Use of Personal Information
Established in May 2013, City Football Group Limited owns shareholdings in a number of football-related entities across the world. These include professional football clubs, charitable foundations, academies, technical support and marketing companies. This Safeguarding Privacy Notice (“Privacy Notice”) is issued on behalf of City Football Group Limited and the companies in its group, so when we mention “CFG”, “we”, “our” or “the Group” in this Privacy Notice, we are referring to the relevant company in the Group responsible for processing your personal information. Further information on the organisations in which CFG has shareholdings can be found here on the Group's website. This site also provides further details on its safeguarding policies and programmes which are applied across Group operations.
When you submit information on this website, City Football Group Limited is the controller and responsible for this website. City Football Group Limited is a company registered in England and Wales with company registration number 8355862. Registered office: Regent's Place 14th Floor, 10 Brock Street, London, NW1 3FG.
Our Privacy Notice sets out the ways in which we will handle your personal information, and informs you about your privacy rights and how the law protects you. This Privacy Notice aims to give you information on how we collect and process your personal data in connection with our safeguarding-related activities and practices across the Group (“Safeguarding Activities”).
We take our ‘safeguarding’ responsibilities very seriously. Our Safeguarding Activities are designed to promote and protect the rights and well-being of children and other vulnerable people across our Group operations. In meeting our legal, regulatory and policy obligations, it is necessary to collect personal information relating to individuals, such as yourself (“you”, “your”), who come into contact or are otherwise connected with our Safeguarding Activities. As such, we also take the privacy, protection and processing of any personal information related to our Safeguarding Activity very seriously.
In the fulfilment of our strategic safeguarding objectives, CFG has established its “SafeAtCity” framework which aims to facilitate our Safeguarding Activity across our operations. All our related safeguarding information and further information on our Safeguarding Activities can be found on this site.
This Privacy Notice is provided in a layered format so you can click through to the specific areas set out below.
It is important that you read this Privacy Notice together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing your Personal Information so that you are fully aware of how and why we are using your information.
- the CFG Safeguarding Strategy; and
- the CFG Safeguarding Policy (click link to view: CFG Safeguarding Strategy),
as well as local privacy notices pertaining to each CFG-related operation or subsidiary in the Group.
What information do we collect about you?
Personal data, or personal information, means any information about an individual from which that person can be identified (“Personal Information”). It does not include data where the identity has been removed.
The Personal Information collected depends on the Safeguarding Activity and how an individual is involved or connected with such Safeguarding Activity. This may include:
- personal details (including name and contact details) of any person who:
- undertakes employment, volunteering or other work with a CFG-related entity;
- takes part in an activity with us;
- raises a concern about a child or other vulnerable person (including if a safeguarding concern is submitted via the form we make available on our website);
- is the subject of a safeguarding-related concern or complaint, including concerns that have arisen away from any of our activities but are disclosed during, or witnessed within, an activity with us; and
- has had a safeguarding-related concern or complaint made against them;
- is connected to a safeguarding-related concern or complaint. For example, if you are a parent or guardian of a child who is the subject of a safeguarding-related concern or complaint, or a police officer who attended an incident
- criminal record check information (for job applicants, employees and others appointed to work with CFG) required to assess an individual’s suitability to work in a role with CFG and any information required to further assess suitability in relation to information disclosed through the check process;
- records of training (for employees and others appointed to work with CFG) such as qualifications or attendance on safeguarding-related training events;
- details of the relationship to our Group and associated information, for instance, details of job role and manager, the program participated in, and the relationship to others involved in any safeguarding-related matter (e.g. father, mother, team-mate);
- information related to an allegation or concern depending upon the nature of the allegation or concern, this could include a description of behavior or conduct (criminal or otherwise), activities undertaken in relation to any organisations within our Group, location and time of an incident, or other data which are relevant to the allegation or These data may also include Personal Information contained in the statements provided by a witness, complainant or subject in the course of gathering information relating to a safeguarding concern; and
- information related to special category data, such as health and especially where those are related to Safeguarding Activity. Whilst we don’t intend to process or collect such data, in some circumstances (particularly where information is submitted via our website), we acknowledge that we may collect such information
Categories of persons concerned
Through its Safeguarding Activity, the Group may process the Personal Information of any individual covered by the organisational safeguarding policies and Safeguarding Code of Conduct (please see our Safeguarding Policy for further information). These policies recognise state, federal/national and international law alongside the requirements of football or sports federations.
