Terms, Conditions & Privacy Policy

We understand that on any booking submission made, whether by application form, online, or verbally by phone, that you, the customer, agree to our terms and conditions of booking as set out below. Should you disagree, or have any concerns regards any of the terms and conditions listed below, you should notify us immediately before proceeding with booking or submitting application form.

Coaching

All courses are taken by SFA qualified coaches with particular experience of coaching children.

Course Confirmation

Please accept the submitted booking as confirmation of a place on the chosen course. No confirmation of course booking will be sent. Where courses are already full, you will be notified by GMCT.

Administration Charge

Please be aware that the first £15 of any course booking fee covers administration costs and is not refundable.

Refunds Policy

Refunds will only be granted in respect of requests received not less the 3 day prior to the commencement of the activity. Refunds after this time will be at the sole discretion of GMCT who will consider circumstances in each individual case.

Cancellation Due To Inclement Weather or Due to Circumstances Outwith Our Control

GMCT cannot be held responsible for class cancellation due to inclement weather or due to circumstances beyond our control. No refunds will be issued for classes cancelled due these circumstances. Where scheduling, facility and resources allow, GMCT will endeavour to extend courses to make up for classes cancelled under these circumstances, but cannot guarantee that this will be possible.

Photography

From time to time GMCT may video/photograph course members for promotional use (eg. Website, Press, Brochures, etc.). Any course applicant who does not wish to be photographed/videoed for such publications must inform GMCT Administration Department at the time of course booking.

Notice of Cancellation

Cancellation of membership in any season long courses (ie. those paid by recurring billing, direct debit or standing order) requires 31 days notice. Cancellation requests must be made in writing (letter or email) to the GMCT office c/o Cappielow Park, Sinclair Street, Greenock, PA15 2TU or email pr@mortoncommunity.net.

Course Member Details

Please ensure that GMCT records of your personal details are kept up to date. It is important that GMCT is able to contact you via postal address, telephone numbers and email address to ensure that you receive important information on any course that you have joined or applied for.

E-Mail

GMCT supports environmental conservation projects and endeavour to minimise our carbon footprint. The main communication route used by GMCT is e-mail, so please ensure that your email address is supplied at the time of registration and that it is kept up to date. Failure to supply email address may result in non-receipt of important course information or special offers that GMCT may be able to offer course members.

DATA PROTECTION POLICY

Introduction

The new General Data Protection Regulation (GDPR) replaced the UK’s Data Protection Act 1998 (DPA), on 25 May 2018. It has now become law in all EU member states. It builds upon the existing principles of the Data Protection Act, and new requirements need to be incorporated into our data protection arrangements. We are now more accountable as an organisation to the individuals whose data we hold: we need to be more open about the information that we hold, and why we hold it. It also requires our systems and controls to be secure, robust and effective, as well as being adaptable to deal with customer requests.

We are a charitable organisation and the information we hold is used almost solely to allow us to operate as such, in order to meet our regulatory or legal obligations; to deliver programmes in line with our aims and objectives; and, to communicate more effectively with the local community in which we are based. In this document we set out how we collect, use and share your personal data, as well the rights that you as individuals hold in relation to those rights.

Who are we?

Greenock Morton Community Trust (GMCT) is a data controller for the purposes of GDPR and is responsible for your personal data. The size of our organisation is such that we are not required to appoint a Data Protection Officer. However, our Education, Employability and Operations Manager, Gordon McKillop, is the nominated point of reference for any queries, requests or complaints that relate to our data protection obligations.

Gordon can be contacted at:

Gordon McKillop
Greenock Morton Community Trust
Cappielow Park
Sinclair Street
Greenock
PA15 2TY
email: gordon@mortoncommunity.net
phone: 01475 723571

What Data do we collect?

In implementing the new GDPR regulations we have undertaken an audit of our existing personal data to ascertain what data is held, where it is held, in what format, and where and how it was obtained, and the lawful bases for its processing. Taking into account the nature of our organisation this is unlikely to change in the short to medium term, though will be made subject to periodic review as the organisation evolves and grows.

Personal Information: Includes name, address, title, date of birth, gender, email address, telephone number(s), username or similar online identifier, password, your interests, preferences, feedback and survey responses.

Health Data: Includes disability and health information provided to ensure we provide suitable accessibility and dietary arrangements where applicable as well as health data that is necessary for the safe delivery of our programmes. Some programmes may specifically relate to improving physical and/or mental health and relevant data will be sought where this is necessary.

