Introduction

This privacy policy (“Policy”) describes the types of personal data you provide and/or Cardiff City FC Community Foundation collect via your use of the Foundation website and what we may do with that personal data and your rights.

The Foundation are Data Controllers of personal data collected by, or which you provide through, the Website, for the purpose of the Data Protection Act 1998 (“Data Protection Law”). 

References to “we”, “us” and “our” in this policy are all references to the Cardiff City FC Community Foundation.

‘Personal data’ is defined in the Data Protection Law and is essentially information from which an individual person can be identified. By submitting information and/or continuing to use the Online Facilities, you signify your consent to us using your personal data in accordance with the below.

We may need to change the terms of this Policy from time to time and changes will be posted on this page (and/or where appropriate, otherwise notified to you). Your continued use of the Website will be deemed to be acceptance of amendments we make. This Policy was last updated on 4th April, 2017.

How we use your personal data

Use of services accessed through the Website may require you to provide specific types of information. 

We request that the information you provide is as accurate as possible as this allows us to secure your privacy in relation to registered services by differentiating you from others, and creating a “profile” for you so that we can provide a personalised service when you visit the relevant parts of the Website and/or we send you emails. Periodically we may send you an email asking you to “Update your Details”.

We use information about you for five primary purposes:

  1. To perform the services you have requested, such as sending you our newsletters and other information about our competitions and us. The type of information we may require and use might include, for example, your name, address, email address, gender, date of birth, telephone number and card or other payment details in relation to goods, services or content access you purchase from us through the Website or otherwise. We will NEVER share your financial information with other third parties for any reason other than processing transactions, fraud and credit risk protection, unless we have your consent.
  2. To enable you to participate in chat rooms, forums, message boards, and/or news groups (if any, as we may make available for that purpose from time to time) on the Website on which you can post information and, where we deem necessary, to respond to any such posts you make.
  3. To alert you to other information, including offers and promotions, relating to us, Cardiff City FC and/or commercial partners (where you have agreed to this). See below heading ‘Marketing Information’ for more information about this. For example, such information may include newsletters, offers, promotions, occasional surveys and other communications of potential interest from us, or our official partners and/or The Football League Trust (company number 06466997) (“EFLTrust”) being a charity registered at the same address as the EFL and EFL Digital.
  4. To carry out market research so that we can improve the products and services we offer. Your feedback is valued and helps to shape the products, services and content access we offer or make available. You will have the right to opt-out of receiving or participating in our surveys at any time.
  5. To manage and improve the Website and allow you to use the features on offer. Information we use for this purpose may include (for example) that about your computer and, where available, your IP address, operating system and browser type.

 

We may also supplement the information that you provide with other information that we obtain from our dealings with you or which we receive from other organisations such as our commercial partners, and group companies (including EFL and the Trust).

In addition, we reserve the right to perform statistical analysis of user behaviour and characteristics to measure interest in and use of the various areas of the Website and to ascertain the number of users that have visited particular web pages. We also keep track of what you do with our newsletters when you receive them for trends and statistics and to evaluate the efficiency of our newsletter and information service. For example, whether you open, delete, or access links contained in the newsletter. We may provide aggregated and anonymised data (not identifying any individual) only from these analyses to third parties.

Your data may also be available to our website provider to enable us and them to carry out analysis and research on demographics, interests and behavior of our users and supporters to help us gain a better understanding of them to enable us to improve our services.  This may include connecting data we receive from you on the website to data available from other sources.  Your personally identifiable data will only be used where it is necessary for the analysis required, and where your interests for privacy are deemed to outweigh their legitimate interests in developing new services for us.  In the case of this activity the follow will apply:

a)Your data will be made available to our website provider

b)The data that may be available to them include any of the data we collect as described above. 

c)Our website provider will not transfer your data to any other third party, or transfer your data outside of the EEA.

d)They will store your data for a maximum of 7 years.

e)This processing does not affect your rights under of this privacy policy

 

Marketing Information

We do not sell, rent, or otherwise provide personally identifiable information to third-parties without your consent, except only as set out in the ‘Disclosing (Sharing) Your Information’ section below.

From time to time we would like to contact you to tell you more about the offers, services, products and other initiatives available to you.