As such it may be necessary to process Personal Information relating to any individual in direct or indirect contact with any of our participants or programmes, including, but not limited to:
- members of the CFG workforce and any other worker subject to the CFG Safeguarding Policy and/or Code of Conduct;
- individuals employed or deployed through a partner or third party involved in the delivery of a CFG-related activity;
- participants on any CFG-related programme (e.g. Academy players), including participants from other clubs or activity programmes who are in direct contact with CFG participants (e.g. the match opposition);
- individuals attending match day activities, other events managed by or involving CFG or an organisation within our Group;
- any individual involved in any activity delivered in partnership with CFG or any organisation within our Group by or through a partner organisation, contractor or commissioned service parents/guardians; and/or
- other persons with care or supervision responsibilities (such as parents, carers, siblings, agents, chaperones) to those listed above.
How is your Personal Information collected?
We may receive and/or collect your Personal Information through a variety of different methods, including through:
- Direct interactions: you may give us your name and contact details by filling in a form our website, or by liaising or corresponding with us (either in-person, on the phone, via email or otherwise);
- Third parties: given the nature of Safeguarding Activities, we may receive your Personal Information from a variety of sources:
- an individual or third party may submit a safeguarding concern or complaint which references or identifies you (either directly or indirectly);
- your parent or guardian or other individuals with care or supervision responsibilities may provide us with Personal Information relating to you;
- Third Parties or Partners we work with may provide us with your Personal Information (for example, if a safeguarding incident occurred in the delivery of a CFG-related activity)
- External agencies: we may also receive your Personal Information from external agencies, such as the police, school or child protective services.
- Technical information, including the Internet protocol (IP) address used to connect your device to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform.
- We may also receive your Personal Information from other organisations within our Group.
We will tell you at the time we collect your Personal Information if it is a statutory requirement for you to provide such information to us.
Purposes for which your Personal Information may be processed
We will only use your Personal Information when the law allows us to. Most commonly, we will use your Personal Information in the following circumstances:
- Where we need to comply with a legal obligation.
- Where is it necessary for our legitimate interests.
We will use your Personal Information for purposes relating to our Safeguarding Activity, and in particular, for the following purposes:
- to implement and enforce policies relating to pre-recruitment checks (for job applicants, employees and others appointed to work with CFG), receiving and reviewing concerns or allegations or reports of safeguarding incidents, and taking any necessary action to protect the rights and well-being of children or other vulnerable people and to prevent abuse and poor practice;
- to operate and administer our systems and procedures, including the retention of Personal Information from our Safeguarding Activity, in support of our Safeguarding Policy and allow external monitors to ratify our compliance with legal and regulatory obligations;
- enable us to act on, track and monitor any safeguarding-related concerns or complaints reported to us; and
- to share information with other agencies involved in the protection of children, or other vulnerable people, where we are obliged to do so under law and/or in order to protect the rights and well-being of these.
It is necessary for our legitimate interests and in the legitimate interests of others for us to:
- promote and protect the rights and wellbeing of children and other vulnerable people;
- perform and undertake Safeguarding Activity which is carried out in the best interests of children and other vulnerable people (in line with the principles set out in the United Nations Convention and UK legislation); and
- enhance public trust and confidence in the Group and enable us to continue to maintain high standards and procedures to ensure individuals are appropriately protected from a safeguarding perspective.
We may also anonymise and aggregate your Personal Information, for the purpose of undertaking analytics. It is necessary for our legitimate interests to be able to identify trends and improve and develop our Safeguarding Activities. This information will not identify you in any way.
Disclosure and sharing of Personal Information
We may share your Personal Information in safeguarding-related circumstances where:
- there is a serious risk of harm to you;
- there are concerns that another child, or other vulnerable person, is at risk of or is experiencing abuse, harassment, bullying or neglect;
- for the prevention or detection of crime or serious misconduct; or
- where any legislation or regulation requires us to share your Personal Information.
Where required by law or regulation related to Safeguarding Activity, your Personal Information may be disclosed by us to other agencies, including but not limited to:
- Police or other law enforcement agencies;
- Children’s Social Care / Protective Services;
- Adults Social Care / Protective Services;
- Football federation / regulators;
- Sport integrity regulators;
- Charity regulators;
- Care regulators; and
- Medical regulators.
Personal Information may be shared within our Group where there is a Legitimate Interest to do so in relation to local safeguarding requirements. If your Personal Information is shared with CFG, then this privacy notice will also apply to CFG’s processing of your Personal Information.
Personal Information may be shared with CFG-commissioned external advisers who are used to investigate or review information relating to Safeguarding Activity. Where this situation arises, those advisers will be required, under contract, to apply the CFG information security and data privacy policies.