Billing and Transaction Data: Includes bank account, payment card details, billing address, details about payments to and from you, tickets and other services you have purchased from us and other details of product purchases or orders made by you.

Technical Data: Includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, your login history, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.

Usage Data: Includes information about how you use our website, products and services.

Marketing and Communications Data: Includes your preferences in receiving marketing from us and your communication preferences.

CCTV Data: Including video images of you from CCTV systems which we have in place at Cappielow Park.

How we collect your data

We might collect personal data in a number of ways. These primarily include:

Recruitment: When you apply for a vacant position at GMCT and when you enter into a contract of employment.

Website: When you visit our website or you provide us with any personal data through our website, including when you sign up to receive marketing communications, when you fill in any forms on our website.

Purchases: When you purchase any goods or services from us or a provider (such as a ticketing or merchandise partner), such as tickets, merchandise, memberships, or when booking a tour or event with us. Where a third party processes your personal data on our behalf to fulfil your purchase, we may receive personal data about you and your purchase from such third party.

Competitions: If you enter one of our competitions, your personal data may be collected in the entry form.

Complaint or Enquiry: When you make a complaint or enquiry, your personal data may be collected by a member of staff or will otherwise be collected via the format you choose to make your complaint or enquire (post, email or telephone).

Equal opportunities: Includes information on your gender, sexual orientation, ethnicity, age, religion, and details of any disability that you might have.

Participation:When you or your child participates in our programmes we may seek data that might include: name, address, post-code, phone number, e-mail, emergency contact, date of birth, allergies, health and medical conditions, lifestyle, ethnicity, social group, nursery/school, employment/benefit status and previous experience, care home, family status, criminal convictions. We might also seek consent for your name/image to be included in promotional and other related materials.

Employees and Applicants

We hold and process employees’ personal data as it regards their employment. This might relate to the recruitment process; to the performance of employees’ contracts of employment (including the discharge of obligations laid down by law and the rights and benefits related to employment); to the termination of the employment relationship; or, to the provision of future employment references.

What will we do with your data?

We will only use your personal data when the law allows us to (see section on legal use below). Most commonly, we will use your personal data in the following circumstances:
- To provide you with products or services you have ordered or purchased from us or a third party through our websites (such as tickets, merchandise etc.);
- To ensure the delivery of effective programmes and services (this might include eligibility criteria and/or risk assessments);
- To measure performance outcomes and impact (for example as against funding targets);
- To allow payments to be made where required in advance of the provision of any products or services which you have ordered or purchased. We will share this information with third party payment processors where required for this purpose;
- To administer any competitions, prize draws etc. which you enter into or to ask you to give feedback or take part in surveys or market research;
- For record keeping purposes;
- For fraud screening and prevention purposes;
- To market to you, where you have agreed to receive marketing communications from us and to personalise our communications with you;
- To personalise and improve your experience on our digital platforms;
- To comply with our legal obligations;
- For the purpose of academic studies (for example relating to the impact of certain types of targeted programmes).

Lawfulness of processing and further processing

GDPR sets out six lawful bases for processing data. Not all of these will apply to GMFC. The primary lawful bases for the processing of data by GMFC will be:
- Consent (where, for example, you have provided information for the purpose of participation in our programmes or where we might seek consent to share information with deliver partners);
- Necessity for the purpose of fulfilling contractual obligations (for example where you have ordered a product or service from us);
- Necessity with regard to the fulfilment of GMCT’s legal and regulatory obligations (such as compliance with the regulatory requirements of the charities regulator);
- Where it is in the legitimate interests of GMCT to contact you, and where doing so poses no disadvantage to you (such as the marketing of GMCT services where you have previously used our services and have not opted out of further communication).

In respect of children, we only hold data where parental consent has been obtained.

In order to be GDPR compliant, consent must be:
- Active (for example, it does not rely on inactivity or pre-ticked boxes);
- Distinguishable, clear and is not bundled with other written agreements or declarations; and
- Individuals must be advised of the right to withdraw consent at any time by means of a simple user-friendly process.

Special categories of data and lawful processing

Special categories include personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, data concerning health or a person’s sex life or sexual orientation. The processing of these categories of data is prohibited unless an appropriate legal basis exists for its processing.

