets out how the West Bromwich Albion Former Players Association (“the Association”) collects, uses, and protects any information that you provide to us. The Association is committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified when using our services, then you can be assured that it will only be used in accordance with this privacy statement.

The Association may change this policy from time to time by updating this page. You should check this page periodically to ensure that you are happy with any changes. This policy is effective from [Effective Date].

Identity and Contact Details of the Data Controller

This Privacy Notice is issued on behalf of the West Bromwich Former Players Association, which is the Data Controller for your personal data. The West Bromwich Former Players Association is responsible for ensuring that your data is processed in compliance with applicable data protection laws.

Should you have any questions about this Privacy Notice or our data protection practices, you can contact us at geoffsnape1@btinernet.com.

Our designated Data Protection Officer can be reached at the same contact details should you have any concerns or require further clarification regarding the handling of your personal data.

Purpose and Legal Basis for Processing

This Privacy Notice outlines the purposes for which the Data Controller processes personal data and the legal basis for such processing. The Data Controller processes personal data of its members, supporters, and other individuals who interact with it, for the following purposes:

  • To maintain and update membership records.
  • To communicate with members about events, news, and updates related to the association.
  • To organize events and activities for members.
  • To comply with legal obligations to which the Data Controller is subject.

The legal basis for processing personal data for these purposes includes:

  • Consent of the data subject, where the individual has given clear consent for the Data Controller to process their personal data for a specific purpose.
  • Contractual necessity, where processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
  • Legal obligation, where processing is necessary for compliance with a legal obligation to which the Data Controller is subject.
  • Legitimate interests, where processing is necessary for the purposes of the legitimate interests pursued by the Data Controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

Categories of Personal Data

The Data Controller collects, uses, stores, and processes various categories of personal data from its members, including but not limited to:

  • Personal identification information (e.g., names, dates of birth, photographs).
  • Contact details (e.g., email addresses, telephone numbers, postal addresses).
  • Professional information related to football (e.g., playing history, positions, achievements).
  • Health and fitness information, where relevant and with consent, for purposes of organizing events and activities.
  • Financial information for membership fees, donations, or payments for events and merchandise.

This personal data is collected for the purpose of managing the membership and activities of the Data Controller, including communication, event organization, and promotion of the association’s objectives.

Recipients of Personal Data

This Privacy Notice sets out the categories of recipients of personal data collected or processed by the Data Controller. Personal data may be shared with the following categories of recipients:

  • Members of the West Bromwich Former Players Association, for the purposes of communication, event organization, and association management.
  • Third-party service providers who perform functions on behalf of the Data Controller, including but not limited to administrative support, technical services, and data analysis. Such third parties are bound by confidentiality agreements and are restricted from using personal data for any purposes beyond the specified services.
  • Legal and regulatory authorities, as required by law or in response to legal requests.
  • Sponsors and partners of the West Bromwich Former Players Association, only where consent has been explicitly provided by the individuals concerned.

The Data Controller ensures that all recipients of personal data are subject to obligations of confidentiality and that personal data is processed in compliance with applicable data protection laws and regulations.

Data Subject Rights

Under the General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018, individuals have the following rights regarding their personal data that the Data Controller processes:

  1. Right to Access: You have the right to request access to your personal data that the Data Controller holds about you.
  2. Right to Rectification: You have the right to request that the Data Controller corrects any inaccurate or incomplete personal data held about you.
  3. Right to Erasure (‘Right to be Forgotten’): You have the right to request the deletion or removal of your personal data where there is no compelling reason for its continued processing.
  4. Right to Restrict Processing: You have the right to request a restriction on the processing of your personal data, which means the data can only be processed with your consent or for limited purposes.
  5. Right to Data Portability: You have the right to receive the personal data that you have provided to the Data Controller, in a structured, commonly used and machine-readable format, and have the right to transmit that data to another data controller without hindrance from the Data Controller.
  6. Right to Object: You have the right to object to the processing of your personal data, based on grounds relating to your particular situation, at any time.
  7. Right to Not be Subject to Automated Decision-making: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

Requests to exercise these rights can be made by contacting the Data Controller directly. Please note that some requests may be subject to a reasonable fee if they are unfounded, excessive, or repetitive.

Data Retention Period

The Data Controller shall retain personal data processed under this Privacy Notice for no longer than is necessary for the purposes for which the personal data are processed. The retention of personal data shall be in compliance with the applicable legal requirements, including but not limited to the General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018.

