Privacy Statement (GDPR)

Privacy Statement (GDPR)

Bromley Football Club understands that your privacy is important and that you care about how your personal data is used. We respect and value the privacy of all of our stakeholders and will only collect and use personal data in ways that are described within this document, and in a way that is consistent with our obligations and your rights under the law.

This privacy notice sets out how we use and look after the personal information we collect from you. We are the data controller, responsible for the processing of any personal data you give us.

Information About Us

Business Name. Bromley Football Club (95) ltd.

Business type. Limited company.

Registered in England under company numbers 03060560

1) Introduction

The General Data Protection Regulation (GDPR) requires Bromley Football Club to make public its’ approach to ensuring the privacy of individuals’ data. For the purpose of this Privacy Statement, the term “Club” is used to cover Bromley Football Football Club (BFC).

2) Consent

The General Data Protection Regulation (GDPR) allows the use of Legitimate Interest Assessment (LIA) as a means of obtaining the consent of individuals whose data is held, in cases where the individual might reasonably expect such data to be held and where there is minimal impact on the individual’s privacy. The Club will use LIA as a means of consent wherever appropriate and will seek opt-in consent where the above conditions do not apply.

3) The Individual’s Rights Under GDPR

The Club, in complying with the principles of GDPR, will ensure that:

a) data, in respect of an individual, is held only when there is a lawful basis for doing so. A lawful basis will include, but may not be limited to a legal obligation, a contract, or the protection of an individual’s vital interest.

b) every individual whose data is held by the Club is entitled to request, and the Club will provide, within one month of the request, a copy of the data held for that individual, with a clear explanation of the lawful basis for it being held. The Club will promptly rectify such data, if requested. Such requests should be made by email to or in writing to the Club

c) every individual has the right to request that his data be erased. The Club may refuse to erase data where there is a legal reason for it being held and, in other circumstances, will advise of any disadvantage that might accrue to the individual by the erasure, before acting on the request.

d) it will advise of the right to object should data be used for Direct Marketing and shall immediately cease the processing of data for such purposes.

e) it will not use automated decision making or profiling in the processing of data.

f) data may be held on a secure drive with access limited to specific data owners in order to ensure appropriate security, or, in the case of ticket data, is held by the Data Processor who has confirmed its commitment to GDPR compliance in its contract with the Club.

g) it keeps its Privacy Statement under regular review and updates its’ websites accordingly

4) What Personal Data Do We Collect?

We may collect some or all of the following personal data (this may vary according to your relationship with us or the form used on our website):


Date of birth;



Billing Address;

Email address;

Telephone number;

Mobile Number;


Job title;


Payment information;


Guest Details;

Information about your preferences and interests;

5) Do we Share Your Personal Data?

We will not share your data with any third party organizations.

In some limited circumstances, we may be legally required to share certain personal data, which might include yours, if we are involved in legal proceedings or complying with legal obligations, a court order, or the instructions of a government authority, or the police for example.

6) Data Retention

We will not keep your personal data for any longer than is necessary for the reasons for which it was first collected. The Club confirms that it will retain ticket related data for historical, statistical purposes only for as long as it considers such data to be of use. All other data will be retained for a maximum of 7 years.