Cookies 

The Online Facilities use cookies. A cookie is a small file containing an identity code. With your consent, your computer accepts the cookie and stores it. When you next visit the relevant Online Facilities, the code is retrieved, allowing an individual visitor or computer to be recognised. Full information on which cookies we deploy is available in our Cookies Policy.

Links to third party websites & services

We are not responsible or liable for the content, privacy policies or services offered by websites or apps other than the Foundation Website. We encourage you to read and familiarise yourself with the privacy policies, terms and conditions and/or other notices on other websites you visit. 

Children and Young People

We realise and understand that children and young people, including those under 18 years of age (“minors”) may visit the Website, or otherwise interact with us and our commercial partners.

It is our policy:

  1. to encourage all minors to consult with their parents or legal guardian before submitting or requesting any content or information to/from us, our commercial partners or other third parties. Users of the Website or certain services on them, who indicate they are a minor may be asked to provide a valid email address for their parent or guardian so that we may (providing they have their parent or guardian’s permission) verify parental consent, where required;
  2. not to make a minor's participation in our activity contingent on the child disclosing any more personal information than is reasonably necessary in order to do so. Anyone known to be a minor may be allowed to participate in certain competitions and promotions, but notification of a win or prize may be sent directly to the parent or legal guardian identified in the initial registration process. Publication of a winning minor’s personal details will require parental or legal guardian consent;
  3. not to actively market to minors; and
  4. not use (or pass to any third party) personal information on persons known to be minors for any commercial purposes.

 

Some of the facilities or functions accessible through the Website (including betting facilities advertised or accessed through it) are not intended to be accessible by, nor are they actively advertised to, minors.

Parents or legal guardians should supervise minors when online and we recommend parental control tools be put in place. Any minor using the Website and services offered is confirming that they have received the consent of their parent or a guardian to do so.

Storing and retaining your personal data

We are committed to protecting the security of your personal data, which is held in secure data centres in the European Union in accordance with current legislative requirements, industry standards and technology. We will keep the personal data you have provided for as long as we have a relationship with you. Once that relationship has ended we will retain it in accordance with this Policy only for as long as we reasonably require and it will then be deleted and destroyed.

Some of the organisations to which we may disclose your personal information may be situated outside of the European Economic Area, in countries which may not have laws that protect privacy rights in the same manner as in the United Kingdom. We will however take reasonable steps to ensure that your information is still properly protected.

Security

Once it is received we store your personal data as set out in this Policy.

We cannot guarantee the complete security of our databases, nor that information you supply may not be intercepted while being transmitted to us over the internet.

If we have given you a password to access certain parts of the Online Facilities, you are solely responsible for keeping the password safe and make sure you use a secure browser.

Disclosure (sharing) of your information

We have already described in the ‘Marketing Information’ section of this Policy under what circumstances your personal information may be shared with our commercial and official partners, if you have agreed.

In addition, there are some other reasons why we may disclose your personal information to third parties and these are as follows:

  • to other companies within our corporate group including Cardiff City FC & EFL Trust);
  • to appoint other organisations to carry out some data processing activities on our behalf. For example, mailing services, payment processing, hosting service providers, other relevant partners used to help us deliver the Website to you and to check your details against the Telephone Preference Service;
  • If we or substantially all of our assets are acquired by a third party, in which case personal data held by us about customers will be one of the transferred assets;
  • If we are under a duty to disclose or share your personal data to comply with any legal obligation, or to enforce or apply any of our other applicable terms and conditions for products, services, content or access provided by us (for example our ground regulations) and other agreements; and/or
  • to protect the rights, property, or safety of us, our commercial partners, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

 

Where we share your personal information with third parties we will take reasonable steps to ensure that it is properly protected and processed in accordance with this Policy.

Your rights to:

All requests set out in this section or other queries relating to this Policy should be addressed to Tracey Wellbeloved, The Pod, Capital Retail Park, Leckwith Road, Cardiff, CF11 8EG or tracey.wellbeloved@cardiffcityfc.org.uk. Please include your name, address, and/or email address when you contact us.

Access Your Personal Information:

You have the right to see a copy of the information that we hold about you. We may charge a small fee towards the cost of administering any request you make which is manifestly unfounded, excessive or repetitive.

