Community Foundation

Privacy Policies

Jump to Participant Privacy Policy
Jump to General Privacy Policy

Participant Privacy Policy

Background

This Privacy Policy is issued by Colchester United Community Foundation (referred to as “CUCF”, “we”, “us” and “our” in this Privacy Policy), the official charity partner of Colchester United Football Club, which operates in the United Kingdom. 

When we use the terms in this policy such as “you” and “your” and “yourself” concerning the collection and utilisation of your personal information and privacy rights, it encompasses both your personal information and that of your child. The term “child” may also refer to a child for whom you are the appointed legal guardian or conservator.

This policy relates to your personal information that you provide to us when you register your child or when your child attends one or more of the educational programmes we offer, as well as any personal information that we may collect directly from you in our capacity as the organiser of the various classes, activities and events.

Your information will be held by CUCF. This policy outlines how we commit to safeguarding your personal information, including what you share about yourself, what we learn during our interactions with you when you book one or more of our activities, classes, or events, and any preferences you communicate regarding the marketing materials you wish to receive. Additionally, this policy informs you about your privacy rights and how the law protects you.

Content 

1. ABOUT THIS POLICY
2. ABOUT COLCHESTER UNITED COMMUNITY FOUNDATION
3. WHAT INFORMATION DO WE GATHER AND HOW DO WE COLLECT IT?
4. WHEN DO WE NEED TO COLLECT YOUR SENSITIVE INFORMATION?
5. HOW THE LAW PROTECTS YOU
6. HOW WE USE YOUR INFORMATION
7. HOW WE SHARE YOUR INFORMATION OUTSIDE OF CUCF
8. MARKETING
9. YOUR RIGHTS
10. HOW WE LOOK AFTER YOUR INFORMATION
11. HOW LONG WE KEEP YOUR INFORMATION FOR
12. HOW TO CONTACT US

1. 1. ABOUT THIS POLICY

      1. Scope of this policy

         This Privacy Policy relates to our use of any personal information we collect in relation to our educational programmes via the following services:

         • any CUCF website that links to this Policy (“Websites”); or
         • social media or CUCF content on other websites relating to our programmes; or
         • when you register to attend an educational programme that we offer
         • when you provide personal information directly to us in connection with one of our programmes
         • when you provide personal information whilst attending one of our programmes

         It also relates to our use of any personal information we collect through other means, such as

         • Email
         • In person
         • Other third-party sources.

         We have approached our Privacy Policy with brevity and clarity in mind.  If you would like any additional information or explanation or would like us to answer any questions you may have please contact us using the details provided (see the “HOW TO CONTACT US” section below).

      2. Policy updates

         We will keep this Privacy Policy under regular review to make sure we are being transparent about how we use your personal information. A copy of our Privacy Policy can be requested at dpo.cf@colchesterunited.net

   2. ABOUT COLCHESTER UNITED COMMUNITY FOUNDATION

      1. Who are we?

         We are Colchester United Community Foundation, and our registered charity number is 1159381.  We are the official charity partner of Colchester United Football Club.  We aim to get our community engaged in the wide range of activities we offer and in turn lead active and healthier lifestyles through our four main strands of delivery; Sports Participation, Education, Health and Inclusion and Facility Hire.

         You will find our registered address below. 

      2. Who’s the Data Controller?

         For the purposes of data protection laws, we are the Data Controller for all personal information that we collect, use and/or otherwise process about you under this Privacy Policy.

         When you register to attend one of our programmes on the Class4Kids booking platform we are a Joint Data Controller with Class4Kids. Class4Kids share your information with us (that you provide on the Class4Kids platform) so that we can deliver classes effectively and efficiently. We will also share any personal information you provide to us with ClassforKids when you register to attend an activity we offer on the ClassforKids booking platform or when you provide to us directly whilst attending the class. You can find out more information about Class4Kids Limited and how they use your information on their website. 

         When you register to attend one of our programmes on the EFL Official Soccer Schools we are a Joint Data Controller with The Football League (Community) Ltd (EFL Trust). 

   3. WHAT INFORMATION DO WE GATHER AND HOW DO WE COLLECT IT?

      1. What types of information do we collect about you?

         The type of information we collect about you depends on the nature of your interactions with us. Depending on the circumstances, we may receive or collect personal information about you, when you contact us for example by doing any of the following:

         Information you give to us:

         • When you register for your child to attend an activity organised by us or on our behalf that we offer at your school, on the Class4Kids and the EFL Trust Official Soccer Schools booking platforms; or
         • When you contact us with an enquiry regarding an activity we offer
         • When you talk to us on the phone or in our offices about an activity we offer
         • When you use our websites or any mobile device apps or social media sites relating to activities we offer.
         • In emails and letters.
         • In surveys that we may undertake relating to our programmes.

