Home / Privacy Policy

WEBSITE PRIVACY NOTICE

What does this notice cover?

This notice describes how Brighton and Hove Albion Football Club Limited (also referred to as "The Club ", "we" or "us") will make use of your data on our websites and during your interaction with The Club online and offline, including purchasing tickets for our games, using our applications, buying items in our online shop, data we may process if you attend our games, data we may handle if you supply or partner with the Club or data we use to send you direct marketing.

It also describes your data protection rights, including a right to object to some of the processing which the Club carries out. More information about your rights, and how to exercise them, is set out in the “What rights do I have?” section.

Summary of how we use your data

What information do we collect?

We collect and process personal data about you when you interact with us and our websites, and when you purchase goods and services from us. This will typically be provided directly by you, and may include information you provide on registration or in the process of your purchase, such as you name, address, email address, marketing preferences and payment details. The details being provided by you will be made clear in forms you complete or will be provided directly by you in surveys, in purchasing tickets or in volunteering information in communications or content you provide us.

What information do we generate or receive from third parties?

We may generate or collect information about you ourselves or obtain this from our partner EFL Digital. In an online context, much of this is set out in our Cookies section. In an offline context, we may particularly collect information about you through our CCTV cameras, in completing health and safety records or by keeping access records of our sites.

Sometimes, we receive information about you from other third parties. For example, if you login to a site or app using Facebook Connect you will be asked if you wish to share information from your Facebook account with us. If you use a "like", "follow" or a "share" button for a feature on our sites or apps, then the third party will share information with us. If you participate in activities on other sites or apps - such as participating in a Facebook application - you may allow us to have access to personal data held by Facebook, or other site or app owners. We also receive information about individuals that the police or other sports stakeholders recommend or require us to ban from our ground. We may also obtain information about you from third party demographics providers, which we may use to help us better understand our users and send them appropriate offers and information.

If we provide online services to a child where we need parental consent for this, we may ask for a parent's email address, in order to ask for consent.

How do we use this information, and what is the legal basis for this use?

We process this personal data for the following purposes:

Relying on our legitimate interests

We have carried out balancing tests for all the data processing we carry out on the basis of our legitimate interests, which we have described above. You can obtain information on any of our balancing tests by contacting us using the details set out later in this notice.

Withdrawing consent or otherwise objecting to direct marketing

Wherever we rely on your consent, you will always be able to withdraw that consent, although we may have other legal grounds for processing your data for other purposes, such as those set out above. In some cases, we are able to send you direct marketing without your consent, where we rely on our legitimate interests. You have an absolute right to opt-out of direct marketing, or profiling we carry out for direct marketing, at any time. You can do this by following the instructions in the communication where this is an electronic message, or by contacting us using the details set out below.

What cookies and/or tracking technologies does the Club use?

When you visit one of our websites, we may also collect, process and use informing about you and your use of the website, including any forums you visit and how you arrived at our Site. Such information may be collected through "traffic data" and may entail the use of "cookies" or other tracking technologies, IP Addresses or other numeric codes used to identify your computer. Cookies are particularly placed on the site by our partner EFL digital. For more information on Cookies please click on the link to our Cookies Policy.

Who will we share this data with, where and when?

We will share your data with relevant third parties for the purposes set out above, in particular we will share details of fans or participants with other football stakeholders such as the FA, Premier League and EFL and the police where this is necessary to enforce stadium bans.

EFL Digital is the provider of our main website, and provides Seagulls TV through our main website. EFL Digital is our data processor for the provision of the majority of our website services, but is a data controller in respect of Seagulls TV, where it may also collect marketing consent. It also retains information collected through cookies for analytical purposes as an independent controller. More information on EFL Digital's use of your data can be found in the EFL Privacy Policy on our main website.

Personal data may be shared with government authorities and/or law enforcement officials if required for the purposes above, if mandated by law or if required for the legal protection of our legitimate interests in compliance with applicable laws.

Personal data will also be shared with third party service providers, who will process it on behalf of the Club for the purposes identified above. Such third parties include providers of website hosting, security services, maintenance, call centre operations and identity checking.

Where information is transferred outside the EEA, and where this is to a stakeholder or vendor in a country that is not subject to an adequacy decision by the EU Commission, data is adequately protected by EU Commission approved standard contractual clauses, an appropriate Privacy Shield certification or a vendor's Processor Binding Corporate Rules. A copy of the relevant mechanism can be provided for your review on request. Where data is transferred outside the EEA due to your purchase of tickets to a game taking place outside the EEA, this data is transferred as necessary to facilitate your travel and fulfill your contract.

What rights do I have?

You have the right to ask us for a copy of your personal data; to correct, delete or restrict (stop any active) processing of your personal data; and to obtain the personal data you provide to us for a contract or with your consent in a structured, machine readable format.

In addition, you can object to the processing of your personal data in some circumstances (in particular, where we don’t have to process the data to meet a contractual or other legal requirement, or where we are using the data for direct marketing).

These rights may be limited, for example if fulfilling your request would reveal personal data about another person, or if you ask us to delete information which we are required by law to keep or have compelling legitimate interests in keeping.

To exercise any of these rights, you can get in touch with us – or our data protection officer – using the details set out below. If you have unresolved concerns, you have the right to complain to an EU data protection authority where you live, work or where you believe a breach may have occurred. This is likely to be the Information Commissioner’s Office in the UK.

Data that is mandatory is indicated on relevant forms that you complete. Where provision of data is mandatory, if relevant data is not provided, then we will not be able to fulfil your requests to register, make a purchase or otherwise engage with the Club. All other provision of your information is optional.

How do I get in touch with you?

We hope that we can satisfy queries you may have about the way we process your data. If you have any concerns about how we process your data, or would like to opt out of direct marketing, you can get in touch at dataprotection@bhafco.uk or by writing to Data Protection, The American Express Community Stadium, Village Way, Falmer BN7 5SH. You can also use the preference centre on seagullstickets.com if you sign in to make changes to your marketing preferences, or from the link at the bottom of Club emails sent to you.

How long will you retain my data?

We process registration data for as long as you are an active user and for 6 years after this. We will also, where you have consented to marketing, continue to sending you marketing whilst you are an active user. An active user is a fan that has opened an email from us or bought something from us within the last 3 seasons. We will also remove you from our marketing lists where you have not engaged in the previous 3 seasons.

If you choose to opt out of marketing,, we will remove you from our lists but keep a record of the fact that you have asked us not to send you direct marketing or to process your data indefinitely so that we can respect your request in future.

Where we process personal data in connection with performing a contract or for a competition, we keep the data for 6 years from your last interaction with us.

We keep information relating to our suppliers and partners for at least 6 years following the contract, although we may hold it longer where required by law, such as for accounting purposes.

Where we process CCTV footage, we hold this for a month.

Where we process personal data to meet legal requirements, we hold this for as long as the law requires – for example, we hold health and safety accident records for 7 years.

Effective Date: This Privacy Notice was updated 17 May 2018 and is effective as of that date.