In this Privacy Policy, we use the term “Ten Em Bee” (and “we”, “us” and “our”) to refer to Ten Em Bee Sports Development Centre. Full details about Ten Em Bee Sports Development Centre are provided in the “Legal notice” section below.
Ten Em Bee Sports Development Centre (hereafter referred to as “Ten Em Bee”, “we”, “us” and “our”), is the data controller for the personal information we process. We recognise that your privacy is important and consequently we are committed to protecting it. This Privacy Policy explains what personal information we process about you when you:
Our websites and digital platforms may contain links to other websites which are outside our control and are not covered by this Privacy Policy. If you access other sites using the links provided, the operators of these sites may collect information from you which will be used by them in accordance with their privacy policy, which may differ from ours.
Ten Em Bee will only process your personal information for the purposes outlined in the following sections. If these purposes change over time or we want to use data for a new purpose which we did not originally anticipate, we will only go ahead if the new purpose is closely related to the original purpose. If the new purpose is incompatible with the original purpose, we will seek your specific consent for the new purpose; or if a clear legal provision exists requiring or allowing the new processing in the public interest, we will inform you accordingly.
– Visitors to our website
– Cookies
– Registering a user account
– Purchasing our products or services
– Fraud screening and prevention
– The Pavillion Wifi
– Direct marketing and research
– Competitions voting and quizzes
– Making an enquiry or a complaint
– CCTV surveillance
– Interacting with us as a representative of our suppliers or partners.
– Visiting our offices
– Applying for a job at Ten Em Bee
Responding to requests to exercise your data subject right
– If you are under 16
– Aged under 13
– Third party service providers
– COVID-19 Screening Questionnaire
You can access and browse our websites without the need for you to actively provide us with your personal data. However, you will need to register a user account in order to purchase tickets, memberships or coaching courses (see “Registering on our websites” for more information).
When you visit our websites we automatically collect information about your device and about your visit. This helps us to better understand how you use our digital platforms and enables us to design our site to better suit our your needs whilst also creating better, more personalised content which improves your experience for future visits. The information we collect includes:
We may also infer your country of location from the IP address you have used to access our digital platforms.
Some of this information is collected by cookies which are small text files that store basic information that a website can use to track on-line traffic flows, recognise repeat site visits and record information about your on-line preferences. They often include an anonymous unique identifier that is sent to your browser from our websites, which is then stored on your computer’s hard drive. Cookies do not attach to your system and damage your files but observe user behaviour and compile aggregate data that we then use to improve web services. We also use cookies to measure the effectiveness of advertising.
For further, more detailed information on how we use cookies, please refer to our Cookie Policy.
The legal basis we rely on to process your personal data is article 6(1)(f) of the GDPR, which allows us to process personal data when its necessary for the purposes of our legitimate interests. The only exception to this is the placement of non-essential cookies on your devices where we rely on article 6(1)(f) of the GDPR which requires us to obtain your consent.
Registering a user account on our websites
To access the areas of our websites where you can purchase match tickets, memberships and coaching courses you will need to register with us. During the registration process you will be asked to submit personal information including:
We use this information to provide you with a secure, identifiable user account, to ensure we provide you with age appropriate content, and to fulfil and communicate with you about your purchases.
Where we use this information to provide you with a secure, identifiable user account,
the legal basis we rely is article 6(1)(f) of the GDPR, which allows us to process personal data for our legitimate interests.
Where we use this information to ensure we provide you with age appropriate content when you are logged on, the legal basis we rely is article 6(1)(c) of the GDPR, which allows us to process personal data to meet our legal obligations.
Where we use this information to fulfil or communicate with you about any purchases you have made, The legal basis we rely on to process this data is article 6(1)(b) of the GDPR, which allows us to process personal data where the processing is necessary for the performance of a contract to which the data subject is party (see Purchase our Products and Services for more information).
We may also send you information about our latest news, competitions, ticket and merchandise updates and offers and those of our partners. The legal basis we rely on for this activity is article 6(1)(a) of the GDPR, which requires use to obtain your consent (see Direct Marketing for more information).