         Information we may collect when you use our services:

         • Your contact details such as name, address, telephone number, email address, emergency contact information
         • Your child’s details such as name, date of birth, gender, ethnicity, disability/impairment or accessibility needs, dietary requirements including health and any health conditions.
         • Information we record when we make notes relating to your child attending activities.
         • Information we receive from questionnaires/feedback when your child attends one of our activities.
         • Payment and transaction data.
         • Profile and usage data when you connect to our websites or any mobile and telephone services. It also includes other data about how you use those services. We gather this data from devices you use to connect to those services, such as computers and mobile phones, using cookies and other internet tracking software.

         Information we collect during the course of providing our services:

         • Any images collected by CCTV installed at our offices or at venues operated by us.
         • Any images collected when we film classes or when we take photographs. (We only do this if you have given us your consent to do so.)
         • Case study information including quotes and testimonies (We only do this if you have given us your consent to do so.)

         Information from third parties we may work with:

         • Booking platform partners such as Class4Kids and the EFL Trust.
         • Medical practitioners (if you become unwell or suffer an injury while taking part in an event or activity organised by us).
         • Government and law enforcement agencies.
         • Feedback passed to us by third parties who may organise activities and events on our behalf.
         • Feedback from coaches running our courses

      2. Personal information about others

         We may collect information from you about others, such as members of your household or family (if you are booking a member of your family on one of our courses or when you provide their details as emergency contacts or if they are collecting a child at the end of a day).  If you give us information about another person it is your responsibility to ensure and confirm that:

         • you have either told the individual who we are and how we use personal information, as set out in this Privacy Policy; and have permission from the individual to provide that personal information (or any sensitive personal data) to us and for us to process it, as set out in this policy; or
         • you are otherwise satisfied that you are not in breach of data protection legislation by providing the information to us.
   4. WHEN DO WE NEED TO COLLECT YOUR SENSITIVE INFORMATION?

      In certain circumstances, we will collect information that is deemed sensitive. This is most likely to include your gender, ethnicity, information about your health (for example if you take part in an event or activity organised by us).

      We seek to limit any sensitive personal information that we collect and, unless we have other specific lawful reasons to use this information (such as in an emergency situation), we will ask for your consent to collect it.

   5. HOW THE LAW PROTECTS YOU

      Your privacy is protected by law. This section provides an overview of how that protection works.

      Data protection law states that we are only allowed to use personal information if we have a proper reason to do so. This includes sharing it outside CUCF. The law states that we must have one or more of the following reasons:

      • when you consent to it; or
      • to fulfil a contract we have with you, or
      • when it is our legal duty, or
      • when it is in our legitimate interest.

      A legitimate interest is when we have a business or commercial reason to use your information. But even then, it must not unfairly go against what is best or right for you. If we rely on our legitimate interest, we will tell you what that is. The section below (“How We Use Your Information) contains a list of the ways in which we may use your personal information, and the reasons we rely on to do so. This is also where we tell you what our legitimate interests are.

   6. HOW WE USE YOUR INFORMATION

      We will only use your personal information fairly and where we have a lawful reason to do so. We are allowed to use your personal information if we have your consent or another legally permitted reason applies. These include to fulfil a contract we have with you, when we have a legal duty that we have to comply with, or when it is in our legitimate business interest to use your personal information. We can only rely on our legitimate business interest if it is fair and reasonable to do so.

      We may use information in the following ways:

      Uses of personal information	Our lawful basis for using your personal information
      · To plan and deliver the programmes, activities, events and services we provide including event administration and governance. · To monitor and conduct impact assessments about the services we provide; report on equality of opportunities. · To send information to parents about our classes, events and activities, such as changes to venues, times, cancellations, etc. · To manage and administer our business relationships including to communicate with our staff (such as coaches and volunteers) · To provide training and development to our staff and volunteers. · To administer billing and payments including to collect and recover money that is owed to us and to keep records.	To fulfil our contract with event and programme organisers/funders, to fulfil our agreements with those people who book activities and events with us including schools and direct participants, and to comply with legal and regulatory obligations including accounting, tax and data protection.
      · To safeguard children and individuals at risk. · To help us identify, investigate, report and seek to prevent crime. · To comply with laws and regulations that apply to us.	To comply with our legal and regulatory obligations including crime prevention, fraud, data protection law and safeguarding children.
      · To use participant stories and experiences to monitor and report the impact of our work and publicise the programmes/events and services we offer.	Where you have consented to use your images/video footage. Where you have consented to your story (Case Study) including participant stories, interviews.
      · To promote our services to individuals, including by email updates and newsletters; and to invite you to events and activities that we may organise from time to time.  This may include surveys to obtain feedback from you. · To identify services, activities and events which may be of interest to you and provide you with information about those services and events.	Where you have consented and expressed a preference to receive marketing communications; or if we feel it is appropriate and relevant to our business relationship with you on the basis of our legitimate interests to operate our business in an efficient way.
      · To run our business in an efficient and proper way (e.g. auditing, managing our business capability, managing risk for us and those we work with, managing our finances, planning, communications with service providers, staff and other individuals, responding to complaints and seeking to resolve them).	On the basis of our legitimate interests to operate our business in an efficient way.
      · To maintain lists to ensure that you do not receive communications from us where you have objected to this or have unsubscribed.	To safeguard your rights and comply with our legal obligations.
      · To exercise our rights contained in agreements or contracts, website terms of use and other terms and conditions of business. This may include complying with agreements with our service providers/suppliers and individuals.	Fulfilling contracts or to protect our legal interests.
      · To ensure security and protect our business interests.	In certain circumstances, we may use your information to ensure the security of our services, offices and people, including to protect against, investigate and deter fraud, unauthorised or illegal activities, systems testing, maintenance and development (on the basis of our legitimate interests to operate a safe and lawful business or where we have a legal obligation to do so).
      · Sharing personal data if we decide to sell or transfer part of all of our business.	When needed to comply with our legal obligations and to facilitate the transaction.
      · For other purposes that we have identified when we collect the information.	Where we have your consent

