Privacy Policy

Personal data means any information about an individual from which that individual can be identified.
We collect, use, store and transfer some personal data of our participants [and their parents or
guardians], and other people who have communication with the Club.
You provide information about yourself when you register with the Club, and by filling in forms at an
event or online, or by corresponding with us by phone, e-mail or otherwise.
The information you give us may include your name, date of birth, address, e-mail address, phone
number, gender, and the contact details of a third party in the case of emergency. For participation in
some events we may also ask for relevant health information, which is classed as special category
personal data, for the purposes of your health, wellbeing, welfare and safeguarding. Where we hold this
data it will be with the explicit consent of the participant or, if applicable, the participant’s parent or
guardian.
Where we need to collect personal data to fulfil Club responsibilities and you do not provide that data,
we may not be able honour or administer your membership.

Data processing is the collection, storage, retrieval, use and destruction of personal data.

We will only use personal data for any purpose for which it has been specifically provided. The reason we need participants’ and members’ personal data is to be able to run the football club and arrange matches; to administer memberships, and provide the membership services you are signing up to when you register with the club. Our lawful basis for processing your personal data is that we have a contractual obligation to you as a participant or member to provide the services you are registering for. We have set out below, in a table format, a description of some of the ways we plan to use your personal data, and which of the legal basis we rely on to do so. We have also identified what our legitimate interests are where appropriate.

With the exception of players, coaches and volunteers (see the next paragraph) we will NOT share your
data we will not share your data with any third party unless you expressly give permission to do so (for
example, club partners wishing to offer season ticket holders special offers). We shall always make
any opting into such communication clear and unambiguous at the point of data collection.
If you are a player, coach or volunteer we may pass your information to the Scottish FA or Scottish
Professional Football League to register participants and the team for matches, tournaments or other
events, and for affiliation purposes. We may share your personal data with selected third parties,
suppliers and sub-contractors such as referees, coaches or match organisers. Third-party service
providers will only process your personal data for specified purposes and in accordance with our
instructions.
We may disclose your personal information to third parties to comply with a legal obligation; or to
protect the rights, property, or safety of our participants, members or affiliates, or others.
The Club’s data processing may require your personal data to be transferred outside of the UK. Where
the Club does transfer your personal data overseas it is with the sufficient appropriate safeguards in
place to ensure the security of that personal data.

We have put in place appropriate security measures to prevent your personal data from being
accidentally lost, used or accessed in an unauthorised way, altered or disclosed.

We keep personal data on our customers, suppliers, participants and members while they continue to
be a customer, supplier, participant or member or are otherwise actively involved with the Club. We
will delete this data if specifically requested and we are able to do so. We may need to retain some
personal data for longer for legal or regulatory purposes.

A data breach is a breach of security leading to the accidental or unlawful destruction of, alteration of
or unauthorised disclosure of or access to personal data transmitted, stored or otherwise processed.
In the event of a security breach St Johnstone FC will make a report to the Information Commissioner’s
Office (ICO) without delay and at the latest within 72 hours of becoming aware of it if it presents a risk
to the rights and freedoms of the data subjects. The Club’s full Data Breach Policy can be viewed on our website or requested by emailing dataprotection@perthsaints.co.uk

We use Globalpay (www.globalpay.com) to process payments by credit and debit cards and Paypal
(www.paypal.com) for processing online souvenir payments.

We use For Email (www.forthdirectmail.co.uk)

As a data subject you may have the right at any time to request access to, rectification or erasure of
your personal data; to restrict or object to certain kinds of processing of your personal data, including
direct marketing; to the portability of your personal data and to complain to the UK’s data protection
supervisory authority, the Information Commissioner’s Office about the processing of your personal
data.
As a data subject you are not obliged to share your personal data with the Club. If you choose not to
share your personal data with us we may not be able to register or administer your involvement or
participation.
We may update this Privacy Notice from time to time, and will inform you to any changes in how we
handle your personal data.
If you have any questions about this Privacy Notice then please contact the club on 01738 459090.