Purchasing our products or services
We need to process your personal data in order to provide you with the products and services you purchase from us. If you have already registered an account, then we will use the information you provided during the registration process to deliver and communicate with you about your purchase. In addition to this, we will need to collect your payment card details in order to process payment
The legal basis we rely on to process this data is article 6(1)(b) of the GDPR, which allows us to process personal data where the processing is necessary for the performance of a contract to which the data subject is party.
Depending on the service or product you have purchased, we may also need to collect additional information such as:
Fraud screening and prevention
Sometimes where there is suspicion of illegal activity such as fraud or ticket touting, we will ask you to provide a copy of an identity document such as a passport. This is usually only necessary for overseas customers and some UK customers where the value of the purchase exceeds a threshold or where the delivery address is different to the card address.
In addition, we may keep the personal information of individuals suspected of suspicious purchasing and touting activity. This information may be shared with other clubs and local law enforcement agencies as we attempt to protect the public against seriously improper conduct.
We also requested copies of identity documents for ticket holder name changes i.e. maiden to marital surname, to verify the name change and ultimately to prevent tickets being reallocated to different people.
When we have completed the check process, we delete the copies.
The legal basis we rely on to process this data is article 6(1)(f) of the GDPR, which allows us to process personal data for our legitimate interests. In this case our legitimate interests are protecting us and our customers against fraud.
Stadium wifi
When you attend the Stadium we provide an open wifi network for your use. We do not ask you for any personal information, such as your name or email address, when you connect to the wifi but we have to collect your device’s IP address and MAC address in order to facilitate your connection. We retain these two pieces of information for the duration of a season. At the end of each season we delete all such data from the wifi system.
We also operate a web filtering system which blocks access to indecent or malicious websites that could pose a security threat to our wifi network. The filtering system will collect information about the websites you visit whilst you are using our wifi network. We retain this information for 1 month in order to assist us with any investigations into the mis-use the wifi network or any security incidents.
The legal basis we rely on to process this data is article 6(1)(f) of the GDPR, which allows us to process personal data when its necessary for the purposes of our legitimate interests.
This information is not personally identifiable and we do not combine it with other data you may have provided us through your other interactions with us. Consequently, this data remains
Direct marketing and market research
When you register your user account on our websites we ask you to set your contact preferences for marketing and market research communications from us and our partners. These settings are opted out by default meaning that we and our partners will only send you such communications where you actively opt-in.
We also include the option to opt in to marketing and market research communications on some of our online forms i.e. competitions and quizzes. Again, we will only ever send you these communications if you opt-in.
If you do opt-in and you later change your mind, we provide an unsubscribe link at the bottom of every marketing communication. You can also object to marketing communications by contacting our Data Protection Officer.
The legal basis we rely on to process this data is article 6(1)(a) of the GDPR, which allows us to process personal data with your consent.
Competitions, voting, and quizzes
From time to time we will run competitions, votes and quizzes. When you take part in these activities we will ask you for some basic personal information to enable us to administer the competition, vote or quiz. This will usually consist of your name and email address which we will need in order to contact you if you win.
As stated in the Direct Marketing section, we will not use this information to send you marketing communications unless you opt-in.
The legal basis we rely on to process this data is article 6(1)(f) of the GDPR, which allows us to process personal data when its necessary for the purposes of our legitimate interests.
Making an enquiry or complaint
When you contact us to make an enquiry or complaint, we collect personal information such as your email address so that we can respond to you.
We may monitor or record telephone calls for security purposes and to improve the quality of services that we provide to you.
We record details of all enquiries or complaints on our systems and share them with the areas of the business that are best placed to address them.
The legal basis we rely on to process this data is article 6(1)(f) of the GDPR, which allows us to process personal data when its necessary for the purposes of our legitimate interests. In this case our legitimate interests are dealing with the enquiry or complaint and any subsequent issues that may arise, and to check on the level of service we provide.