      Groups of personal information

      We collect and use lots of different types of personal information.  Personal information is any information that relates to you and that identifies you either directly from that information or indirectly, by reference to other information that we have access to. The personal information that we collect, and how we collect it, depends upon how you interact with us. Categories of personal information that we may collect include:

      Contact	Such as your name, the name of any child that you register on our programmes or activities, email address and telephone number.  Emergency contact details for any child that you register.
      Contractual	Details about the services we provide to you or programmes that we offer.
      Behavioural	Details about how you use our services and programmes.
      Photographs	We may process photographs taken at activities or events, unless you have told us not to take photographs of you or of a child.
      Communications	What we learn about you from letters, emails, conversations between us, feedback and survey responses and case studies.
      Usage data	Other data about how you use our services.
      Documentary data	Details about you which are stored in documents that we may ask for in different formats, or copies of them.
      Special types of data	The law and other regulations treat some types of personal information as special. We will only collect and use these types of data if the law allows us to do so. Special category data includes gender, ethnicity, health/medical data (for example, details of medication that you or a child are taking or if you or a child has allergies).
      Consents	Any permissions, consents, or preferences that you give us. This includes things like how you want us to contact you.
      Financial	Billing and financial information such as billing address, bank account and payment information.

   7. HOW WE SHARE YOUR INFORMATION OUTSIDE OF CUCF

      1. If you use or book the services we offer or the activities we organise, your personal information may be shared with and processed by persons that are not CUCF employees but who work for or on behalf of CUCF such as consultants, contractors or volunteers that we use in connection with the programme and services we provide.  Your information may also be disclosed when we believe in good faith that the disclosure is:

         • required by law;
         • safeguarding children and individuals at risk;
         • to protect the safety of our employees, the public or CUCF property;
         • required to comply with a judicial proceeding, court order or legal process; or
         • in the event of a merger, asset sale, or other related transaction; or
         • for the prevention or detection of crime (including fraud).

         We may also share your personal information when you have consented to us doing so.

         We share your personal information with other parties where we are Joint Data Controllers. This means the parties together jointly determine how and why your personal information is used for a common purpose. We have Data Sharing Agreements in place with our Joint Data Controllers and they are named in Clause 2.2 Who’s the Data Controller?

         We may disclose your information to third party suppliers or service providers to conduct our business, for example, to assist in managing and storing data, provide data analytics, conduct market research and to communicate with you effectively. 

         We use an external provider for our human resources, IT and financial services.

         In addition, unless you opt out of receiving direct marketing, we may share your information with third parties who help run any marketing campaigns.

         Where we do share your information with third parties, we will wherever possible require them to maintain appropriate security to protect your information from unauthorised access or processing.

         When you make a payment online to attend one of our activities that we offer your payment card details are collected directly by Stripe, our payment provider. We do not store your payment card details. Stripe is the Data Controller for this data and they refer to you as the End Customer in their Privacy Policy which is available on the following link https://stripe.com/gb/privacy Note: Are the EFL going to allow us to Stripe for OSS, contract said we had to use their provider.

      2. If you choose not to give personal information

         We may need to collect personal information by law, or under the terms of a contract we have with you.

         If you choose not to give us this personal information, it may delay or prevent us from meeting our obligations.

         Any data collection that is optional would be made clear at the point of collection.

      3. Transferring data outside of the UK

         We are based in the United Kingdom.  If we need to transfer your personal data outside of the United Kingdom we will only do so under the following circumstances:

         • where the transfer is to a country or other territory which has been assessed by the European Commission (or an equivalent UK body) as ensuring an adequate level of protection for personal data; or
         • with your consent or
         • on the basis that the transfer is compliant with the UK GDPR, the Data Protection Act 2018 and other applicable laws.
   8. MARKETING

      1. When you will hear from us

         We may from time to time provide you with updates and offers on CUCF’s services, events and other activities via marketing tailored to you, whether through online services or by direct marketing (e.g. phone, e-mail, text, post) and use information we hold about you to help us identify, tailor and package the services and activities or events that may be of interest to you.  We will only do this if you have indicated that you are happy to receive marketing communications from us – that is, if you have either:

         • attended events or participated in the activities that we run and have not told us that you don’t want to hear from us; or 
         • signed up to receive marketing communications from us and have not later told us that you don’t want to hear from us.  

