Data controller details
The Club is a “data controller” which controls how your personal data is used.
Our contact details are as follows:
By telephone: 0344 372 1892
By email: Legal Department at dataprotection@nufc.co.uk
By post: Legal Department, Newcastle United Football Club, St. James’ Park, Newcastle upon Tyne, NE1 4ST
ICO Registration Number: ZB521459
Data protection principles
We will comply with the data protection principles when processing personal data. This means that we will:
process it fairly, lawfully and in a transparent manner and be accountable for the way in which we use your data;
collect it only for specified, explicit and legitimate purposes (and will not process it in a way that is incompatible with that purpose), and only process it if it is adequate, and necessary for the relevant purpose;
process only what is necessary (in relation to the purposes for which the personal data is processed);
keep it accurate and up to date, and take reasonable steps to ensure that inaccurate personal data is deleted or corrected without delay;
retain it for no longer than is necessary for the purposes for which it was processed; and
take appropriate technical and organisational measures to ensure that personal data is kept secure and protected against unauthorised or unlawful processing, and against accidental loss, destruction or damage.
What information do we collect?
The personal data that we collect about you depends on the particular services that we provide to you or when you otherwise engage with us, such as online (e.g., via our website, social media, or app), attend an event, or when you otherwise phone, email or communicate with us. The means by which we may collect and use the following personal data about you can be found at the Appendix to this Privacy Notice. We may periodically update this if we need to collect or process it for a different purpose.
How do we collect your information?
We collect personal data from you – in person, by telephone, text, email and/or via our website and app. However, we may also collect information from:
a third party directly (e.g., our commercial partners, other football clubs and football authorities, such as the Premier League, and ticketing providers);
a third party with your consent (e.g., your bank or building society);
cookies on our website – for more information on our use of cookies, please see our cookie notice here https://www.newcastleunited.com/en/cookie-policy;
our IT systems (e.g., automated monitoring of our websites and other technical systems, such as our computer networks and connections, CCTV and access control systems, communication systems, email and instant messaging systems);
your interaction with other websites that fall under our company group (e.g., through our online shop); and/or
the government, regulators and law enforcement authorities.
How will we use your information?
Under data protection law, we can only use your personal data if we have a proper reason, or “lawful basis” for processing such data, for example:
where you have given your consent;
to comply with our legal and regulatory obligations;
for the performance of a contract with you or to take steps at your request before entering into a contract; or
for our legitimate interests or those of a third party.
A legitimate interest is when we have a business or commercial reason to use your personal data, so long as this is not overridden by your own rights and interests. We will carry out an assessment when relying on legitimate interests.
More details about how we use your personal data and why are set out in the Appendix to this Privacy Notice below.
Special category personal data
Where we process special category personal data, we will also ensure that we are permitted to do so under data protection laws, e.g.:
we have your explicit consent;
the processing is necessary to protect your (or someone else’s) vital interests where you are physically or legally incapable of giving consent;
the processing is necessary to establish, exercise or defend legal claims; and/or
the processing is necessary for reasons of substantial public interest.
More details about how we use any special category data, where applicable, and why are set out in the Appendix to this Privacy Notice below.
Criminal convictions data
We may need to process information relating to criminal convictions, offences, allegations, or related proceedings in limited circumstances. This includes situations where it is necessary for safeguarding children or adults at risk, for ensuring the safety of supporters, or for addressing incidents of violent or anti-social behaviour.
Where permitted under applicable law, we may also share relevant information with law enforcement authorities, football authorities, and other football clubs. This may include sharing details needed to help prevent or address violent or anti-social conduct at matches, support the enforcement of safety or conduct-related sanctions, combat ticket touting, or otherwise respond appropriately to incidents connected to matches or Club activities. Any such processing or sharing will only take place where it is strictly necessary and where we are authorised to do so in accordance with data protection laws.
How long will we keep your information?
We will not keep your personal data for longer than we need it for the purpose for which it was collected, including for the purposes of satisfying any legal, regulatory, tax, accounting, safeguarding, or reporting requirements. In most cases, this means that we will retain your personal data for up to 6-7 years after our relationship with you has ended. This reflects the applicable statutory limitation periods, during which legal claims may be brought.