We have installed CCTV systems in our premises, including the football stadium, for the purposes of public and staff safety and crime prevention and detection. CCTV is also installed on the outside of some of our buildings for the purposes of monitoring building security and crime prevention and detection.
In all locations, signs are displayed notifying you that CCTV is in operation and providing details of who to contact for further information.
Images captured by CCTV will not be kept for longer than necessary. However, on occasions there may be a need to keep images for longer, for example where a crime is being investigated.
Body Worn Cameras incorporating audio recording are used by our Stadium security staff when necessary for operational purposes. The aim of the technology is to:
You have the right to see images/audio recording of yourself in accordance with the General Data Protection Regulations (GDPR) and Data Protection Act 2018 and be provided with a copy of the images. You can request this either in person at the Stadium or by contacting the Data Protection Officer.
We will only disclose images and audio to other authorised bodies who intend to use it for the purposes stated above. Images and audio will not be released to the media for entertainment purposes or placed on the internet for public viewing.
The legal basis we rely on to process this data is article 6(1)(f) of the GDPR, which allows us to process personal data when its necessary for the purposes of our legitimate interests. In this case our legitimate interests are public and staff safety and crime prevention and detection.
Interacting with us as a representative of our suppliers or partners.
Ten Em Bee operates with a broad portfolio of suppliers and commercial partners. Our staff will process details of our suppliers’ or partners’ nominated business contacts in order to manage these business relationships. This includes information such as names, job titles and contact details.
In the case of deliveries to the Stadium, we ask our suppliers to provide the name and photo of their delivery drivers. We use this information to verify delivery drivers when they attend the Stadium.
The purpose for processing this information is for security and safety reasons. The legal basis we rely on to process your personal data is article 6(1)(f) of the GDPR, which allows us to process personal data when its necessary for the purposes of our legitimate interests.
All visitors are asked to sign in with their name and company and to show a form of ID. The ID is for verification purposes only, we don’t record this information.
We will issue you with a temporary visitor pass which will include your name and company. This should be worn at all times when you are in our offices and will be destroyed when you leave the premises at the end of your visit.
The purpose for processing this information is for security and safety reasons. The legal basis we rely on to process your personal data is article 6(1)(f) of the GDPR, which allows us to process personal data when its necessary for the purposes of our legitimate interests.
We have Wi-Fi on site for the use of visitors. We’ll provide you with the address and password.
We record the device address and will automatically allocate you an IP address whilst on site. We also log traffic information in the form of sites visited, duration and date sent/received.
The purpose for processing this information is to provide you with access to the internet whilst visiting our site. The legal basis we rely on to process your personal data is article 6(1)(f) of the GDPR, which allows us to process personal data when its necessary for the purposes of our legitimate interests.
Applying for a job at Ten Em Bee
When you apply for a job with us, we collect and process a range of personal data in order to assess your suitability for employment. You are under no statutory or contractual obligation to provide data to us during the recruitment process. However, if you do not provide the information, we may not be able to process your application properly or at all.
We ask for:
The legal basis we rely on for processing your personal data is article 6(1)(b) of the GDPR, which relates to processing necessary to perform a contract or to take steps at your request, before entering a contract.
We will also ask whether or not you have a disability for which the organisation needs to make reasonable adjustments during the recruitment process. The legal bases we rely on for this are article 6(1)(c) of the GDPR which allows us to process information to meet a legal obligation and article 9(2)(b) as the processing is necessary for the purposes of carrying out our obligations in the field of social security and social protection law.
You will also be asked to provide equal opportunities information including information about your ethnic origin, sexual orientation, health, and religion or belief. This is not mandatory – if you don’t provide it, it won’t affect your application. This is done for the purposes of equal opportunities monitoring only and we won’t make the information available to any staff outside our recruitment team, including hiring managers, in a way that can identify you. The legal bases we rely on are article 6(1)(a) and 9(2)(b) which require your explicit consent.