         We will not use sensitive personal details (such as information relating to your health record) in order to provide you with marketing unless you have given your explicit consent to allow us to use this information for these purposes.

      2. Opting out of or withdrawing your consent in relation to marketing

         If you no longer want to hear from us, you can opt out or unsubscribe by:

         • following the “unsubscribe” link contained in any marketing communications that you receive from us
         • by Email to: cf@colchesterunited.net; or
         • by contacting us on the details given in section 13 below headed “HOW TO CONTACT US”.

      3. Third parties and marketing

         We might rely on third parties to help us manage our marketing communications, but we won’t share your information with any third parties for their marketing purposes unless you agree to our doing so.

   9. YOUR RIGHTS

      1. Your data protection rights

         Under data protection legislation you have various rights in respect of the personal information that we hold about you, including: 

         • you can require us to update or correct any inaccurate personal information, or to complete any incomplete personal information, concerning you. If you do, we will take reasonable steps to check the accuracy of, and correct the information. Please let us know if any of your information changes so that we can keep it accurate and up to date;
         • you can require us to stop processing your information for direct marketing purposes; if you withdraw your consent, we may not be able to provide certain services to you; and
         • you have the right to object to our use of your personal information more generally.

         You may also have the right, in certain circumstances to:

         • be provided with a copy of any personal information that we hold about you, with certain related information. There are exceptions to this right; for example where information is legally privileged or if providing you with the information would reveal personal information about another person;
         • to require us, without undue delay, to delete your personal information;
         • to "restrict"  our use of your information, so that it can only continue subject to restrictions; and
         • to require personal information which you have provided to us and which is processed by using automated means, based on your consent or the performance of a contract with you, to be provided to you in machine readable format so that they can be "ported" to a replacement service provider.

         Please note that we reserve the right to retain certain information for our own record-keeping (for example, to ensure that you do not receive marketing communications that you have opted-out of receiving) and to defend ourselves against any claims. We may also need to send you service-related communications relating to the services that we provide to you even when you have requested not to receive marketing communications. 

      2. How to exercise your rights

         You can exercise your rights by contacting us using the details in the “HOW TO CONTACT US” section below, or by ticking the applicable boxes on forms that we use to collect your information, or to tell us that you don’t want to participate in marketing.

         If you wish to remove your information from our marketing circulation lists, which include receiving marketing emails, you can unsubscribe by scrolling to the bottom of the email and clicking the ‘unsubscribe’ link.

         We will comply with your requests unless we have a lawful reason not to do so. 

         We may need you to provide satisfactory proof of your identity. This is to ensure that your personal information is disclosed only to you.

   10. HOW WE LOOK AFTER YOUR INFORMATION

       1. We are committed to protecting the confidentiality and security of the information that you provide to us.  We put in place appropriate technical, physical and organisational security measures to protect against any unauthorised access or damage to, or disclosure or loss of, your information. By way of example we: 

          • Ensure the physical security of our offices.
          • Ensure the physical and digital security of our equipment, devices and systems by mandating appropriate password protection, encryption and access restrictions.
          • Ensure appropriate access controls so that access to your information is only granted to those of our people that need to use it in the course of their work.
          • Maintain internal policies and procedures to make sure our staff understand their responsibilities in looking after your information and take appropriate measures to enforce these responsibilities. 

       2. Links to other sites and resources

          Our website may from time to time contain content and links to other sites that are operated by third parties. You should note that we do not control these third party sites or the cookies that such third parties operate and this Privacy Policy will not apply to them.   You should ensure that you consult the Terms of Use and Privacy Policy of the relevant third party site to understand how that site collects and uses your information and to establish whether and for what purposes they use cookies.

          You should also be aware that communications over the internet, such as e-mails, are not secure unless they have been encrypted.

   11. HOW LONG WE KEEP YOUR INFORMATION FOR

       We do not keep your personal information for any longer than is necessary to fulfil the purpose for which we collected it, or to comply with any legal, regulatory or reporting obligations or to assert or defend against legal claims.  We will generally keep your information for no longer than six years for one of these reasons:

       • To comply with our legal obligations.
       • To respond to any questions or complaints.
       • To show that we treated you fairly.
       • To maintain records according to rules that apply to us.

       We may keep your information for longer than six years if we cannot delete it for legal or technical reasons. We may also keep it for research or statistical purposes. If we do, we will make sure that your privacy is protected and only use it for those purposes.

   12. HOW TO CONTACT US

       If you have any questions about this Privacy Policy or the ways in which we handle your personal information or if you want to make a subject access request, please contact us at:

       The Data Protection Team
       Colchester United Community Foundation
       JobServe Community Stadium
       United Way
       Colchester, Essex CO4 5UP

       Email: dpo.cf@colchesterunited.net

       You are entitled to make a complaint to Information Commissioner’s Office (ICO) if you are dissatisfied with the way we used your information. The ICO is the UK’s independent body set up to uphold information rights. 