Update and Amend Your Personal Information:

You have the right to ask that the information we hold about you is corrected by updating/changing your profile preferences or by contacting us as above. We encourage you to update your personal information promptly if it changes.

Close Your Account/Delete Your Personal Information:

You (and any parent/guardian of a minor) have the right to request that we close your account and/or delete your personal information from our database. We will make all reasonable efforts to comply with this request. However, it may not be possible to delete an entry without some delay and without retaining some residual personal information necessary for our legitimate interests, such as backups and records of deletions (including to ensure we no-longer communicate with you) or because we are required or permitted to retain personal information for other lawful requirements.

If you are dissatisfied with our response to any of your data privacy concerns you have the right to raise this with the Office of the Information Commissioner at Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF (https://ico.org.uk).

Cookies Policy

This Cookies Policy applies to the Foundation’s Website.

The Website use cookies. A cookie is a small file containing an identity code. With your consent, your device accepts the cookie and stores it. When you next visit the website, the code is retrieved, allowing an individual visitor or device to be recognised. 

Cookies are used for a variety of purposes, including providing personalised web pages and recognising your choice of language. Cookies do not cause harm to your device, but, if you wish to stop your computer accepting cookies, go to the help section of your internet browser (for example, Internet Explorer or Firefox) where you will find information on how to do this. 

Site Cookies

In the context of the Site, the following cookies are deployed:

 

Cookie

Name

Description

Duration

ASP.NET_SessionId

ASP.NET_SessionId

Session cookie sent to the web browser. Used when you open the browser and then go to a website that implements ASP.NET session state. This cookie is deleted when you close your browser.

Session

Session ID

JSESSIONID

Cookie used by web server to maintain HTTP session state.

Session

EPiServerLogin

EPiServerLogin

This cookie is associated with the EpiServer content management system. It is set when a visitor logs in to a protected area of a site.

Session

ARRAffinity

ARRAffinity

This cookie is set by websites run on the Windows Azure cloud platform. It is used for load balancing to make sure the visitor page requests are routed to the same server in any browsing session.

Session

__RequestVerificationToken

__RequestVerificationToken

This is an anti-forgery cookie set by web applications built using ASP.NET MVC technologies. It is designed to stop unauthorised posting of content to a website, known as Cross-Site Request Forgery. It holds no information about the user and is destroyed on closing the browser.

Session

__atuvc

__atuvc

This cookie is associated with the AddThis social sharing widget which is commonly embedded in websites to enable visitors to share content with a range of networking and sharing platforms.

2 years

__atuvs

__atuvs

This cookie is associated with the AddThis social sharing widget which is commonly embedded in websites to enable visitors to share content with a range of networking and sharing platforms.

1 month

__epiXSRF

__epiXSRF

Protects against Cross-site Request Forgery (XSRF)

Session

OPTAW_gaCookie

OPTAW_gaCookie

This cookie is associated with the Opta performance widgets. It is used by Opta to determine which webpages the widgets are being loaded from.

2 years

UserID

UserID

Randomly generated user id cookie for ADITION Ad Serving

180 Days

Username

UserName

When user checks “Keep Me Signed In”, this cookie stores the username value. If user is signed out, we use this cookie to prepopulate the username field for subsequent authentication

90 days

Iv_CampaignID

Iv_

Campaign ID of the served ad for postracking campaigns for ADITION Ad Serving

180 Days

fc

fc

Contains information for frequency capping contains for ADITION Ad Serving

180 Days

__cfduid

__cfduid

Cloudflare CDN security cookie

1 year

videoaccesslevel

videoaccesslevel

Used to track video access level for front-end display purposes only

Session

videologgedin

videologgedin

Used to track if user is logged in for front-end display purposes only

Session

videosession

videosession

A unique ID for video analytics to identify the user

Session

videotoken

videotoken

a cookie to store the user’s OAUTH video access token before being put in local storage (

Briefly after log in

videorefreshtoken

videorefreshtoken

a cookie to store the user’s OAUTH refresh access token before being put in local storage

Briefly after log in

_ga

_ga

This cookie is used to distinguish unique users by assigning a randomly generated number as a client identifier. It is included in each page request in a site and used to calculate visitor, session and campaign data for the sites analytics reports.