In some cases, we need to process data to ensure that we are complying with our legal obligations. For example, it is required to check a successful applicant’s eligibility to work in the UK before employment starts. It these situations the legal basis we rely on is article 6(1)(c) of the GDPR which allows us to process information to meet a legal obligation
When we make a job offer we will also seek information from third parties, such as references supplied by former employers and information from employment background check providers. For some roles, we are legally obliged by safeguarding legislation to conduct criminal records checks. This usually applies to roles that involve working with minors. The legal basis we basis we rely on is article 6(1)(c) of the GDPR which allows us to process information to meet a legal obligation.
Sharing your information
Your information will be shared internally for the purposes of the recruitment exercise. This includes members of the HR team, interviewers involved in the recruitment process, managers in the business area with a vacancy and IT staff if access to the data is necessary for the performance of their roles.
We will not share your data with third parties, unless your application for employment is successful and we make you an offer of employment. The organisation will then share your data with former employers to obtain references for you, employment background check providers to obtain necessary background checks and the Disclosure and Barring Service to obtain necessary criminal records checks.
Keeping your information
If you are unsuccessful after assessment for the role, we will hold your data on file for 6 months after the end of the relevant recruitment process. At this point your data will be deleted unless you have told us that you would like your details retained in our talent pool. If this is the case, then we would proactively contact you should any further suitable vacancies arise.
If your application for employment is successful, personal data gathered during the recruitment process will be transferred to your personnel file and retained during your employment. The periods for which your data will be held will be provided to you in a new privacy notice.
Responding to requests to exercise your data subject rights
When you contact us to exercise your data subject rights (see “Your Rights” for more information) we will ask you for some information so that we can confirm your identity and ensure that we action your request against the right account. This will usually be your Customer Reference Number (CRN) however if you do not have a CRN or cannot remember it, we may ask for other information. We do not store this information – we just use it to confirm your identity.
We maintain a record of all the data subject rights requests that we receive. If you do make a request, this record will capture your name and a differential piece of data such as your email address or CRN. We keep this record to evidence our compliance with data protection legislation and as a record of our activities in case we are challenged.
The legal basis we rely on to process this data is article 6(1)(f) of the GDPR, which allows us to process personal data when its necessary for the purposes of our legitimate interests.
Children
If you are under 16 and register for restricted areas of our digital platforms, we will collect your date of birth and retain that with your name and other details you may provide. This is so we can ensure we treat you in an age appropriate way in line with this policy.
If you have signed up to receive a product or service, we may contact you about this.
If you are aged 13-15, you must first tell your parent or legal guardian that you wish to register on our digital platforms and get their consent. You must make sure that your parent or legal guardian knows and agrees each time before you:
If you are the parent or legal guardian of a user of our digital platforms who is aged 13 to 15 we do not seek your direct consent to their registration, but we expect them to inform you and get your agreement in advance before they register and before each time they do any of the activities listed above.
If you are under 13, you may only use the restricted areas of our digital platforms if your parent or legal guardian has first told us that you are allowed to do so.
If you are under 13 and wish to register, you must truthfully tell us your name, email address, country and date of birth. We will then ask you for the name and email address of your parent or legal guardian. We will send them an email, so they are aware of your request and will ask them for their consent and to confirm they have authority to give that consent. We need their consent or refusal within 7 days, or else we will assume consent is not granted. Their consent can be withdrawn at any stage.
Even if your parent or legal guardian gives their consent to your registration, if you are under 13 we still expect you to tell them and get their agreement in advance each time before you:
If you are the parent or legal guardian of a user of our digital platforms who is under 13, they can access and use unrestricted areas, but we will need your direct consent if they wish to gain access to restricted areas.
Automated Decision-making and profiling
Automated decisions mean that a decision concerning you is made automatically on the basis of a computer determination (using software algorithms), without human review.
The only time we conduct any form of automated-decision making based on profiling is when you visit our websites. We use third party software to analyse the way you use our websites in order to provide you with a more personalised experience next time you visit our websites. For example, we may analyse the products you buy from our shop or the types of web pages you look at the most. Next time you visit our website we will then tailor the content we provide you based on those preferences. We might also suggest other products or services you might be interested in.