       You can contact the Information Commissioner via the ICO website at https://ico.org.uk/global/contact-us/.

LAST UPDATED: 26 Feb 2024

General Privacy Policy

Background

This Privacy Policy is issued by Colchester United Community Foundation (referred to as “CUCF”, “we”, “us” and “our” in this Privacy Policy), the official charity partner of Colchester United Football Club, which operates in the United Kingdom.

Your information will be held by CUCF. This privacy notice sets out how we promise to look after your personal information. This includes what you tell us about yourself, what we learn when we interact with you (for example, when taking a booking for facility hire), and the choices you give us about what marketing you want us to send you. This notice also tells you about your privacy rights and how the law protects you.

Content 

1. ABOUT THIS POLICY
2. ABOUT COLCHESTER UNITED COMMUNITY FOUNDATION 
3. WHAT INFORMATION DO WE GATHER AND HOW DO WE COLLECT IT?
4. WHEN DO WE NEED TO COLLECT YOUR SENSITIVE INFORMATION?
5. HOW THE LAW PROTECTS YOU
6. HOW WE USE YOUR INFORMATION
7. HOW WE SHARE YOUR INFORMATION OUTSIDE OF CUCF
8. MARKETING
9. OUR SITE AND COOKIES
10. YOUR RIGHTS
11. HOW WE LOOK AFTER YOUR INFORMATION
12. HOW LONG WE KEEP YOUR INFORMATION FOR
13. HOW TO CONTACT US

1. 1. ABOUT THIS POLICY
      1. Scope of this policy
         This Privacy Policy relates to our use of any personal information we collect from you via the following services:
         • any CUCF website that links to this Policy (“Websites”); or
         • social media or CUCF content on other websites; or
         • whilst providing agreed services (such as when you hire one of our venues) or receiving services from you.
           
           
         It also relates to our use of any personal information we collect through other means, such as
         • Email
         • In person
         • Other third party sources.
           
           
         We’ve approached our Privacy Policy with brevity and clarity in mind.  If you would like any additional information or explanation or would like us to answer any questions you may have please contact us using the details provided (see the “HOW TO CONTACT US” section below).
         
         
      2. Policy updates
         We will keep this Privacy Policy under regular review to make sure we’re being transparent about how we use your personal information. Any changes to our Privacy Policy will be reflected at https://www.cu-fc.com/cucf/about-us/privacy-notice.
         
         
   2. ABOUT COLCHESTER UNITED COMMUNITY FOUNDATION
      1. Who are we?
         We are Colchester United Community Foundation, and our registered charity number is 1159381.  We are the official charity partner of Colchester United Football Club.  We aim to get our community engaged in the wide range of activities we offer and in turn lead active and healthier lifestyles through our four main strands of delivery; Sports Participation, Education, Health and Inclusion and Facility Hire.
         
         You’ll find our registered address below.
         
         
      2. Who’s the Data Controller?
         For the purposes of data protection laws, we are the “data controller” of all personal information that we collect, use and/or otherwise process about you under this Privacy Policy.
         
         
   3. WHAT INFORMATION DO WE GATHER AND HOW DO WE COLLECT IT?
      1. What types of information do we collect about you?
         The type of information we collect about you depends on the nature of your interactions with us. Depending on the circumstances, we may receive or collect personal information about you, when you contact us for example by doing any of the following:
         
         Data you give to us:
         • When you contact us with an enquiry
         • When you hire a pitch or room
         • When you talk to us on the phone or in our offices
         • When you use our websites or any mobile device apps.
         • In emails and letters.
         • In surveys that we may undertake.
         • When you apply for a job or volunteer with us.
         • When you provide goods or services to us
           
           
         Data we collect when you use our services:
         • Contact Details such as name, title, residential or business address, telephone number and email address.
         • Payment and transaction data.
         • Profile and usage data. This includes the profile you create to identify yourself when you connect to our internet or any mobile and telephone services. It also includes other data about how you use those services. We gather this data from devices you use to connect to those services, such as computers and mobile phones, using cookies and other internet tracking software.
         • Feedback you give to us when you attend activities organised by us or on our behalf.
           
           
         Data from third parties we may work with:
         • Employers /Recruitment consultants.
         • Payroll service providers.
         • Market researchers.
         • Government and law enforcement agencies.
           
           
         Data we collect during the course of providing services
         • Any images collected by CCTV installed at our offices or at venues operated by us.
           
           
      2. Personal information about others
         We may collect information from you about others, such as members of your household or family (in the case of staff.  If you give us information about another person it is your responsibility to ensure and confirm that:
         • you have either told the individual who we are and how we use personal information, as set out in this Privacy Policy; and have permission from the individual to provide that personal information (including any sensitive personal data) to us and for us to process it, as set out in this Privacy Policy; or
         • you are otherwise satisfied that you are not in breach of data protection legislation by providing the information to us.
           
