Data Protection Policy
The Friends of the Rebel Army Society Limited trading as Cork City Football Club, registered number 5449R, whose registered office is at Bishopstown Stadium, Curraheen, Co. Cork (hereinafter referred to as the “Club”, “we”, “us”, or “our”) is a “Controller” under the Data Protection Act 2018 (implementing the General Data Protection Regulation (EU) 2016/679) (“GDPR“) in respect of certain Personal Data you furnish to us. The Club encompasses any other entity that is or may in the future be part of the Club.
This Privacy Notice is intended to help you understand what Personal Data the Club collects about you, why we collect it, and what we do with it.
- What is Personal Data?
“Personal Data” is any information relating to an identified or identifiable natural person (“Data Subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier such as a user IP addresses or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person and includes Special Categories of Personal Data;
“Special Categories of Personal Data” is any Personal Data that reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, genetic data or biometric data and data concerning health or sex life and sexual orientation.
- Personal Data Collected and Processed
We collect and process Personal Data relating to you in connection to your use of corkcityfc.ie and websites controlled by the Club (“Club Websites”), attendance at matches involving the Club, or any other interaction that you may have with the Club. This Personal Data may include:
- your name and contact details, including your address, phone number and email address;
- information collected on the Club Websites including the contact forms (other than credit card information, which goes directly to our payment processing partners);
- customer service records, including surveys and complaints;
- your account record;
- your photo or still video images of you (including CCTV and system access logs);
- statistical and other analytical information collected on an aggregate basis of all visitors to the Club Websites;
- any Freedom of Information or Subject Access Request details;
- any correspondence with you including letters, emails, contact forms via the Club Websites, telephone logs, records of conversations, or otherwise; and
- any other Personal Data relating to you that you provide to us or that we generate about you in connection with our relationship with you, including records of any consent you have given and your use of the Club Websites.
Note like most standard website servers we use log files. This includes internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, platform type, date/time stamp, and number of clicks to analyse trends, administer the sites, track user’s movement in the aggregate, and gather broad demographic information for aggregate use. IP addresses, etc. or the use of Google Analytic tools to mointor how customers use the Club Websites are not linked to personally identifiable information or your Personal Data. We use information to maintain the proper technical functioning of the Club Websites.
The Club Websites contain links to other sites. Please be aware that we, corkcityfc.ie, are not responsible for the privacy practices of such other sites. We encourage you to be aware when you leave our Club Websites to read the privacy statements of each and every website that collects personally identifiable information. This Data Protection Policy applies solely to information collected by the Company Websites.
- Sources of Personal Data
We collect data from you and from the following sources:
- Third party event partners such as security, travel, or ticketing;
- Third party ticket providers that sells online tickets or merchandise on behalf of the Club; or
- From your communications or associations with the Club such as ticket registration, match travel, complaints, queries, etc.
- Purposes for which we hold your Personal Data
The Personal Data that is referred to above will be processed for the purposes of:
- providing customer service to you and contacting you if required to respond to any communications you might send to us;
- complying with our legal obligations;
- complying with licensing obligations from the Football Association of Ireland or other governing body;
- establishing, exercising or defending legal claims;
- sending you promotional and marketing materials;
- to enable the Club to perform efficiently; or
- improving the services we provide to you.
Note that we do not share aggregated demographic information with our partners and advertisers.
Our legal basis for collecting and using this information in accordance with the provisions of this Privacy Notice is that it is necessary:
- for the performance of our contract with you (if any);
- for compliance with a legal obligation that applies to us; or
- that you have provided consent to us for the use of your Personal Data.
Where you have provided consent for the use of your Personal Data, you can withdraw it at any time by informing firstname.lastname@example.org, however, this will not affect the lawfulness of processing which was carried out based on your consent prior to its withdrawal.
In relation to special categories of personal data, our legal basis for collecting and using this information is that it is necessary:
- for the purposes of providing or obtaining legal advice or for the purposes of, or in connection with, legal claims, prospective legal claims, legal proceedings or prospective legal proceedings, or for the purposes of establishing, exercising or defending legal rights;
- and proportionate for the performance of a function conferred on the Club by law; or
- in certain limited circumstances, where you have given your explicit consent.