These activities are fully automated and you can turn them off by disabling our website’s cookies in your web browser. Our Cookie Policy explains how to do this.
We do not conduct any other forms of automated-decision making particularly anything that could have a legal or similarly significant effect on you. If this changes over time, we will seek your explicit consent and update this privacy notice accordingly.
Sharing your information
Ten Em Bee shares your personal data internally and with selected third-parties in the following circumstances:
Third party service providers.
In order to provide our products and services to you or to otherwise fulfil contractual arrangements that we have with you, we may need to appoint data processors to carry out some of the data processing activities on our behalf. These may include, for example, payment processing organisations, delivery organisations, fraud prevention and screening and credit risk management companies, mailing houses and IT system providers. We have contracts in place with our data processors which means that they cannot do anything with your personal information unless we have instructed them. They will not share your personal information with any other organisations and will hold it securely and retain it for the period we instruct.
Commercial Partners
We may also share personal data, such as your name and contact details, with our commercial partners but only where you have explicitly consented to this or requested that we do so. For example, when you enter a competition which is a joint promotion, or you request to receive certain marketing communications. In any case, we will provide you with clear information before we share your personal data.
Other football clubs
Some European countries require their football clubs to keep full records of all away fans attending their matches. Consequently, when you purchase an away match ticket for a European game, we may be required to disclose your personal information to the hosting club. As this activity forms part of us providing you with the product or service you have purchased, the legal basis we rely on to process this data is article 6(1)(b) of the GDPR, which allows us to process personal data where the processing is necessary for the performance of a contract to which the data subject is party. You can object to us sharing your data with other clubs however it we will not be able to guarantee your entry at the match.
Publicity and media
We may disclose your personal data publicly via the media or social media. For example, when sharing a comment or opinion you have provided or if you win a competition or promotion we may disclose your name online. In such cases, we will clearly notify you of the sharing and you will have the choice not to participate or to otherwise object to such sharing, subject to our other legal obligations.
Supporters’ Clubs
Ten Em Bee has a network of Supporters’ Clubs around the globe. We may share personal data, such as your name and contact details, with the representatives of your nearest Supporters’ Club but only where you have explicitly consented to this or requested that we do so.
Legal and other
We may also share your data with third parties:
International data transfers
We are based in the UK but sometimes your personal information may be transferred outside of the European Economic Area (EEA). For example, some of our third-party suppliers or commercial partners to which we disclose your personal data may be situated outside of the EEA. Where we do transfer your personal data outside of the EEA, we make sure that we put one of the EU’s approved suitable safeguards in place, for example using approved contractual agreements or by obtaining your explicit consent for the transfer.
Security
Protecting your personal information is very important to us and as such we have put a range of security defences in place in order to ensure it.
This includes:
Some of our IT systems are provided by third party suppliers. In these cases the security of your data is a shared responsibility and we have contracts in place which outline each party’s responsibilities for the security of data.
Keeping your information
We retain your personal information for the minimum reasonable time period to allow us to fulfil the purposes that we collected it for. We will delete or destroy your data after that time except where we need to keep any personal information to comply with our legal obligations, resolve ongoing disputes or defend ourselves against future legal claims, or enforce our agreements.
Occasionally, we may continue to use data without further notice to you. This will only be the case where any such data is anonymised and you cannot be identified as being associated with that data.
Please contact info@tenembee.org.uk for further information about our retention periods.
Your Rights
You have certain rights in relation to your personal information. In order to exercise any of the following rights please complete the data subject access request form here or contact the DPO using the details above.
Right of access. You have the right to access the data that we hold on you. We provide you with access to as much of your personal information as possible via your account on our website, however, if you require access to other information, you should make a subject access request in writing.
Right to rectification. You can request that we update any of your personal information, which is out of date or incorrect. We may not always be able to change or remove that information but we’ll correct factual inaccuracies and may include your comments in the record to show that you disagree with it. Please note that you are able to correct basic personal information on the HR and recruitment systems and it is your responsibility to ensure the data is up to date.