           
   4. WHEN DO WE NEED TO COLLECT YOUR SENSITIVE INFORMATION?
      In certain circumstances, we will collect information that is deemed sensitive. This is most likely to include: 
      • information about your health (for example if you or become unwell or are injured when attending a venue that you hire from us); and/or
      • information about any criminal record you may have.
        
        
      We seek to limit any sensitive personal data that we collect and, unless we have other specific lawful reasons to use this information (such as in an emergency situation), we will ask for your consent to collect it.
      
      
   5. HOW THE LAW PROTECTS YOU
      Your privacy is protected by law. This section provides an overview of how that protection works.
      
      Data protection law states that we are only allowed to use personal information if we have a proper reason to do so. This includes sharing it outside CUCF. The law states that we must have one or more of the following reasons:
      • when you consent to it; or
      • to fulfil a contract we have with you, or
      • when it is our legal duty, or
      • when it is in our legitimate interest.
        
        
      A legitimate interest is when we have a business or commercial reason to use your information.   But even then, it must not unfairly go against what is best or right for you. If we rely on our legitimate interest, we will tell you what that is.  The section below (“How We Use Your Personal Data) contains a list of the ways in which we may use your personal information, and the reasons we rely on to do so. This is also where we tell you what our legitimate interests are.
      
      
   6. HOW WE USE YOUR INFORMATION
      We will only use your personal data fairly and where we have a lawful reason to do so.  We are allowed to use your personal data if we have your consent or another legally permitted reason applies. These include to fulfil a contract we have with you, when we have a legal duty that we have to comply with, or when it is in our legitimate business interest to use your personal data. We can only rely on our legitimate business interest if it is fair and reasonable to do so.  We may use information to:

      Uses of personal data	Our lawful basis for using your personal data
      · To manage and administer our business relationships, to administer billing and payments, to collect and recover money that is owed to us and to keep records.	To fulfil our contracts with event and programme organisers, to fulfil our agreements with those people who hire venues and to comply with legal and regulatory obligations including accounting, tax and data protection.
      · To undertake due diligence on new suppliers. · To help us identify, investigate, report and seek to prevent crime. · To comply with laws and regulations that apply to us.	To comply with our legal and regulatory obligations including crime prevention, fraud and data protection law.
      · To provide information services to individuals, including by email updates and newsletters; and to invite you to events and activities that we may organise from time to time.  This may include surveys to obtain feedback from you. · To identify services, activities and events which may be of interest to you and provide you with information about those services and events.	Where you have consented and expressed a preference to receive marketing communications; or if we feel it is appropriate and relevant to our business relationship with you. On the basis of our legitimate interests to operate our business in an efficient way.
      · To run our business in an efficient and proper way (e.g. auditing, managing our business capability, managing risk for us and those we work with, managing our finances, planning, communications with service providers and individuals, responding to complaints and seeking to resolve them).	On the basis of our legitimate interests to operate our business in an efficient way.
      · To maintain lists to ensure that you do not receive communications from us where you have objected to this or have unsubscribed.	To safeguard your rights and comply with our legal obligations.
      · To optimise our website.  To collate information on how you interact with us and our services so that we can improve this if felt necessary	Where we have consent from you or on the basis of our legitimate interests to operate and present an effective and convenient website to our website users.
      · To exercise our rights contained in agreements or contracts, website terms of use and other terms and conditions of business.  This may include complying with agreements with our service providers/suppliers and individuals.	Fulfilling contracts or to protect our legal interests.
      · To ensure security and protect our business interests (e.g. by the use of CCTV).	In certain circumstances, we may use your information to ensure the security of our services, offices and people, including to protect against, investigate and deter fraud, unauthorised or illegal activities, systems testing, maintenance and development (on the basis of our legitimate interests to operate a safe and lawful business or where we have a legal obligation to do so).
      · Sharing personal data if we decide to sell or transfer part or all of our business.	When needed to comply with our legal obligations and to facilitate the transaction.
      · For other purposes that we have identified when we collect the information (such as processing a job application whether directly or via an agent or recruiter)).	Where we have your consent or on the basis of our legitimate interest to recruit new employees or contractors.

      
      Groups of personal information
      We collect and use lots of different types of personal data.  Personal data is any information that relates to you and that identifies you either directly from that information or indirectly, by reference to other information that we have access to. The personal data that we collect, and how we collect it, depends upon how you interact with us. Categories of personal data that we may collect include:

      Contact	Such as your name, email address and telephone number.
      Socio-Demographic	This includes details about your work or profession, nationality and education.
      Contractual	Details about the services we provide to you or programmes that we offer.
      Locational	Data we get about where you are, such as may come from your mobile phone or the address where you connect a computer to the internet.
      Behavioural	Details about how you use our services and programmes.
      Communications	What we learn about you from letters, emails, conversations between us, feedback and survey responses.
      Open data and public records	Details about you that are in public records such as UK Companies House, the UK Electoral Register, and information about you that is openly available on the internet.
      Usage data	Other data about how you use our services.
      Images	Such as the video images of individuals that we capture by the use of our CCTV system.
      Consents	Any permissions, consents, or preferences that you give us. This includes things like how you want us to contact you.
      Financial	Billing and financial information such as billing address, bank account and payment information.