Where you have provided consent for the use of your Personal Data, it may be withdrawn at any time by informing email@example.com, however, this will not affect the lawfulness of processing which was carried out based on your consent prior to its withdrawal.
- Disclosure of your Personal Data to third parties
We may disclose your Personal Data to various recipients in connection with the above purposes, including:
- to third parties who we engage to provide services to us, such as outsourced service providers, IT service providers, professional advisers and auditors;
- to other public authorities and bodies where required or permitted by law, such as An Garda Síochána or other law enforcement authorities for the purposes of prevention, investigation or detection of crime;
- to the Football Association of Ireland or other governing body; and
- to comply with any applicable law or regulation, a summons, search warrant, court or regulatory order, or other statutory requirement.
- Transfers of your Personal Data outside of the European Union
In connection with the above we may transfer your Personal Data outside the European Economic Area, including to a jurisdiction which has not been found by the European Commission to provide an adequate level of protection for Personal Data.
If and to the extent that we do so, we will ensure that appropriate measures are in place to comply with our obligations under applicable law governing such transfers, which may including entering into a data processing agreement in respect of the transfer which contains the ‘standard contractual clauses’ approved by the European Commission, or in respect of transfers to the United States of America, ensuring that the transfer is covered by the EU-US Privacy Shield framework (or any replacement framework). Further details of the measures that we have taken in this regard are available on request from firstname.lastname@example.org.
- How we secure your Personal Data
Your Personal Data is held on secure servers within the European Economic Area.
Where you communicate with us via the Club Websites, the nature of the Internet is such that we cannot guarantee or warrant the security of any information you transmit to us via the internet. No data transmission over the internet can be guaranteed to be 100% secure. However, we will take all reasonable steps (including appropriate technical and organisational measures) to protect your Personal Data. When our order form asks users to enter sensitive information (such as credit card number and/or social security number), that information is encrypted and is protected with the best encryption software in the industry. While we use SSL encryption to protect sensitive information online, we also do everything in our power to protect user-information offline. If users have any questions about the security at the Club Websites, users can email email@example.com.
- Your Rights
You have the following rights, in certain circumstances and subject to certain restrictions, in relation to your Personal Data:
- the right to access your Personal Data;
- the right to request the rectification and/or erasure of your Personal Data in certain circumstances;
- the right to restrict the use of your Personal Data in certain circumstances;
- the right to object to the processing of your Personal Data;
- the right to be forgotten in certain circumstances; and
- the right to receive your Personal Data, which you have provided to us, in a structured, commonly used and machine-readable format or to require us to transmit that data to another controller, in certain circumstances.
- How you can exercise your rights
In order to execute any of the rights set out above, please contact us at firstname.lastname@example.org.
- How long we retain your Personal Data
We will not hold your Personal Data for longer than is necessary. We retain your Personal Data for as long as we need it for the purposes described in this Privacy Notice (including but not limited to section 5 (Disclosure of your Personal Data to third parties)), or to comply with any applicable statutory requirement.
- Changes to this Privacy Notice and our Policies
We reserve the right to make changes to this Privacy Notice at any time without prior consultation. Any changes to this Privacy Notice will be posted on the Club website so that you are always aware of what Personal Data we collect, how we use it, and under what circumstances, if any, we disclose it. If at any time we decide to use Personal Data in a manner significantly different from that stated in this Privacy Notice, or otherwise disclosed to you at the time it was collected, we will notify you by e-mail or in a manner you have indicated. However, if you have opted out of all communication with the site, then you will not be contacted, nor will your personal information be used in this new manner.
- Questions and Complaints
If you have any questions regarding this Privacy Notice, you may contact us using the information below:
Data Protection Officer
c/o Friends of the Rebel Army Society Limited t/a Cork City Football Club
Bishopstown Training Ground
email@example.com or by phone on + 353 21 434 5574
You have the right to lodge a complaint with the Irish Data Protection Commission (https://www.dataprotection.ie/docs/Contact-us/11.htm).