Right to erasure: In some circumstances you can ask for your personal information to be deleted. You should be aware however that this is not an absolute right and there are situations where legally, we will not be able to comply with your request. If we cannot comply with your request, we will clearly explain our reasons.
Right to object. You can object to our processing of your personal information where we do so in our legitimate interests or in the public interests. If you do object, you should provide specific reasons why you are objecting to the processing of your data. You should be aware that this is not an absolute right, and we can continue processing if we can demonstrate compelling legitimate grounds for the processing or if the processing is for the establishment, exercise or defence of legal claims. If we cannot comply with your request, we will clearly explain our reasons.
Right to restrict processing. In some circumstances, you have the right to ask us to restrict the processing of your personal data. This may be because you have issues with the content or accuracy of the information we hold and want us to restrict processing whilst these issues are addressed. Alternatively it could be because you have objected to our processing of your data for the purposes of our legitimate interests, and you want us to restrict processing whilst we considering our response. Where we comply with these requests, we will always inform you before lifting the restriction.
Consent withdrawal. Where you have given clear consent for us to process your personal data for a specific purpose, you have the right to withdraw your consent at any time. Please note that we do not rely on consent for the majority of employee personal information we process.
COVID-19 Screening Questionnaire
We will be collecting and recording the contact details of individuals who attend matches at the Ten Em Bee Stadium to support the NHS COVID-19 track and trace scheme and to protect attendees from potential harm. The collection of this data will be taken via a digital questionnaire.
Your information will be used to enable the NHS to contact you should you have been in the premises around the same time as someone who has tested positive for COVID-19.
In addition, we will screen each completed questionnaire to identify any negative responses that suggest an individual has relevant symptoms which presents a risk of contamination to others.
We will only share your data when it is requested directly by the NHS, for use in the track and trace scheme. Further information on the scheme is available on the NHS website:https://www.gov.uk/guidance/nhs-test-and-trace-how-it-works
We will process the following elements of personal data:
The lawful basis the Club has applied for collecting this data under data protection law is GDPR Article 6(1) – legal obligation; we have a common law duty of care to protect the welfare and wellbeing of individuals who attend matches in the Stadium.
Your personal data will be retained only for the purposes stated in this section of the privacy notice and will be held by the Club for no more than 3 weeks (21 days).
ID Validation
If any matches of the 2020/21 season are operated on a reduced capacity basis, Season Ticket Holders who have made their initial 20% renewal payment will have an option to be entered into a ballot for the opportunity to access a ticket for the match.
In order to understand exactly who is in attendance at the Stadium on matchdays we are asking the relevant Season Ticket Holders over the age of 18 to verify their identification by providing the Club with a copy of a valid passport or UK driving licence.
The lawful basis the Club has applied for collecting this data under data protection law is GDPR Article 6(1) – legal obligation; we have a common law duty of care to protect the welfare and wellbeing of individuals who attend matches in the Stadium.
Your personal data will be retained only for the purposes stated in this section of the privacy notice and will be held by the Club for no more than 31 days at which point it will be automatically purged.
Changes to this policy
As Ten Em Bee changes, this Privacy Policy is expected to change as well. We reserve the right to amend this Privacy Policy at any time, for any reason, without notice to you, other than the posting of the amended Privacy Policy on our websites. We may email periodic reminders of this Privacy Policy and will email relevant data subjects to notify them of any material changes. You should check our website frequently to see the current Privacy Policy that is in effect and any changes that may have been made to it.
More information & Complaints
Should you have any questions regarding this Privacy Policy or if you wish to make a complaint about how we process your personal information, please contact info@tenembee.org.uk
You are also able to make a complaint to the Information Commissioner’s Office (ICO) if you think your data protection rights have been breached in any way by us. You can do this by contacting the ICO at:
Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Tel: 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number.
Alternatively, visit the ICO website or email casework@ico.org.uk.
Stay up to date with the latest news and events.