Norwich City Football Club (“Club”) is fully committed to adherence to our obligations under UK Data Protection law.
The Policy describes the types of personal data you provide and we collect via your use of the official Club website, junior website, ticketing, online retail store and the official Club mobile application (“App”), together with all services accessed through them (“Online Facilities”), what we may do with that personal data and your rights.
The Club is the Data Controller of personal data collected by, or which you provide through, the Online Facilities, for the purpose of the UK General Data Protection Regulation (“UK GDPR”) and the Data Protection Act 2018.
Information We Collect from You
We will collect and process the following data about you:
Information you give us. This is information about you that you give us by filling in forms on any of our sites www.canaries.co.uk, tickets.canaries.co.uk, www.juniorcanaries.co.uk, shop.canaries.co.uk & deliascanarycatering.co.uk (“our sites”) or by corresponding with us by phone, email or otherwise. It includes information you provide when you register to use our sites, subscribe to our services, search for a product, place an order on our sites, participate in discussion boards or other social media functions on our sites, enter a competition, promotion or survey, and when you report a problem with our sites. The information you give us may include your name, address, email address and phone number, financial and credit card information, personal description and photograph.
Information we may collect about you. With regard to each of your visits to our sites we may automatically collect the following information:
• technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform
• information about your visit, including the full Uniform Resource Locators (URL), clickstream to, through and from our site (including date and time), products you viewed, searched for or purchased, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page and any phone number used to call our customer service number.
Information we receive from other sources. This is information we receive about you if you use any of the other websites we operate or the other services we provide. In this case we will have informed you when we collected that data if we intend to share the data internally and combine it with data collected from other sources. We will also have told you for what purpose we will share and combine your data. We are working closely with third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies). We will notify you when we receive information about you from them and the purposes for which we intend to use that information. We also receive personal information when, by attendance at matches or events held at the stadium or our properties, photos and video footage are taken of you When you register for our captive portal service we may collect: the time, date, and location of registration for the service, the duration and frequency of use of the service and visits to Club venues, the approximate location of browsing devices whilst at a Club venue, the device’s internet browsing history whilst using the service, and your demographic information.
How we use your personal data
We use information held about you in the following ways:
Information you give to us. We will use this information:
• to carry out our obligations arising from any contracts entered into between you and us and to provide you with the information, products and services that you request from us;
• to provide you with information about other goods and services we offer that are similar to those that you have already purchased or enquired about;
• to provide you, or permit selected third parties to provide you, with information about goods or services we feel may interest you based on your previous engagement with the club (which is based on your registration/purchase/browsing history), or based on the preferences set in your ‘profile’. You can withdraw your consent at any time by changing these preferences.
• to notify you about changes to our service;
• to ensure that content from our site is presented in the most effective manner for you and for your computer.
Information we collect about you. We will use this information:
• to administer our site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
• to improve our site to ensure that content is presented in the most effective manner for you and for your computer;
• to allow you to participate in interactive features of our service, when you choose to do so;
• as part of our efforts to keep our site safe and secure;
• to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you;
• to make suggestions and recommendations to you and other users of our site about goods or services that may interest you or them.
WHERE WE STORE YOUR PERSONAL DATA
In most cases, the information you provide to us is stored on our or our third parties’ secure servers. Any payment transactions will be encrypted using SSL technology. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
Sharing your Information
We do not sell, rent, or otherwise provide personally identifiable information to third-parties without your consent.
In addition, there are some other reasons why we may disclose your personal information to third parties and these are as follows:
• to other companies within our corporate group;
• to appoint other organisations to carry out some data processing activities on our behalf; For example, mailing services, payment processing, hosting service providers, other relevant partners used to help us deliver the Online Facilities to you and to check your details against the Telephone Preference Service;
• If we or substantially all of our assets are acquired by a third party, in which case personal data held by us about customers will be one of the transferred assets;
• If we are under a duty to disclose or share your personal data to comply with any legal obligation, or to enforce or apply any of our other applicable terms and conditions for products, services, content or access provided by us (for example our ground regulations) and other agreements; and/or
• to protect the rights, property, or safety of us, our commercial partners, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
Examples of some third parties we may transfer, share or disclose the personal data we collect from you to are (but not limited to):
Advanced, who provide our online ticketing system
Retail & Sports Systems, who provide our online shop
Fortress GB, who manage our stadium access and loyalty points
InCrowd Sport, who manage our sites, App and database
SkyFii, who provide our stadium Wi-Fi (Captive Portal)
The Communicator Corporation Limited and Campaigner, who provide our email marketing systems
From time to time we, and/or commercial partners (if you have agreed to receive their information when you provided your personal information) may contact you to tell you more about the offers, services, products and other initiatives available to you.
Under the UK GDPR, you have the following rights in relation your data The right to be informed – this Policy informs you about the data we hold and your rights in relation to that data.
The right of access – If you wish to receive a copy of some or all of the information we hold on you, please write to or email the Data Protection Officer:
Address Data Protection Officer, Norwich City Football Club, Carrow Road, Norwich, NR1 1JE
The right to rectification - If, at any time after registering, you would like to update your data, you can do this via your personal profile page, which is accessible from all of our emails.
The right to erasure - You (and any parent/guardian of a minor) have the right to request that we close your account and/or delete your personal information from our database. We will make all reasonable efforts to comply with this request. However, it may not be possible to delete an entry without some delay and without retaining some residual personal information necessary for our legitimate interests, such as backups and records of deletions (including to ensure we no-longer communicate with you) or because we are required or permitted to retain personal information for other lawful requirements.
The right to restrict processing – In certain circumstances, you have the right to request that we limit the way we use your data. This is an alternative to requesting the erasure of your data.
The right to data portability – This is not really relevant to the data the Club holds for you as the main purpose is to enable consumers to take advantage of applications and services which can use their personal data to help find a better deal (e.g. through price comparison websites), or gain a better understanding of your spending habits (e.g. through banking apps).
The right to object – At any time, you have the right to change your preference and opt-in or opt-out from receiving communications from us or third-parties. You can do this at any time by changing your preferences your personal profile page
Rights in relation to automated decision making and profiling – you have the right not to be subject to a decision when that is based on automated processing which produces a legal effect or a similarly significant effect on you without your consent. We can confirm that do not use your data to make automated decisions that could have this effect on you.
Retaining your personal data
We will keep the personal data you have provided for as long as we have a relationship with you. Once that relationship has ended we will only keep enough information needed to deal with any queries (e.g. to enable us to deal with any future complaints or queries you may have about any products or services you had from us in the past).
Special category (sensitive) information We do not intend to collect special category (also known as sensitive) personal information through our websites unless we are legally reqired to do so, or you volunteer this information to us in order for us to help improve your experience with the club.
An example of this is the ability for individuals to inform us of their disability or access requirements when using our sites and App, or accessing our stadium. Examples of special category information are: race or ethnic origin; political opinions; religious or philosophical beliefs; trade union membership; physical or mental health; genetic data; biometric data; sexual life or sexual orientation; and criminal records.
We may from time to time ask you questions regarding special category personal information, as part surveys with the Premier League, or our own internal surveys to help us with our equality and adversity objectives. This is entirely voluntary, and we’ll never record this type of information without your consent.
If you have any queries about this Policy, please contact the Data Protection Officer (contact details as above)
If you are dissatisfied with our response to any of your data privacy concerns you have the right to raise this with the Office of the Information Commissioner at Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF (https://ico.org.uk). We may need to change the terms of this Policy from time to time and changes will be posted on this page (and/or where appropriate, otherwise notified to you). This Policy was last updated September 2021.