Privacy Policy
What does this policy cover?
This policy describes how The Football Association Limited (“The FA”) and programme providers (“Providers”) (collectively “we” and/or “us”) will make use of your data when collected and processed on Book Football for the purpose of Providers delivering their programmes. For information on how Providers use your personal data separately from Book Football, you should reach out to your specific programme provider or visit their privacy policy.
Book Football is used to facilitate the running of football programmes, and in respect of parents, booking your children onto the programmes, courses and training sessions.
If you are a parent or guardian of a participant, the data controller for your information is the provider for the programme your child is attending. If you are a coach, the data controller for your information is the provider of the programme for which you are running. The FA is also the data controller in respect of the data you provide in order to link the information you provide on Book Football to your FA account and assess your eligibility to coach. For more information on how The FA processes your account information more generally, please visit https://www.thefa.com/public/privacy.
If you are a provider, The FA is the data controller in respect of the management and eligibility of providers via Book Football.
If you are registering a third party for a programme you must make sure they are aware of this, and direct them to view this privacy policy.
What information do we collect?
We may collect, use, and store different kinds of personal data about you when you register as a provider, or sign up to attend an event. This will typically be provided directly by you and may include information you provide on registration but may also involve data you have provided to The FA previously attached to your FAN.
Depending on your role and relationship with us, the personal data we may collect and/or process may include:
| Category of Data | Type of Data |
| Identity Data | such as your first and last name, FAN number, age, date of birth and gender. |
| Contact Data | such as your email address, address, postcode and telephone number(s). |
| Profile Data | such as your FA username and password. |
| Football Data | such as your DBS status, suspension status and qualification status. |
| Attendance Data | such as allergy information, accessibility information, bookings, attendance and kit size. |
| Finance Data | such as your payment information and invoicing. |
| Technical Data | such as your internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and information about how you use our website, products and services. |
What information is provided by third parties?
Sometimes, we receive information about you from third parties. For example, where you are a player, your coach may submit information about you in relation to your booking or attendance.
We may also obtain information about you from third party service providers, such as analytics platforms that measure advertising, viewership and engagement, which we may use to help us better understand our users and send them appropriate information.
How do The FA and Providers use YOUR PERSONAL DATA?
We will only use your personal data to the extent which is permitted by law. The table below shows some examples of how we might use your personal data, and how we have a lawful basis for those uses.
The FA
| Use | Lawful Bases |
| Linking your FA account with the personal information submitted via Book Football and run the Book Football platform. | Necessary to fulfil the contract entered into with you. Necessary for our legitimate interest (run our business and facilitate provider programmes). |
| Administer and govern the acceptance/rejection of providers, including their coaches and staff. | Necessary for our legitimate interest (carry out our role as the governing body of English football). |
| To check your DBS and suspension status to ensure you are eligible to run these activities. | Necessary for our legitimate interest (to carry out our role as a governing body, discharge our safeguarding duties and protect individuals from harm) |
| To process feedback and improve our services. | Necessary for our legitimate interest (to develop and improve our services). |
| Communicate with you about completing surveys. | Necessary for our legitimate interest (to study how you use our service, to develop our service and this pilot programme). |
| To send you marketing about goods and services you may be interested in. | Consent. |
For more information on how The FA processes your personal data more generally, including its use of your FA account data, please visit https://www.thefa.com/public/privacy.
Providers
| Use | Lawful Bases |
| Administer and facilitate organising, booking, delivery, attendance and participation in their programmes. | Necessary to fulfil the contract entered into with you. |
| To process feedback and improve their programmes. | Necessary for each provider’s legitimate interest (to develop and improve their courses/programmes). |
| Communicate with you about your booking and updates/changes to your booking and Provider programmes. | Necessary for each provider’s legitimate interest (to run their business and their programmes). |
For more information on how each programme provider processes your personal data more generally, please visit reach out to your provider, or visit their privacy policy.
Withdrawing consent or otherwise objecting to direct marketing
Wherever we rely on your consent, you will always be able to withdraw that consent.
You have an absolute right to opt-out of direct marketing, or profiling we carry out for direct marketing, at any time. You can do this by following the instructions in the communication where this is an electronic message, or by contacting us using the details set out below.
How DO we share your information?
Personal data will be shared directly by you with Stripe, a payment provider, for the purposes set out above.
Personal data may also be shared with government authorities and/or law enforcement officials if required for the purposes above, if mandated by law or if required for the legal protection of our legitimate interests in compliance with applicable laws.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
WHAT ABOUT INTERNATIONAL DATA TRANSFERS?
We may use third party providers to deliver our services, such as externally hosted software or cloud providers, and those providers may involve transfers of personal data outside of the UK. Whenever we do this, to ensure that your personal data is treated by those third parties securely and in a way that is consistent with UK data protection law, we require such third parties to agree to put in place safeguards. This may include specific contracts approved for use in the UK which give personal data the same protection it has in the UK or other equivalent measures as required.
Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the UK.
HOW LONG DO WE RETAIN YOUR DATA FOR?
We will only retain your personal data for as long as it is necessary for the purpose we collected it for, or where we’re required to keep it for any legal, accounting or reporting requirements.
If you have submitted a booking to take part in a recreational football session or you are a session organiser, we keep the data for 5 years from your last interaction with us or from when any relevant contract ends in relation to such recreational football session.
Data attached to your FAN number will be retained in accordance with our main FA privacy policy.
For more information on how each programme provider retains your data more generally outside of the Book Football platform, please contact your provider, or visit their privacy policy.
WHAT RIGHTS DO YOU HAVE IN RELATION TO YOUR PERSONAL DATA?
Under certain circumstances, you may have the following rights in relation to your personal data:
| Right | What does this mean? |
| 1 | A right to access personal data held by us about you (commonly known as a "data subject access request"). You can access the personal data we hold about you on The England Football Community by following the guidance here. |
| 2 | A right to require us to rectify any inaccurate personal data held by us about you, though we may need to verify the accuracy of the new data you provide to us. |
| 3 | A right to require us to erase personal data held by us about you where there is no good reason for us continuing to process it. This right will only apply where, for example, we no longer need to use the personal data to achieve the purpose we collected it for; or where you withdraw your consent if we are using your personal data based on your consent; or where you object to the way we process your data (in line with Right 6 below). Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request. |
| 4 | A right to restrict our processing of personal data held by us about you. This right will only apply where, for example, you dispute the accuracy of the personal data held by us; or where you would have the right to require us to erase the personal data but would prefer that our processing is restricted instead; or where we no longer need to use the personal data to achieve the purpose we collected it for, but we require the data for the purposes of dealing with legal claims or due to having overriding legitimate grounds to use it. |
| 5 | A right to receive personal data, which you have provided to us, in a structured, commonly used and machine readable format. You also have the right to require us to transfer this personal data to another organisation. |
| 6 | A right to object to our processing of personal data held by us about you where we are relying on a legitimate interest (or those of a third party), and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms. |
| 7 | A right to withdraw your consent, where we are relying on it to use your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain services to you. We will advise you if this is the case at the time you withdraw your consent. |
| 8 | A right to ask us not to use information about you in a way that allows computers to make decisions about you and ask us to stop. |
HOW CAN YOU CONTACT US?
If you have any questions about this policy or any other data protection queries you can contact The FA’s Data Protection Team using dataprotection@thefa.com or by writing to Data Protection Officer, Wembley Stadium, PO Box 1966, London, SW1P 9EQ.
If you wish to make a data privacy request you can do so via our online form, which can be found here.
You also have the right to lodge a formal complaint with the UK Information Commissioner's Office. Full details may be accessed on the complaints section of the ICO's website. We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.