If you are aged 12 or under (a child), or you are reading this on behalf of a child for whom you have parental responsibility, please refer to 11. CHILDREN AND PRIVACY.
We are a "controller" under the General Data Protection Regulation (the GDPR, including as adopted under UK law after the end of the Brexit transition) and other applicable data protection legislation (Data Protection Law). This means we are responsible for deciding how we use the personal data that we collect about you and, in accordance with the Data Protection Law, we will ensure that the personal data we hold about you is, at all times:
Personal data means any information about an individual from which that person can be identified. We may collect, store, transfer and use various types of your personal data:
Not all of the list above will necessarily apply to you - it depends on your use of the Services and your particular interaction and communications with us. Please refer to 4. HOW AND WHY WE USE YOUR PERSONAL DATA below.
You provide us with your personal data when you:
In connection with some elements of the Services we also receive additional personal data about you from other organisations who have collected personal data from you, such as our member football clubs from time to time (Clubs), other footballing organisations (such as the FA or FIFA) and our commercial partners (like EA) and data collected on our behalf at Premier League events. We may also receive personal data as part of the legal processes we undertake to protect our Services and our intellectual property, such as our brand or media rights, or those of our licensees/commercial partners.
We use a third party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to certain parts of the Services. This information is only used by us in a way which does not identify you. We do not make, and do not allow Google to make, any attempt to find out the identities of anyone visiting our website.
We will only use your personal data where Data Protection Law allows us to. Data Protection Law says we can collect and use personal data on the following bases:
Data Protection Law says we can only collect and use your Sensitive Personal Data where an additional basis applies: for reasons of substantial public interest, including when preventing or detecting unlawful acts or in connection with our regulatory and oversight functions in sport; in connection with legal claims; cases where you have made the data public yourself; or where you have given explicit consent.
Accordingly, we lawfully use your personal data in the following ways:
Delivering the Services: We use the Registration Data, User Data and Contact Data so that we can deliver the Services to you in an effective, efficient and accurate way. Without it, we would not be able to deliver a tailored service to you or respond to issues with these Services that are identified by us or you, or ensure you get the most out of your experience. Therefore, we use this data on the basis that it is necessary for us to be able to perform our agreement with you (i.e. the terms and conditions of the relevant Services) and for our legitimate interests of delivering the Services in this way.
Operating the Services: We use the Technical Data in order to operate and administer the Services including as necessary for testing, analysis, maintenance, support, reporting and hosting of data. Therefore, we use this data on the basis that it is necessary for our legitimate interests of operating the Services in this way. We also use Technical Data together with certain Identity Data and Contact Data to assist in security and fraud prevention, system integrity (such as preventing hacking, cheats and spam) and/or to facilitate our response to a legal process. Therefore, we use this data on the basis that it is necessary both for our legitimate interests in protecting the Services in this way and in order that we can comply with a legal obligation.
Competitions and promotions: We use Identity Data and Contact Data and any other personal data related to the entry (for example, a photograph) in order that we can administer and operate contests, prize draws, competitions or other promotions including selecting the winners, delivering the prizes and publishing the results (as required by UK advertising regulations). Therefore, we use this data on the basis that it is necessary for us to be able to perform our agreement with you (i.e. the terms and conditions of the relevant promotion) and in order that we can comply with a legal obligation. If we want to use the personal data for any other purpose we will notify you and, if necessary, seek your consent at that time.
Marketing communications: We use the Identity Data and Contact Data to inform you of news, offers, events, competitions and promotions by specified media (including, if requested, by way of calendar notifications) which may be of interest to you and/ or we provide such data to our Clubs and/or our official commercial partners so that they can do this. We give you the option of providing opt-in consent to receive different kinds of direct marketing communications from us or these third parties or deciding not to do so.
OPT-ING OUT: You can withdraw your consent and opt-out of marketing communications from us at any time by updating your Email Preferences (where you have signed up to our website) or by following the instructions provided to you in the relevant communication (for example, the 'unsubscribe' link in an email). Alternatively, you may contact us at email@example.com. We may still need to send service emails to you from time to time.
Media coverage: We use the Media Data together with Identity and Contact Data for Premier League-related publishing and media coverage. Except where you are not the subject of the Media Data, for example in general crowd shots, we will seek your consent and provide you with information about our intended use of such information.
Fanzone callers: The Premier League delivers the Fanzone Programme in conjunction with IMG Studios. We use the Identity Data, and Contact Data along with any other information you share with us (for example, which Club you support) when you contact us via your chosen means (a "caller") in connection with our operation, administration and distribution of the Fanzone audio-visual programme. We then keep a record of this information so that we can contact you in the future if we would like to hear from you again or reuse your comments. By providing this information to us you are consenting to our use of the data for these purposes and you can withdraw that consent at any time by contacting us at firstname.lastname@example.org. Note that we also keep a record of caller details to ensure we don't use the same callers each time and to prevent a repeat of abusive callers so we are using this data on the basis that it is necessary for our legitimate interests in providing interesting, inclusive and responsible programming.