At GMCT, we may retain sensitive personal data as described above where this is necessary for the effective delivery of targeted programmes. Any such information will be securely stored, access to that information will be limited to senior managers, and any information held will be strictly limited to as little as necessary for the required purpose and destroyed when the retention of that data is no longer absolutely necessary.

We can also retain financial data relating to bank account and credit card details. Our on line shop uses the secure payment methods to ensure that sensitive bank information is protected. Any credit card or debit card payment detail slips that are printed out, following an individual purchasing goods or services under our control, will be shredded, within five business days.

Marketing

Under GDPR we may use your personal data to send you marketing communications, where you have:
- Provided us with your express consent to do so; or
- Purchased goods or services from us and the marketing communications which we send to you relate to similar goods or services to that which you have purchased. As a charitable organisation our use of this legal basis is limited as compared to its use by commercial organisations.

Sharing your data

We will share personal data with relevant third parties where:
- We need to fulfil our contractual obligations with you, such as payment processing, delivery of products and mailing houses;
- This is necessary for the effective delivery of our programmes with delivery partners; and/ or
- We have a legal obligation to do so.

We will only share your personal data with third parties to the extent needed for those purposes. We will also share your personal data with our sub-contractors where it is necessary to do so. This might include IT suppliers, payment processors or delivery partners.

Privacy Notices

Data controllers such as GMCT must provide information notices for individuals to read in order to ensure that information is processed in a way that is transparent and for which the data controller can be held to account. The information must be provided in a concise, transparent, intelligible and easily accessible way using clear and plain language. GMCT has a designated Privacy Notice which is attached as an appendix to this document and which is highlighted on our website and in our main office at Cappielow Park.

Your Rights

Access

You can request access to a copy of your personal data that we hold, along with information on what personal data we use, why we use it, who we share it with, how long we keep it for and whether it has been used for any automated decision making. You can make a request for access free of charge by contacting us as noted above.

Right to object

An individual has a right to object to the processing of his or her data (e.g. in relation to direct marketing). Our Privacy Notice covers the individual’s right to object clearly at the first point of communication, which includes our online services.

If you reject to GMCT holding and processing your data a cessation request should be made in writing to the club secretary, as noted above. The club secretary will retain a record of the request and will take any action necessary to accede to that request.

Right to erasure (the right to be forgotten) and to restrict processing

You can ask us to delete your personal data where it is no longer necessary for us to use it, you have withdrawn consent, or where we have no lawful basis for keeping it. In addition, you can ask us to restrict the personal data we use about you where you have asked for it to be erased or where you have objected to our use of it.

Rectification

You can ask us to change or complete any inaccurate or incomplete personal data held about you.

Withdraw consent

Where you have given us your consent to use your personal data to send you marketing emails, you can withdraw your consent at any time by writing to us or by responding with the word ‘unsubscribe’ to any marketing email which you receive. You will be reminded of this right in any relevant communication such as direct marketing.

Complaints

You can make a complaint about how we have used your personal data to us by emailing the club secretary as noted above, or by writing to a supervisory authority – for the UK this is the Information Commissioner’s Office, at https://ico.org.uk/.
It is important that GMCT staff deal with any data requests promptly (and no later than within one month of the receipt of the request). We might be required to record any request (for example to ensure that your details are do not inadvertently appear on an email distribution list).

Breach Notification

We are under a very strict obligation to deal with any breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.

As a consequence:
- Notification must be made to the ICO within 72 hours of becoming aware of the breach.
- Notification must be made to the individual(s) concerned, without undue delay when the breach is likely to result in a high risk to their rights and freedoms

Failure to do so could result in GMCT being subject to a large fine. If you are aware of any breach of security, this must be notified to the club secretary who is the nominated point of reference for data protection matters, to ensure that the relevant notifications can be made.

Going forward…

As the ICO concede, they are still looking at how GDPR will apply in practice, so we must keep reviewing the ICO website

https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/

Appendix

Greenock Morton Community Trust (“GMCT”)
Privacy Notice

Protecting Your Personal Information (Data Protection)

This privacy notice explains how we use any personal information we collect about you. We are owned and operated as a professional sports club, so the information we hold is used almost solely to allow us to: meet our regulatory or legal obligations; communicate more effectively with our own supporters; and process orders for products or services on behalf of our supporters and commercial contacts.

What information do we collect about you?