Personal data shall be retained for the duration of the individual’s membership with the West Bromwich Former Players Association and for such period thereafter as is necessary to comply with the Association’s legal obligations, resolve disputes, and enforce agreements. Specific retention periods for different categories of personal data may be determined based on the nature of the data, the purposes for which they are processed, and legal or regulatory obligations to retain the data for a certain period.

Upon the expiration of the retention period, personal data shall be securely deleted or anonymized, so that the individual can no longer be identified from the information, in accordance with the GDPR and UK Data Protection Act 2018 requirements.

Data Protection Officer

In compliance with the General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018, the West Bromwich Former Players Association (“Data Controller”) has appointed a Data Protection Officer (DPO). The DPO is responsible for overseeing the Data Controller’s data protection strategy and its compliance with GDPR requirements. The DPO can be contacted for all matters regarding personal data and privacy issues.

Requests, questions, or concerns regarding the Data Controller’s handling of personal data should be directed to the DPO at geoffsnape1@btinternet.com.

This appointment reflects the Data Controller’s commitment to protecting personal data and ensuring compliance with data protection laws.

Data Transfer Outside the European Economic Area

Under the General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018, the Data Controller is required to ensure that any transfer of personal data outside of the European Economic Area (EEA) is conducted in a manner that ensures the protection of the data subject’s rights and freedoms with respect to their personal data. The following provisions apply to such transfers:

  • Transfers of personal data to countries outside of the EEA will only be carried out where the European Commission has decided that the third country, a territory or one or more specified sectors within that third country, or the international organization in question ensures an adequate level of protection.
  • In the absence of an adequacy decision, the Data Controller will take steps to provide appropriate safeguards for the personal data being transferred, in accordance with GDPR requirements. Such safeguards may include the use of Standard Contractual Clauses approved by the European Commission, binding corporate rules, or other legally accepted means.
  • The Data Controller will provide detailed information to the data subjects about the transfer, including the legal basis for the transfer, the safeguards in place, and the means by which to obtain a copy of said safeguards.
  • Data subjects have the right to obtain information regarding the transfer of their personal data outside of the EEA, including the specific countries to which their data is being transferred.
  • Any inquiries or concerns regarding the transfer of personal data outside of the EEA should be directed to the Data Protection Officer (DPO).

Automated Decision Making and Profiling

In compliance with the General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018, the Data Controller does not use automated decision-making, including profiling, in a way that produces legal effects concerning data subjects or similarly significantly affects them. This stance is in line with our commitment to protect the privacy and rights of our members and associates.

Should the Data Controller decide to introduce such processes in the future, it will do so in full compliance with the GDPR and the UK Data Protection Act 2018. Prior to implementing any such processes, all affected data subjects will be informed, and, where necessary, explicit consent will be obtained. Furthermore, the Data Controller will ensure that all data subjects have the right to obtain human intervention, to express their point of view, and to contest the decision, in accordance with the GDPR.

For any concerns or inquiries regarding our use of automated decision-making and profiling, please contact our Data Protection Officer (DPO).

Right to Withdraw Consent

You have the right to withdraw your consent at any time where the West Bromwich Former Players Association relies on your consent to process your personal data. This does not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

To withdraw your consent, please contact our Data Protection Officer (DPO). The contact details of the DPO can be found in our Privacy Notice or by contacting us directly.

Changes to the Privacy Notice

The West Bromwich Albion Former Players Association (“Data Controller”) reserves the right to update or amend this Privacy Notice at any time. We will provide notice of any significant changes to the Privacy Notice on our website or by contacting you directly through the most recent contact information you have provided to us. It is important that you review the updated Privacy Notice carefully to ensure you are informed of how your personal data will be used.

Changes to this Privacy Notice may be necessary due to new legal requirements, changes in our data processing activities, or other reasons that necessitate a modification to our privacy practices. We encourage you to regularly review our Privacy Notice to stay informed about how we are protecting your personal data.

If you have any questions about this Privacy Notice or our data protection practices, please contact our Data Protection Officer (DPO).

Complaints to the Supervisory Authority

If you believe that the Data Controller has not complied with your data protection rights under the General Data Protection Regulation (GDPR) or the UK Data Protection Act 2018, you have the right to lodge a complaint with the supervisory authority. In the UK, the supervisory authority is the Information Commissioner’s Office (ICO). You can contact the ICO directly through their website or by other means provided on their platform.

Before lodging a complaint with the ICO, we encourage you to contact our Data Protection Officer (DPO) first. The DPO is committed to resolving any data protection issues you may have and can be reached at [DPO’s contact information]. We strive to resolve any complaints internally and to your satisfaction, whenever possible.

It is important to note that lodging a complaint with the ICO is a right that is always available to you, regardless of any attempts to resolve the issue with the Data Controller directly.