   7. HOW WE SHARE YOUR INFORMATION OUTSIDE OF CUCF
      1. If you use or book the services we offer, apply for a job or volunteer, your personal information may be shared with and processed by persons that are not CUCF employees but who work for or on behalf of CUCF such as consultants or contractors that we use.  Your information may also be disclosed when we believe in good faith that the disclosure is:
         • required by law;
         • to protect the safety of our employees, the public or CUCF property;
         • required to comply with a judicial proceeding, court order or legal process; or
         • in the event of a merger, asset sale, or other related transaction; or
         • for the prevention or detection of crime (including fraud).
           
           
         We may also share your personal data when you have consented to us doing so.
         
         We may disclose your information to third party suppliers or service providers to conduct our business, for example, to assist in managing and storing data, provide data analytics, conduct market research and to communicate with you effectively. We use Class4Kids, an online booking platform, to run the administrative aspects of the classes and other activities that we offer.   Our website links to the Class4Kids website.  You should note that we do not control these third party sites or the cookies that such third parties operate and this Privacy Policy will not apply to them.   You should ensure that you consult the Terms of Use and Privacy Policy of the Class4Kids website to understand how their site collects and uses your information and to establish whether and for what purposes they use cookies.
         
         We also use an external provider of business and marketing services to provide recruitment, human resources, IT and finance services to us.
         
         In addition, unless you opt out of receiving direct marketing, we may share your information with third parties who help run any marketing campaigns.
         
         We may share your information with regulatory bodies (directly or via shared databases) to prevent and detect fraud.
         
         Where we do share your information with third parties, we will wherever possible require them to maintain appropriate security to protect your information from unauthorised access or processing.
         
         When you make a payment online to hire our facilities that we offer on the Sportskey booking platform your payment card details are collected directly by Stripe, our payment provider. We do not store your payment card details. Stripe is the Data Controller for this data and they refer to you as the End Customer in their Privacy Policy which is available on the following link  https://stripe.com/gb/privacy
         
         
      2. If you choose not to give personal information
         We may need to collect personal information by law, or under the terms of a contract we have with you.
         
         If you choose not to give us this personal information, it may delay or prevent us from meeting our obligations.
         
         Any data collection that is optional would be made clear at the point of collection.
         
         
      3. Our service providers and suppliers / transferring data outside of the UK
         We are based in the United Kingdom.  We will only transfer your personal data outside of the United Kingdom under the following circumstances:
         • where the transfer is to a country or other territory which has been assessed by the European Commission (or an equivalent UK body) as ensuring an adequate level of protection for personal data; or
         • with your consent or
         • on the basis that the transfer is compliant with the UK GDPR, the Data Protection Act 2018 and other applicable laws.
           
           
   8. MARKETING
      1. When you’ll hear from us
         We may from time to time provide you with updates and offers on CUCF’s services, events and other activities via marketing tailored to you, whether through online services or by direct marketing (e.g. phone, e-mail, text, post) and use information we hold about you to help us identify, tailor and package the services and activities or events that may be of interest to you.  We will only do this if you have indicated that you are happy to receive marketing communications from us – that is, if you have either:
         • purchased services from us or attended events or participated in the activities that we run and have not told us that you don’t want to hear from us; or 
         • signed up to receive marketing communications from us and have not later told us that you don’t want to hear from us. 
           
           
         We will not use sensitive personal details in order to provide you with marketing unless you have given your explicit consent to allow us to use this information for these purposes.
         
         
      2. Opting out of or withdrawing your consent in relation to marketing
         If you no longer want to hear from us, you can opt out or unsubscribe by:
         • following the “unsubscribe” link contained in any marketing communications that you receive from us
         • by Email to: dpo.cf@colchesterunited.net or
         • by contacting us on the details given in section 13 below headed “HOW TO CONTACT US”.
           
           
      3. Third parties and marketing
         We might rely on third parties to help us manage our marketing communications, but we won’t share your information with any third parties for their marketing purposes unless you agree to our doing so.
         
         
   9. OUR SITE AND COOKIES
      1. What we collect when you interact with our sites and apps
         As you may already know, most websites collect certain information automatically about the way in which you interact with them. This might include your IP address, geographical location, device information (such as your hardware model, mobile network information, unique device identifiers) browser type, referral source, length of visit to the site, number of page views, the search queries you make, and similar information.
         
         This information will be collected by us or by a third party site analytics service provider and will be collected using cookies.
         
         
      2. What do we mean by “cookies”?
         Cookies are small amounts of information in the form of text files that we store on the device you use to access our site or our marketing communications. Cookies allow us to monitor your use of our services and improve them. For example, a temporary cookie is also used to keep track of your "session". Without that temporary cookie you will not be able to purchase products or other services that may be offered via our site.
         
