Charity Number: 1204171 

Registered Office: 4 Canberra Close, Wellesbourne, Warwickshire, CV35 9TR

 

Privacy Notice

1. Who we are:

Wellesbourne Wanderers FC is a grassroots football club and registered charity. We collect and use personal information to run the club, support players and volunteers, and meet our legal obligations. We are the “data controller” under UK GDPR and the Data Protection Act 2018.

 

2. Information we collect:

 We may collect:

• Contact details (name, email, phone number, address)

• Player registration details (date of birth, medical information relevant to participation)

• Volunteer and coach details (qualifications, DBS checks)

• Donor and supporter information (Gift Aid declarations, donation records)

• Website usage data (via cookies, see Cookies Policy below)

 

3. How we use your information:

• To manage player registrations and participation in football activities

• To ensure safeguarding and welfare of children and vulnerable adults

• To communicate with members, volunteers, and supporters

• To process donations and claim Gift Aid

• To comply with legal and regulatory obligations

 

4. Lawful basis for processing:

 

We rely on:

• Consent (e.g., marketing emails, photos on social media)

• Contract (e.g., player registration forms)

• Legal obligation (e.g., safeguarding, Gift Aid records)

• Legitimate interests (e.g., promoting club activities)

 

5. Sharing your information:

​

 We only share data when necessary, for example with:

• The Football Association (FA) for player registration and safeguarding

• HMRC for Gift Aid claims

• Trusted service providers (e.g., website hosting, email systems)

 

6. Data retention:

We retain personal data only as long as necessary for the purpose collected, or as required by law (e.g., Gift Aid records for 6 years).

​

7. Your rights:

​

 You have the right to:

• Access your data

• Request correction or deletion

• Withdraw consent

• Object to processing

• Lodge a complaint with the Information Commissioner’s Office (ICO)

 

Cookies Policy

​

1. What are cookies?

Cookies are small text files placed on your device when you visit our website. They help us improve your experience, provide essential functionality, and allow us to understand how our site is used.

​

2. Types of cookies we use

• Essential cookies These are required for the website to function properly (e.g., login sessions, security).

• Analytics cookies We use tools such as Google Analytics to understand how visitors use our site, which helps us improve content and services.

• Advertising and sponsor-related cookies Our website displays information about our sponsors. Some sponsor links or embedded content may place cookies on your device to track engagement or measure advertising effectiveness. These cookies are non-essential and require your consent.

• Social media cookies If you share content from our site via platforms such as Facebook or Twitter, these platforms may set cookies to enable sharing and track usage.

 

3. Managing cookies

You can control cookies through your browser settings. Non-essential cookies require your consent, which you can withdraw at any time using our cookie banner.  You may:

• Block all cookies

• Allow only essential cookies

• Delete cookies after browsing

Non-essential cookies (analytics, advertising, social media) require your consent, which you can withdraw at any time using the cookie banner on our site.

 

4. Changes to this policy

We may update this Cookies Policy from time to time. Updates will be posted on our website.

​

Data Protection (GDPR)

​

1. Purpose 

This policy sets out how we comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 to ensure the lawful, fair, and transparent processing of personal data. Our aim is to protect the rights and freedoms of individuals whose data we hold, including beneficiaries, donors, volunteers, trustees, and staff.

​

2. Principles

We adhere to the following principles:

• Lawfulness, Fairness, and Transparency: Personal data will be processed lawfully, fairly, and in a transparent manner.

• Purpose Limitation: Data will only be collected for specified, explicit, and legitimate purposes.

• Data Minimisation: We will collect only the data necessary for our operations.

• Accuracy: We will keep data accurate and up to date.

• Storage Limitation: Data will not be kept longer than necessary.

• Integrity and Confidentiality: We will ensure appropriate security, including protection against unauthorised or unlawful processing, accidental loss, destruction, or damage.

 

3. Responsibilities

• Trustees: Act as Data Controllers, ensuring compliance with legal obligations.

• Data Protection Lead: Oversees data protection compliance, manages breaches, and responds to subject access requests.

• Volunteers and Staff: Must follow data handling procedures and report any concerns immediately.

 

4. Procedures

• Privacy Notice: Published on our website and provided to individuals when data is collected.

• Consent: Obtained where required, and records of consent maintained.

• Data Retention Schedule: Specifies how long different types of data are kept and when they are securely destroyed.

• Subject Access Requests: Responded to within one month, free of charge unless requests are excessive.

• Data Breaches: Serious breaches reported to the ICO within 72 hours; affected individuals notified where required.

• Third-Party Processors: Contracts include GDPR-compliant clauses.

• Training: All volunteers and staff receive data protection training annually.

 

5. Safeguarding and Vulnerable Individuals

We recognise that safeguarding is integral to data protection.

• Special Category Data: Health, safeguarding notes, and incident reports are processed only when necessary and with strict security measures.

• Access Control: Only authorised safeguarding officers and trustees can access sensitive safeguarding data.

• Retention: Safeguarding records are kept for the statutory period (usually 6 years after involvement ends) and then securely destroyed.

• Reporting: Any safeguarding-related data breach is treated as high priority and escalated immediately.

 

6. Data Categories

We process:

• Contact details (name, address, phone, email)

• Financial information (for donations)

• Health or safeguarding information (where necessary for activities)

• Volunteer and trustee details

Sensitive data is handled with extra care and only when strictly necessary.

 

7. Data Retention Schedule

​

 

​​

​

​

​

​

​

​

​

 

 

 

8. Security Measures

• Password-protected systems and encrypted storage.

• Restricted access based on role.

• Regular backups and secure disposal of paper records.

• Use of secure email for sensitive data.

 

 

9. Breach Response Flowchart

1. Identify Breach →

2. Contain & Assess Impact →

3. Notify Data Protection Lead →

4. Determine Severity

   • If serious → Report to ICO within 72 hours

   • If minor → Document internally

5. Notify Affected Individuals (if required) →

6. Implement Remedial Actions →

7. Review & Update Procedures

 

10. Review

This policy will be reviewed annually or sooner if regulations change or significant operational changes occur.

​

For questions or to exercise your rights, please contact: 

Wellesbourne Wanderers FC (Charity No. 1204171) 

Registered Office: 4 Canberra Close, Wellesbourne, Warwickshire, CV35 9TR

Email: info@wellesbournewanderersfc.co.uk