We also share your Personal Information with our third-party software providers. Any such provider is subject to data protection and data security requirements in the territories in which it operates. Further information on those providers is available upon request.
International transfer and storage
Due to the global nature of its business operations and thus the subsequent need to co-ordinate global Safeguarding Activity, we may need to store or use your Personal Information in a country other than the one in which you reside or the CFG-related activity you are involved in is carried out. This is because our technical systems store these data on ‘cloud’ services that may be located, or need to process or store data, overseas. Currently the countries/regions in which we store Personal Information include:
- European Economic Area;
- United Kingdom; and
- United States.
Whenever we transfer your personal data out of the UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data.
- Model contract clauses governing the transfer, as approved by the ICO.
For more information, please contact us.
Will your Personal Information be used for profiling and automated decision-making?
We will not use your Personal Information to undertake any profiling or automated decision-making. We will update this Privacy Notice to let you know if this changes.
Your rights with respect to your Personal Information
The following rights are generally applicable to individuals whose Personal Information we process in relation to our Safeguarding Activities. These rights are also subject to the legislation applicable to the organisation and individual and the country where that Personal Information is collected, stored or processed and the country where the organisation or individual resides.
Right of access to your Personal Information: You have the right to seek information about your Personal Information (the categories of information, the purpose for which it is collected and the third parties or categories of third parties to which it is transferred), to obtain confirmation of whether or not your Personal Information is being processed, and to receive a copy of the relevant Personal Information in a readily intelligible format within a reasonable timeframe.
Right to rectification of your Personal Information: Personal Information processed by CFG shall be accurate, complete and kept up to date. Where CFG affirmatively knows that the Personal Information that it is processing is inaccurate or incomplete, CFG shall, as appropriate, rectify, amend, complete, update or delete the relevant Personal Information as soon as possible. Where appropriate, if the Personal Information in question has been disclosed to a third party that is known or believed to continue to process the Personal Information, the third party shall be informed of the change as soon as possible.
Right to request the deletion of your Personal Information: You can request the deletion of your Personal Information when required by law, that is when the information is outdated, incorrect, or when its collection, recording, transfer or retention is prohibited by law.
Right to object to the processing of your Personal Information: You have the right to object to the processing of your Personal Information for legitimate reasons, unless it is necessary for CFG to fulfil obligations and responsibilities arising under the regulation, rules or policies of local or international football authorities, or to fulfil its obligations under applicable laws or regulation.
Right to initiate a complaint: You understand that you shall be entitled to initiate a complaint where you believe that CFG is not complying with applicable law regulation or internal policy.
Complaints, questions and requests should be submitted to the CFG Data Protection Officer who can be contacted via [email protected].
City Football Group is registered with the Information Commissioners Office in the UK.
You have a right to complain to the UK Information Commissioner's Office by writing to them at Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF, or by telephone 0303 123 1113. More information is available on the ICO's website https://www.ico.org.uk. However, we would appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
You also have a right to complain to your local statutory data privacy authority should the Personal Information processed by CFG have originated from a source outside of the UK (e.g. through a CFG subsidiary).
We will at all times protect your Personal Information by applying all necessary security safeguards, including physical, organisational, technical, environmental and other measures to prevent the loss, theft or unauthorised access, destruction, use, modification or unauthorised disclosure (including disclosure made via electronic network) of the Personal Information as far as is technically possible.
When we disclose your Personal Information to third party agents in connection with our Safeguarding Activity, we will take all reasonable steps to ensure that such Third Parties use the Personal Information for legitimate purposes in accordance with the laws of the country in question and with an adequate level of security.
How long will you keep my information?
We will ensure that your Personal Information is only retained for as long as is necessary to fulfil its obligations under our Safeguarding Policy or where otherwise required by applicable law, regulation or related processes.
Each CFG-related entity will retain Personal Information in accordance with local obligations. Whilst much Personal Information processed for the purposes of Safeguarding Activity may be sensitive in nature, we may be required to retain the Personal Information for significant periods of time. [For example: where information is retained for allegations, concerns or incidents that relate to children or other vulnerable people and in particular those who are in residential provisions, that Personal Information collected may need to be retained for 70 years or more in accordance with legal or regulatory requirements.]
Once your Personal Information no longer serves the above purposes, it will be deleted, destroyed or permanently anonymised.
Changes to the Privacy Notice
We keep our Privacy Notice under regular review. This version was last updated on 7th February 2022.
It is important that the Personal Information we hold about you is accurate and current. Please inform us if your Personal Information changes.