Cardiff City FC Community Foundation – Privacy Policy


  1. Introduction


This privacy policy (“Policy”) describes the types of personal data you provide and/or Cardiff City FC Community Foundation collect via your use of the Foundation website ( and what we may do with that personal data, along with your rights under the General Data Protection Regulations (GDPR).


The Foundation are Data Controllers of personal data collected by, or which you provide through, the Website, for the purpose of the Data Protection Act 1998 (“Data Protection Law”) and GDPR.

The Foundation respect and are committed to your privacy and so we ensure the data that we collect and store about you will be done so in a secure manner.

  1. About Us

References to “The Foundation”we”, “us” and “our” in this policy are all references to the Cardiff City FC Community Foundation.

The Foundation is a company and charity registered in England and Wales under company number 06799376 and charity number 1128443. Our registered office is The Pod, Capital Retail Park, Leckwith, Cardiff, CF11 8EG.

We, as a Data Controller can be contacted through our Data Protection Officer via email on [email protected].


  1. How we use your personal data

Personal data’ is any information relating to an identifiable person who can be directly or indirectly identified in particular by a reference to an identifier.  By submitting information and providing your explicit consent you agree to us using your personal data in accordance with this policy and the associated privacy notice(s) you are issued. The use of services accessed through the Website may require you to provide specific types of information. 

We request that the information you provide is as accurate as possible as this allows us to secure your privacy in relation to registered services by differentiating you from others, and creating a “profile” for you so that we can provide a personalised service when you visit the relevant parts of the Website and/or we send you emails. Periodically we may send you an email asking you to “Update your Details”.

Through our website we set out to use your personal information for five primary purposes:

To perform the services you have requested, such as sending you newsletters and further information about the Foundation.

The types of information we may require to collect may include, for example, your:

  • Name
  • Address
  • Email address
  • Gender
  • Date of birth
  • Telephone number
  • Card or other payment details in relation to goods, services or content access you purchase from us through the Website or otherwise.

The exact data that will be collected will always be contained within our privacy notices at the point of data collection.

We may also at times collect special category data such as: health, ethnicity and physical or mental disability. Where we do so you will be notified within the associated privacy notice. 

It is important to note that we will NEVER share your information with other third parties without your prior and explicit consent.

Below are some of the reasons why we collect your data:

To alert you to other information that might be of interest, including offers and promotions, relating to us, Cardiff City FC and/or commercial partners (where you have consented to this). For example, such information may include newsletters, offers, promotions, occasional surveys and other communications of potential interest from us, or our official partners.

To carry out market research so that we can improve the products and services we offer. Your feedback is valued and helps to shape the products, services and content access we offer or make available. You will have the right to opt-out of receiving or participating in our surveys at any time.

To manage and improve our Website and allow you to use the features on offer. Information we use for this purpose may include (for example) that about your computer and, where available, your IP address, operating system and browser type.

It is important to note that we may also supplement the information that you provide with other information that we obtain from our dealings with you or which we receive from other organisations such as our commercial partners, and group companies with your consent. The sharing of your information from such parties will be contained within their relevant privacy policy and associated privacy notices.

In addition, we reserve the right to perform statistical analysis of user behaviour and characteristics to measure interest in and use of the various areas of the Website and to ascertain the number of users that have visited particular web pages. We also keep track of what you do with our newsletters when you receive them for trends and statistics and to evaluate the efficiency of our newsletter and information service. For example, whether you open, delete, or access links contained in the newsletter. We may provide aggregated and anonymised data (not identifying any individual) only from these analyses to third parties.

Your data may also be available to our website provider to enable us and them to carry out analysis and research on demographics, interests and behaviour of our users and supporters to help us gain a better understanding of them to enable us to improve our services.  This may include connecting data we receive from you on the website to data available from other sources.  Your personally identifiable data will only be used where it is necessary for the analysis required, and where your interests for privacy are not deemed to outweigh their legitimate interests in developing new services for us.  In the case of this activity the following will apply:

  • Your data will be made available to our website provider
  • The data that may be available to them includes any of the data we collect as described above. 
  • Our website provider will not transfer your data to any other third party, or transfer your data outside of the EEA.
  • They will store your data for a maximum of 7 years.
  • This processing does not affect your rights under this privacy policy

  1. Lawful Basis

From 25th May 2018 we may only process your information providing we have a lawful basis (e.g. a legally permitted reason) for doing so. In relation to this policy our lawful basis for processing your personal data includes:

  • Where consent has been given to processing for a specific purpose(s)
  • Processing is important for the performance of a contract between us
  • Processing may be necessary to comply with the Foundation’s legal obligations
  • Processing may be necessary to protect someone’s vital interests
  • Processing is necessary to pursue the Foundation’s legitimate interests, where the individual’s rights do not override the interests of the Foundation. The purpose for processing data for legitimate interests will be highlighted within the appropriate privacy notice.

  1. Marketing Information

We will not share your personal identifiable information with third parties without your prior consent.

From time to time we would like to contact you to tell you more about the offers, services, products and other initiatives available to you, but we will only do so with your prior consent, obtaining this typically at the point of data collection.

  1. Cookies 

The Online Facilities use cookies. A cookie is a small file containing an identity code. With your consent, your computer accepts the cookie and stores it. When you next visit the relevant Online Facilities, the code is retrieved, allowing an individual visitor or computer to be recognised. Full information on which cookies we deploy is available in our Cookies Policy.

