The GDPR law on data protection sets out a number of different reasons a company may collect and process your personal data, including:
In specific situations, we can collect and process your data with your consent – e.g. when you sign up to receive our email newsletter or Free Lions / Free Lionesses alerts. When collecting your personal data, we’ll always make clear to you which data is necessary in connection with a particular service.
In some instances, we need your personal data to comply with contractual obligations. For example, if you subscribe to the Free Lions fanzine, we need your address details to deliver your copies of the fanzine.
We may be legally bound to collect and process your data. For example, if someone is involved in criminal activity or fraud, we may need to pass details to law enforcement.
We require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running the FSA. For example, we may use information on the team you support or your geographic location to contact you with appropriate messages about FSA activity at your club or in your area.
How we collect your personal data
There are a number of ways in which we may collect information about you, not limited to:
- When you sign up as a member and provide your email address, the club you support and other contact information.
- When you email us/contact us through social media.
- When you sign up for our email newsletter or text alerts, or buy a fanzine or guidebook from us.
- When you have given a third party permissions to share information they hold about you with us.
- When you complete a survey.
- When you sign up for an FSA event or campaign
The type of personal data we collect
The data we may collect includes your name, the club or international team you support, your email address, phone number, postal address, date of birth, gender, social media account name(s), ethnicity, sexual orientation, your membership of other supporter/trade union organisations or your bank account details for reimbursement of expenses.
How and why we use your personal data
We use your data to provide you with appropriate information about the FSA and our activities.
The data privacy law allows this as part of our contractual obligations and legitimate interest in understanding our members and providing the highest levels of service. We will hold your data in our systems for as long as is necessary for each relevant activity or as long as is set out in any agreement we have with you.
Protection of your personal data
The security of your personal data is important, and we take care to handle and store it as best we can. This includes using encrypted https links between our web server and your browser which means that all data passed between you and us cannot be intercepted.
We do not store your card details ourselves when you sign up for a Free Lions subscription or make a one-off donation, but instead use Rapidata and PayPal, who are a PCI compliant payment processing provider for all orders placed online.
We also regularly assess the safety of our servers and electronic storage in line with industry standards.
Length of time we keep your personal data
We only keep your data for as long as is necessary for the purpose it was collected. In the case of membership of the FSA, it is retained as long as the membership remains active.
You also have the right to access and rectify mistakes in the data we hold about you at any time, and each of our email newsletters has a link to unsubscribe at the bottom should you wish to opt out.
You can also make any changes to your personal information by updating your online account, or contacting the FSA office.
Data is processed by, or under the direction of, FSA staff.
We never share your data with third parties without consent.
If you are at all unhappy about the handling of your data, you can send a complaint to the Information Commissioner’s Office by calling 0303 123 1113 or go online to www.ico.org.uk/concerns
If you are based outside the UK, you have the right to lodge your complaint with the relevant data protection regulator in your country of residence.