Other purposes: We might have to use your personal data to protect your or someone else's vital interests for example to make contact in rare emergency situations. We could also have to use your personal data in connection with legal and regulatory matters such as our maintenance of business records, compliance with external reporting requirements and internal policies and procedures and responses to requests by government, law enforcement, regulators, courts, rights holders or other third parties including in respect of the use or misuse of intellectual property, such as our brand or media rights, or those of our licensees/commercial partners or their parties. Therefore we use this data on the basis that it is necessary both for our legitimate interests in protecting, defending and enforcing rights and interests in this way and also so that we can comply with legal obligations. We may also use your personal data when we process Media Data as part of our dedicated reporting and take-down programme helping to fight serious abuse against players, coaching staff and their families in social media. We use this data for our legitimate interests in fighting abuse and, where Sensitive Personal Data is involved, in order to prevent or detect unlawful acts, in connection with legal claims and where you have made the data public yourself.
We will only use your personal data for the purposes for which we collected it as described above, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Unless otherwise specified above, generally we collect your personal data on a voluntary basis. However, please note that if you decline to provide certain mandatory personal data, you may not be able to access certain Services and we may be unable to fully respond to any inquiries you make.
We may disclose or share your personal data in the following circumstances:
Please read carefully any additional privacy notices which we may provide to you so that you are aware of and understand any other circumstances in which we may disclose or share your personal data which are specific to your use of the Services and/or your relationship with the Premier League.
Some countries outside of the UK and the European Union (EU) do not have laws that protect privacy rights and personal data as extensively as the UK and other countries within the EU. We do not generally or routinely transfer personal data outside of the UK and the EU but some of the organisations to which we may disclose personal data may be situated outside of the UK and the EU. If we do transfer your personal data outside of the UK and the EU, we will ensure that your personal data is protected to a similar degree, in accordance with Data Protection Law. We do this by ensuring one of the specific safeguards approved by the European Commission is in place. You can find further information about these safeguards at https://ec.europa.eu/info/law/law-topic/data-protection_en. We do use our branch office in Singapore to process certain personal data in relation to the online abuse programme.
If you would like further information on the specific mechanism used by us when transferring your personal data out of the UK and the EU you can contact us using the details provided below.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed (a Data Security Breach). In addition, we limit access to your personal data to those employees, contractors and other third parties who have a business need to know. They will only use your personal data on our instructions and they are subject to a duty of confidentiality.
Where we have given you or you have chosen a password which enables you to access certain Services, you are responsible for using reasonable care in keeping this password confidential.
We will only keep your personal data for as long as necessary to fulfil the purposes we collected it for (see 4. WHY WE USE YOUR PERSONAL DATA), including for the purposes of satisfying any accounting, reporting or other legal requirements, in accordance with our internal Data Retention Policy.
To determine the appropriate retention period, we review - in addition to the purposes of use and how we can achieve them - other relevant factors such as the nature and scope of the personal data, the potential risks to data subjects from a Data Security Breach, and the applicable legal requirements, for example the limitation period for which legal claims can be made in court.
For example, all non-activated Premier League accounts are deleted after 21 days and all non-authorised child accounts are deleted immediately if a parent withholds consent and after 21 days if a child’s account is not verified.
Under Data Protection Law, you have certain rights (depending on the circumstances) in connection with your personal data, which include:
We are committed to respecting your rights. You may action your rights (as may be applicable) by contacting us using the details provided below (12. CONTACT US) and we will comply with your requests within a reasonable period unless we have a lawful reason not to do so. Requests should be made in writing and to ensure that personal data is dealt with carefully and confidentially we will require the requestor to provide verification of their identity and all applications must be accompanied by copies of at least two official documents, which show your name, date of birth and current address (for example, driving licence, birth/ adoption certificate, passport, recent utility bill).
In responding to such requests, we will explain the impact of any objections, restrictions or deletions requested.
We will not charge you a fee to exercise your rights unless your request is clearly unfounded or excessive, in which case we may charge you a reasonable fee. Alternatively, we may refuse to comply with the request in such circumstances.
Additionally, should you wish to permanently delete your Premierleague.com account and your personal data, you may do this yourself by following the below instructions:
You also have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK data protection authority. The ICO's contact details as are follows: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF; Tel: 0303 123 1113 (local rate) or 01625 545 745; https://ico.org.uk/global/contact-us/
It is important to us that children can enjoy our Services in a responsible manner. We encourage parents and guardians to supervise their children's online activities by, for example, adopting control tools available from online services and software suppliers that help provide a child-friendly online environment including by preventing children from disclosing their personal data online without parental permission.
We are committed to safeguarding children's personal data collected online, and to helping parents and guardians and their children learn how to exercise control over personal data while exploring the Internet.
If you are aged 12 or under (a child), we will require permission from your parent, carer or person with parental responsibility in order for you to register for a Premier League account. If you are a child, you will be asked to give the name and email address of the person with parental responsibility for you. A confirmation email will then be sent to them. Your Premier League account will only become active once that person has responded to that email confirming their parental responsibility and providing their consent. We may take other reasonable steps to confirm parental responsibility.
Premier League Data Protection Lead
The Football Association Premier League Limited
Brunel Building, 57 North Wharf Road
London, W2 1HQ
(0)207 864 9000