Please note that if you hold a membership with the Club, we will retain the personal data associated with your membership for the duration of your membership and for 6 years thereafter.
Where we need to retain information for a longer period – for example, to comply with safeguarding requirements, to investigate or defend legal claims, to maintain appropriate accounting records, or to meet our obligations under relevant football authority rules – we will only do so where strictly necessary and in accordance with applicable data protection laws.
Once the relevant retention period has expired, we will securely delete or anonymise your personal data.
For further information on our retention periods, please reach out to us via our contact details below (see “How to contact us”).
Who else might use your information?
We need to share your information internally and with other third parties (details of which are set out in this section). When we transfer your personal data to any third party, we will always ensure that appropriate safeguards or measures are in place to protect your personal data.
Within the Club
Your information may be shared with colleagues within Newcastle United where it is necessary for them to undertake their duties.
With football authorities and other clubs
For the purposes of compliance with any necessary legal and regulatory measures or where we otherwise deem it necessary to do so, football authorities (e.g. the Premier League, the FA, UEFA, FIFA) and other clubs may have access to certain information about you.
To service providers
In order to provide our products and services to you, we may need to appoint other organisations to carry out some of the processing activities on our behalf. These will include, for example, delivery organisations and mailing houses, as well as digital service providers. In these circumstances, we will ensure that your information is properly protected and that it is only used in accordance with this policy. We will also make sure that we have appropriate contracts in place with these third parties.
To other third parties
We may also share your information with the following third parties:
third parties approved by you and other third parties we use to help us run our business (e.g., commercial partners, our bank, website analytics providers);
the government, regulators, courts and tribunals: where the law tells us to do so or to help them with any investigations;
police, law enforcement and security services: to help them with any investigation, prevention of crime or matter of national security;
our external auditors and professional advisors (such as lawyers and other advisors), in which case the recipient of the information will be bound by confidentiality obligations;
payment providers;
other football clubs (e.g. in the circumstances set out in Criminal Convictions Data above); and/or
other parties that have or may acquire control or ownership of our business (and our or their professional advisors) in connection with a significant corporate transaction or restructuring. The recipient of any of your personal data will be bound by confidentiality obligations.
Offers and opportunities
Our Club teams up with a selection of carefully chosen commercial partners, for which an up-to-date list is available on the website.
Our commercial partner programme is designed to support the Club and also to bring customers, fans and website users a diverse range of opportunities and offers (including financial services offers) at competitive prices. We and/or these commercial partners may contact you with details of offers in a number of ways, including post, telephone, text/picture/video message, digital television, fax or by email.
Marketing by the Club
We may send you communications about our own products, services, events, ticketing opportunities and offers where we are permitted to rely on legitimate interests – specifically, where we have met the requirements for soft opt-in (for example, where we obtained your details in the course of providing you with a product or service and you did not opt out at the time). In these circumstances, we do not require your consent, but you will always have the right to opt out of such communications at any time.
Third-party marketing
Where we or third parties, including our commercial partners, wish to send you marketing about their products or services, we will only do so where you have provided us with your express consent. If you express an interest in an offer from one of our commercial partners, that partner may let us know, which helps us consider your preferences when developing our partner programme.
Members of the Club
If you hold a membership with the Club, your membership entitles you to certain benefits. We will contact you about these membership benefits without requiring your consent, as these communications form part of your membership. However, you may opt out of receiving such benefit-related communications at any time.
How you can withdraw consent or opt out
Where we rely on your consent, or where you wish to opt out of first-party marketing or membership-related communications, you can withdraw or update your marketing preferences at any time by:
updating your preferences in the dashboard of your online account;
contacting us using the details in the “How to contact us” section of this notice;
clicking the “unsubscribe” link in our emails; or
following the instructions provided in our text messages.
Please note, if you do withdraw your consent or opt out of receiving information, we and/or our commercial partners may no longer be able to keep you informed of new services, products, events or special offers that may interest you and our ability to inform you of ticketing opportunities will be affected.