We collect information about you when you engage with our programmes and services or when you enter into employment or partnership with us. This information will normally only relate to your personal details, such as your name, postal address, email address, phone number and your date of birth. It may also include special categories of personal data such as data about food allergies if this is necessary for the provision of our services or about ethnicity, health etc if this is required to be eligible for targeted programmes. We may also collect information when you voluntarily complete surveys or provide feedback to us.

Why do we need to collect and use your personal data?

The primary legal basis that governs our processing of your data are for compliance with regulatory obligations to which we are subject, in terms of the charities regulator and for the effective delivery of our programmes and services. However, we will also obtain your consent to the processing of your data for one or more specific purposes, such as marketing. Data may also be used on the legal basis that is fair to use the personal data either in our interests or someone else’s interests, where there is no disadvantage to you – this can include where it is in our interests to contact you about products or services, ask you to complete a survey or collaborate with others to improve our services. The information that we collect about you may be essential for us to be able to carry out effectively the services that you require from us, for example in the performance of a contract where you have ordered a product or service from us. Where special category data is required we will obtain your explicit consent in order to collect and process this information.

How will we use the information about you?

As a participant in our programmes we collect information about you in order to provide you with the services for which you engage us, provide appropriate follow up after you have been provided with the product or service and to keep you informed about developments at our club.

Who might we share your information with?

In order to deliver our services to you effectively we may send your details to third parties such as technology providers that we use to arrange services for you. We may need to store your personal information with other organisations to provide you with the product or service you have chosen. If you have a debit, credit or charge card with us, we will share transaction details with companies which help us to provide this service (such as Visa and Mastercard). If you use direct debits, we will share your data with the Direct Debit scheme.

Where third parties are involved in processing your data we will have a contract in place with them to ensure that the nature and purpose of the processing is clear, that they are subject to a duty of confidentiality in processing your data and that they will only act in accordance with our written instructions. Where it is necessary for your personal data to be transferred to a third party we will use appropriate security measures to protect your personal data in transit.

How long do we keep hold of your information?

We will keep your personal information for as long as you are engaged with GMCT programmes and services. After you cease participation, we may keep your data for up to 5 years to: respond to any questions or complaints; or maintain records according to regulatory rules that apply to us. We may keep your data for longer than 5 years if we cannot delete it for legal, regulatory or technical reasons. If we do, we will make sure that your privacy is protected and only use it for those purposes.

You have the right to request deletion of your personal data. We will comply with this request, subject to the restrictions of our regulatory obligations and legitimate interests as noted above.

How can I access the information you hold about me?

You have the right to request a copy of the information that we hold about you. If you would like a copy of some or all of your personal data, please email or write to us using the contact details noted below. When your personal data is processed by automated means you have the right to ask us to transfer your personal data to another organisation for their use.

We have an obligation to ensure that your personal information is accurate and up to date. Please ask us to correct or remove any information that you think is incorrect.

Safeguards

We have in place physical, electronic and procedural safeguards appropriate to the sensitivity of the information we maintain to keep personal information protected from unauthorised access. Among such safeguards are the encryption of communications via SSL, encryption of information while it is in storage, firewalls, access controls, separation of duties and similar security protocols. However, due to the nature of the Internet and related technology, we cannot guarantee the security of personal information and GMCT expressly disclaims any such obligation.

Marketing

In terms of contacting you for marketing purposes, there may be occasions where we would like to send you information about our programmes and services that we think may genuinely be of interest to you. If you have agreed to receive marketing information, you may opt out at a later date. You have a right at any time to stop us from contacting you for marketing purposes. If you no longer wish to be contacted for marketing purposes, please email or write to us using the contact details noted below

Other websites

GMCT sites may include links to other websites whose privacy policies we do not control. Once you leave our servers (you can tell where you are by checking the URL in the location bar on your web browser), use of any personal information you provide is governed by the privacy note of the operator of the website you are visiting.

What can you do if you are unhappy with how your personal data is processed?

You also have a right to lodge a complaint with the supervisory authority for data protection. In the UK this is: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. Telephone: 0303 123 1113 (local rate).

Changes to our privacy policy

We keep our privacy policy under regular review and we will inform you of any changes when they occur. This privacy policy was last updated on 25th May 2018.

How to contact us

Please contact us if you have any questions about our privacy policy or information we hold about you by email at gordon@mortoncommunity.net or you can write to us at: Greenock Morton Football Club, Cappielow Park, Sinclair Street, Greenock, PA15 2TY. Our main telephone number is 01475 731949.