For further general information about cookies please visit:

  1. Links to third party websites & services

From time to time our website may contain links to other websites. We are not responsible or liable for the content, privacy policies or services offered by websites or apps other than the Foundation Website. We encourage you to read and familiarise yourself with the privacy policies, privacy notices, terms and conditions and/or other notices on other websites you visit. 

  1. Children and Young People

We realise and understand that children and young people, including those under 13 years of age (“minors”) may visit the Website, or otherwise interact with our partners and us.

It is our policy:

  • To encourage all minors to consult with their parents or legal guardian before submitting or requesting any content or information to/from us, our commercial partners or other third parties. Users of the Website or certain services on them, who indicate they are a minor may be asked to provide a valid email address for their parent or guardian so that we may (providing they have their parent or guardian’s permission) verify parental consent, where required;
  • Not to make a minor's participation in our activity contingent on the child disclosing any more personal information than is reasonably necessary in order to do so. Anyone known to be a minor may be allowed to participate in certain competitions and promotions, but notification of a win or prize may be sent directly to the parent or legal guardian identified in the initial registration process. Publication of a winning minor’s personal details will require parental or legal guardian consent;
  • Not to actively market to minors; and
  • Not use (or pass to any third party) personal information on persons known to be minors for any commercial purposes.

Parents or legal guardians should supervise minors when online and we recommend parental control tools be put in place. Any minor using the Website and services offered is confirming that they have received the consent of their parent or a guardian to do so.

  1. Storing, retaining and protecting your personal data

As a Foundation we are committed to protecting the security of your personal data, which is held in secure data centres in the European Union in accordance with current legislative requirements, industry standards and technology. We will keep the personal data you have provided for as long as we have a relationship with you, or as outlined within the relevant privacy notice you have been issued. Once that relationship has ended we will only retain it in accordance with this Policy only for as long as we reasonably require and it will then be deleted and destroyed.


  1. How we protect your data

Once it is received we store your personal data as set out in this Policy. We will take all reasonable steps to protect your data, but cannot guarantee the complete security of our databases, nor that information you supply may not be intercepted while being transmitted to us over the internet.

If we have given you a password to access certain parts of the Online Facilities, you are solely responsible for keeping the password safe and make sure you use a secure browser.

  1. Sharing your information

We have already outlined under what circumstances your personal information may be shared with our commercial and official partners, if you have consented to doing so. In addition to this, there are some other reasons why we may disclose your personal information to third parties and these are as follows:

  • To appoint other organisations to carry out some data processing activities on our behalf. For example, mailing services, payment processing, hosting service providers, other relevant partners used to help us deliver the Website to you;
  • If we are under a duty to disclose or share your personal data to comply with any legal obligation, or to enforce or apply any of our other applicable terms and conditions for products, services, content or access provided by us (for example our ground regulations) and other agreements; and/or
  • To protect the rights, property, or safety of us, our commercial partners, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

Where we share your personal information with third parties, we will take reasonable steps to ensure that it is properly protected and processed in accordance with this Policy.

  1. Information about other individuals

If you provide us with information on behalf of a third party, you confirm that the third party has appointed/consented to you to act on their behalf to:

  • Provide consent to processing of their information
  • Receive any privacy notices on their behalf

  1. You’re in control of your data - your rights

Stay informed - We will keep you informed through the issue of a privacy notice and relevant updates accordingly.

Accessing Your Personal Information - You have the right to access the information that we hold and/or process about you.

Rectifying your Personal Information - You have the right to ask that the information we hold about you that is inaccurate is corrected by updating/changing your profile preferences or by contacting us as above. We encourage you to update your personal information promptly if it changes.

Restrict your data being processed – You have the right to suspend the processing of your personal data, this may be done in instances where you would to challenge the accuracy of the information we hold about you.

Object to your data being processed – You have the right to request that the Foundation stops processing your personal data. This may be the case where the Foundation is relying on legitimate interest as the lawful basis for processing.

Data Portability – You have the right to request that your data can be transferred to another party to be used across different services for your own purposes.

Not be subject to automated processing – The Foundation will always obtain your consent before processing your data.

Prevent Direct Marketing – You can at any time opt not to receive direct marketing from the Foundation.

Closing Your Account/Deleting Your Personal Information - You (and any parent/guardian of a minor) have the right to request that we close your account and/or delete your personal information from our database (“right to erasure”). We will make all reasonable efforts to comply with this request. However, it may not be possible to delete an entry without some delay and without retaining some residual personal information necessary for our legitimate interests, such as backups and records of deletions (including to ensure we no-longer communicate with you) or because we are required or permitted to retain personal information for other lawful requirements. If this is the case, we will let you know.

There is no fee attached to any of the above actions, except in instances where your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.


We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

  1. 14. Changes to this policy

We commit to reviewing this policy at least annually with any changes posted on this page (and/or where appropriate, otherwise notified to you).

This Policy was last updated on 24th May 2018.

  1. Get in Touch

The Foundation has a Data Protection Officer to oversee compliance with this privacy notice. If you have any questions about this notice or how the Foundation handle your personal data the contact details for the officer can be found below:


Data Protection Officer

The Pod

Capital Retail Park



CF11 8EG

[email protected]


Please include your name, address, and/or email address when you contact us.

  1. Complaints

If you wish to raise a complaint relating to how we have handled your data, you can contact the Foundation’s Data Protection Officer who will investigate your complaint.


If you are unsatisfied with our response or believe we re processing your data not in accordance with the law, you can raise a complaint with the Data Commissioner’s Office (ICO):


Wycliffe House

Water Lane





029 2067 8400 (Wales Helpline) or 0303 123 1113 (UK Helpline)

Please contact us with any questions.



To be reviewed annually