Transfer of your information outside the United Kingdom
Some of the organisations to which we may transfer your personal information are situated outside of the United Kingdom (and, where applicable, the European Economic Area (“EEA”)).
Whenever we transfer personal data internationally, we comply with the UK (and, where relevant, EEA) data protection laws and ensure appropriate safeguards and data security measures are in place. We will only transfer your personal data where:
the destination (to which we transfer your personal data) is subject to an “adequacy regulation” or “adequacy decision” that ensures an adequate level of protection for personal data; or
appropriate safeguards are in place, together with enforceable rights and effective legal remedies; or
a specific exception applies under relevant data protection law.
Where an “adequacy regulation” or “adequacy decision” does not apply, we rely on legally-approved standard data protection clauses recognised or issued under the UK GDPR and/or EU GDPR. In the event we cannot or choose not to continue to rely on either of these mechanisms at any time, we will not transfer your personal data outside the UK/EEA, unless we can do so on the basis of an alternative mechanism or exception provided by UK data protection law and reflected in an update to this Privacy Notice.
Cookies
Our website uses cookies and similar technologies (like pixels and tags) to help us ensure our website works, to understand how it is used, to show you relevant content, and to distinguish you from other users of our website.
If you would like to find out further information, please see our cookie notice here https://www.newcastleunited.com/en/cookie-policy or interact with our cookie banner on our website.
Users of ‘Recite Me’
Our website is supported by Recite Me. Recite Me is a data processor to us, because we are providing the content on the website as the data controller – and Recite Me processes some of the data collected by our website when requested by the user to provide a translation service and to put a voice to the written text.
Use of Recite Me is entirely optional for visitors to our site. Recite Me is a cloud-based web accessibility solution which allows visitors, if they so choose or require, to customise the site the way they need it to work for them. For example, it includes text to speech functionality, dyslexia software, an interactive dictionary, a translation tool with over 100 languages and many other features. We are conscious that up to one in five people who visit our website cannot access the content easily – they might need to adjust the colour contrast settings, make the fonts larger or have the content read out to them.
Recite Me uses cookies for ‘Preferences’ and ‘Persistence’. ‘Preferences’ are used to allow Recite Me to remember what accessibility options users chose and allows the toolbar to recall them on multiple visits if cookie history is not cleared. ‘Persistence’ is used to ensure the whole website changes to reflect the requests made by the user via the Recite Me toolbar.
The only data captured by Recite Me is an IP address. This is captured by Recite Me in order to provide us with anonymised usage statistics. In addition to this Privacy Notice, you can also find Recite Me’s Privacy Notice, together with further information, here.
Sensory Room
The Club provides a dedicated Sensory Room at St. James’ Park to support supporters who may benefit from a calmer and more accessible matchday environment. When you request access to or use the Sensory Room, we may need to collect and process personal data – including information relating to accessibility needs or health conditions – to determine eligibility, manage bookings, ensure appropriate adjustments are provided, and to support your safety and wellbeing during your visit.
Some of the information we collect for this purpose may qualify as special category personal data (e.g., data concerning health or disability). Where this applies, we will only process such information where we are permitted to do so under applicable data protection laws, including where we have your explicit consent, where processing is necessary for reasons of substantial public interest (such as safeguarding or ensuring accessibility), or where required to protect your vital interests or those of another individual.
More detailed information about the personal data that we process in connection with the Sensory Room can be found in the Appendix to this Privacy Notice.
Security of your information
We take the security of your personal information seriously and have appropriate security measures to prevent personal data from being lost accidentally, or used or accessed unlawfully.
When you submit your credit card details, we use industry standard Secure Sockets Layer (SSL) encryption technology to guard your information. In addition, we have security procedures in place to protect our paper-based systems and computerised databases from loss and misuse, and only allow access to them when it is absolutely necessary to do so, and then under strict guidelines as to what use may be made of the personal information contained within them. Please note that we cannot guarantee any data transmission over the internet is completely secure.
Monitoring
We may monitor and record communications with you, including telephone calls and emails, for quality assurance, training, fraud prevention, compliance and security purposes. This may include the recording and transcription of telephone calls. Where required by law, we will inform you if we are recording a call and the reasons for doing so.