2 years

cookieconsent_status

 

Created by the Cookie Consent widget and enables you to accept our cookie statement once every year.

1 year

Link Token

nllinktoken

When user checks “Keep Me Signed In”, this cookie stores the user authentication token used for automatic sign in across browser sessions.

90 Days

Referral

refer

Used for referral tracking and conversion. Inbound referral URL clickthroughs will result in this cookie being generate. Any conversions will be attributed to the referrer of the referral URL

2 Days

_gat

_gat

Used by Google Analytics to throttle request rate.

10 minutes

_dc_gtm

_dc_gtm

Used by Google Tag Manager to distinguish users and events on the website and analyse how users interact with the website.

End of session

OPTAW_gaCookie

OPTAW_gaCookie

This cookie is associated with the Opta performance widgets. It is used by Opta to determine which webpages the widgets are being loaded from.

2 years

OPTAW_gaCookie_gid

OPTAW_gaCookie_gid

This cookie is used by Opta to distinguish visitors viewing webpages the widgets are being loaded from.

24 hours

_gid

_gid

Used by Google Analytics to distinguish site users.

24 hours

_gat
_gat_UA-nnnnnnn-nn

_gat
_gat_UA-nnnnnnn-nn

Used by Google Analytics to monitor request rates toward their servers.

10 mins

SnapABugRef

SnapABugRef

Used by SnapEngage Chat for tracking of origin and site entry.

2 hours

SnapABugChatSession

SnapABugChatSession

Used by Snap Engage Chat for tracking of chat in progress.

 

SnapABugNoProactiveChat

SnapABugNoProactiveChat

Used by Snap Engage Chat - flag to avoid proactively prompting visitors again.

30 mins

SnapABugChatPoll

SnapABugChatPoll

Used by Snap Engage Chat for tracking of the chat in progress transcript position.

16 mins

SnapABugChatMessage

SnapABugChatMessage

Used by Snap Engage Chat for message type by visitor persistence across pages.

16 mins

SnapABugChatView

SnapABugChatView

Used by Snap Engage Chat for checking logic handling.

16 mins

SnapABugHistory

SnapABugHistory

Used by Snap Engage Chat to keep track of the visitor visits and last chats to present history to agent.

1 year

SnapABugVisit

SnapABugVisit

Used by Snap Engage Chat for chat detection.

Session only

SnapABugUserEmail

SnapABugUserEmail

Used by Snap Engage Chat for visitor email address used to prepopulate the pre-chat window.

1 year

SnapABugBanned

SnapABugBanned

Used by Snap Engage Chat for tracking of visitor banned for chatting (banned by agent ban command).

30 days

videocheckloggedin

videocheckloggedin

A cookie to help with login after package purchase

Session or shorter

videocheckingloggedin

videocheckingloggedin

A cookie to help with login after package purchase

1 minute

Google Analytics

Google Analytics uses traffic log cookies to gain information about the use that is made of pages on the Foundation Website. We use the information from these cookies to generate reports on the usage of the Foundation Website, which are used for evaluation and analysis. The purpose is to improve the Website by tailoring them to the needs of users.

In such cases, no data which is itself specific to any identifiable user is retained.

In addition to standard analytics parameters, we receive data via Google Analytics Advertising Features including information about 'Demographics and Interest Reporting' which gives us greater insight into the types of visitors we receive.

As a user you can opt out of this process of collecting traffic log data. To do so please visit the  following site which provides a browser add-on that enables a user to opt out -

http://tools.google.com/dlpage/gaoptout

Miscellaneous

All modern browsers allow you to change your cookie settings. These settings will typically be found in the 'options' or 'preferences' menu of your browser. To understand these settings, the following links may be helpful, otherwise you should use the 'Help' option in your browser for more details.

Cookie settings in Internet Explorer

Cookie settings in Firefox

Cookie settings in Chrome

Cookie settings in Safari

Cookie settings in Edge

 

We do not recommend turning cookies off when using the Website, as this will prevent you from using many of the services on the Foundation Website to which the cookies apply.

For further information about cookies and how to control their use, please visit the following third party educational resources: www.allaboutcookies.org  and www.youronlinechoices.eu