         We also use cookies for site analytics purposes and to monitor how customers interact with and receive our marketing communications (for example if you open a marketing communication and/or click on any of our offers). We use this information to try to improve the relevance and tone of our future communications to ensure we’re serving you as best as we can.
         
         If you don’t want cookies to be installed on your device, you can change the settings on your browser or device to reject cookies. For more information about how to reject cookies using your internet browser settings, please consult the “Help” section of your internet browser or visit http://www.aboutcookies.org. Please note that if you do set your Internet browser to reject cookies, you may not be able to access all of the functions of the site.
         
         
   10. YOUR RIGHTS
       1. Your data protection rights
          Under data protection legislation you have various rights in respect of the personal information that we hold about you, including:
          • you can require us, to update or correct any inaccurate personal data, or to complete any incomplete personal data, concerning you. If you do, we will take reasonable steps to check the accuracy of, and correct the information. Please let us know if any of your information changes so that we can keep it accurate and up to date;
          • you can require us to stop processing your information for direct marketing purposes; if you withdraw your consent, we may not be able to provide certain services to you; and
          • you have the right to object to our use of your personal data more generally.
            
            
          You may also have the right, in certain circumstances to:
          • be provided with a copy of any personal data that we hold about you, with certain related information. There are exceptions to this right; for example where information is legally privileged or if providing you with the information would reveal personal data about another person;
          • to require us, without undue delay, to delete your personal data;
          • to "restrict"  our use of your information, so that it can only continue subject to restrictions; and
          • to require personal data which you have provided to us and which is processed by using automated means, based on your consent or the performance of a contract with you, to be provided to you in machine readable format so that they can be "ported" to a replacement service provider.
            
            
          Please note that we reserve the right to retain certain information for our own record-keeping (for example, to ensure that you do not receive marketing communications that you have opted-out of receiving) and to defend ourselves against any claims. We may also need to send you service-related communications relating to the services that we provide to you even when you have requested not to receive marketing communications.
          
          
       2. How to exercise your rights
          • You can exercise your rights by contacting us using the details in the “HOW TO CONTACT US” section below, or by ticking the applicable boxes on forms that we use to collect your information, or to tell us that you don’t want to participate in marketing.
          • If you wish to remove your information from our marketing circulation lists, which include receiving marketing emails, you can unsubscribe by scrolling to the bottom of the email and clicking the ‘unsubscribe’ link.
          • We will comply with your requests unless we have a lawful reason not to do so. 
          • We may need you to provide satisfactory proof of your identity. This is to ensure that your personal data is disclosed only to you.
            
            
   11. HOW WE LOOK AFTER YOUR INFORMATION
       1. We are committed to protecting the confidentiality and security of the information that you provide to us.  We put in place appropriate technical, physical and organisational security measures to protect against any unauthorised access or damage to, or disclosure or loss of, your information. By way of example we: 
          • Ensure the physical security of our offices.
          • Ensure the physical and digital security of our equipment, devices and systems by mandating appropriate password protection, encryption and access restrictions.
          • Ensure appropriate access controls so that access to your information is only granted to those of our people that need to use it in the course of their work.
          • Maintain internal policies and procedures to make sure our staff understand their responsibilities in looking after your information and take appropriate measures to enforce these responsibilities.
            
            
       2. Links to other sites and resources
          • Our website may from time to time contain content and links to other sites that are operated by third parties. You should note that we do not control these third party sites or the cookies that such third parties operate and this Privacy Policy will not apply to them. You should ensure that you consult the Terms of Use and Privacy Policy of the relevant third party site to understand how that site collects and uses your information and to establish whether and for what purposes they use cookies.
          • You should also be aware that communications over the internet, such as e-mails, are not secure unless they have been encrypted.
            
            
   12. HOW LONG WE KEEP YOUR INFORMATION FOR
       We do not keep your personal data for any longer than is necessary to fulfil the purpose for which we collected it, or to comply with any legal, regulatory or reporting obligations or to assert or defend against legal claims.  We will generally keep your data for no longer than six years for one of these reasons:
       • To comply with our legal obligations.
       • To respond to any questions or complaints.
       • To show that we treated you fairly.
       • To maintain records according to rules that apply to us.
         
         
       We may keep your data for longer than six years if we cannot delete it for legal or technical reasons. We may also keep it for research or statistical purposes. If we do, we will make sure that your privacy is protected and only use it for those purposes.
       
       
   13. HOW TO CONTACT US
       If you have any questions about this Privacy Policy or the ways in which we handle your personal information or if you want to make a subject access request, please contact us at:
       
       The Data Protection Team
       Colchester United Community Foundation
       JobServe Community Stadium
       United Way
       Colchester, Essex CO4 5UP
       
       Email:  dpo.cf@colchesterunited.net
       
       However, if you remain dissatisfied with our response, you have the right to take the matter up with the United Kingdom Information Commissioner’s Office (ICO). The ICO is the UK’s independent body set up to uphold information rights.
       
       You can contact the Information Commissioner via the ICO website at https://ico.org.uk/global/contact-us/.

LAST UPDATED: 22 Dec 2022