Privacy Policy
​
1. About us and how to contact us
We are Club Retros, the controller of your personal data processed from visitors to our website/mobile application, our Properties, or as otherwise identified in this Privacy Policy.
2. What personal data do we process and what are their sources?
Sources of the personal data
We collect information from you when you visit and interact with our websites and apps, purchase something from us through our “Properties”, contact us by email (e.g., in the context of contacting our customer services team) or receive a communication from us or otherwise interact with us on our social media channels, our advertising.
We may also collect information about you from other third parties that provide information to us, such as Business Partners (as defined below), advertising networks, public sources, social media platforms and networks, third party log-in services, data enrichment services, and organizations that prepare events with/for us.
You are not required to provide your personal data to us, however, if you do not provide us with certain information (such as Transaction Information or Contact Information), we may not be able to fulfil your order.
We may combine information that we receive from the various sources and make inferences from the information to create a profile about you reflecting your preferences and characteristics.
Categories of personal data we process
Category of personal data: Contact Information.
Examples of your personal data: Name, Email Address, Telephone Number, or Social Media.
Category of personal data: Transaction Information.
Examples of your personal data: Purchase details, delivery details, payment details, age or date of birth information, and any communications we have about your purchase.
Category of personal data: Legal Information.
Examples of your personal data: Fraud checks or flags raised about your transactions, payment card refusals, complaints and information related to their resolution, legal requests.
Category of personal data: Preference Information.
Examples of your personal data: Your marketing preferences, your account settings including any default preferences, any preferences we have observed and/or inferred, such as the types of offers that interest you (e.g., what teams/sports you like, which types of products are your favourite, etc.), or the areas of our website that you visit, likelihood that you will (not) interact with our Properties in a certain way (e.g., how (un)likely are you to buy merchandise from certain teams/leagues).
Category of personal data: Communications.
Examples of your personal data: Communications we may have with you, whether relating to a transaction or not. Please note that we keep all written communications and record calls to our customer services team.
Category of personal data: Account Information.
Examples of your personal data: Your name, password, account ID and other information specifically associated with your account. If you have account with us, we may associate your activity on and off our Properties with your account, such as Transaction Information, Contact Information, Observed Information, and other data.
Category of personal data: Other Voluntary Information.
Examples of your personal data: Voluntary information you provide/indicate to us/allow us to collect other than the above, such as your age or date of birth, gender, favourite teams or players, responses to surveys or competition entries, or pictures/videos of you, authorisations (e.g., given to third party log-in services), or consents you have given to us.
Category of personal data: Observed Information.
Examples of your personal data: Online and other electronic activity that is gathered automatically when you visit or interact with our Properties, communications and advertisements, or those of our service providers, Business Partners, or other third parties that share information with us.
This includes details of your online browsing activities, such as the pages, products or areas that you visit and communications that you interact with (such as when you open an email/text message you received from us), the date and time you access/open them, the operating system you are using or which link has brought you to a particular website/advertisement (e.g., when you clicked on it in an email communications/other websites). We also collect your device and other identifiers such as advertising IDs, pixel, and other information we may infer about you, such as a geographical region, based on your IP address; income and gender based on your geographical region or purchases, and how you feel about our brand, based on social media data.
Our third-party service providers may allow us to append additional information they observed or inferred about you, such as income and gender, to help us understand additional characteristics about you.
3. How do we use your personal data?
​
We use the data we collect about you for various purposes. European/UK/Swiss data protection legislation sets out specific “lawful bases” for processing personal data. The below sets out under which basis we process different information about you and explains the purpose of that processing.
Lawful basis and purpose: Consent to us or to our affiliates/Business Partners or other third parties sending you direct marketing communications (e.g., through emails, SMS, or other digital channels) in accordance with the preferences you select when you sign up to receive updates or purchase products, or where you ask us to send you abandoned cart emails (where you have placed items in your basket but not completed your order). Where you provided your consent, we will keep such consent to as evidence (including where we collected such consent on behalf of a third party).
We may rely on our legitimate interest to send you direct marketing communications if you provide us with your contact information in the course of a sale (or negotiations for a sale) of a product or service (for example if you bought a merchandise on our website). On the basis of legitimate interest, we may also ask you to review our services and products on third party websites, respond to customer satisfaction surveys to measure and report on customer satisfaction and loyalty as well as to improve our customer service efforts, unless we are specifically required to ask for your consent by law.
You can always change your preferences/opt-out of these communications via the unsubscribe link on any communication from us. If you created an account with us, you can also change your preferences there. Direct marketing communications may include a technology that unobtrusively collects analytics or other electronic network activity, such as whether you have received or opened the communication, clicked a link in the communication and technical information such as your IP address and information about your device. We may also combine your personal data collected through direct marketing communications, surveys, and other technologies with personal data we collected through other channels for the same purposes as outlined in this Privacy Policy.
What personal data do we use? Contact Information, Other Voluntary Information and Observed Information.
Lawful basis and purpose: Consent to us/our legitimate interest to: provide you with high-quality customer support, improve overall customer experience and resolve disputes.
Lawful basis and purpose: Our legitimate interests: to manage our social media presence, engage with you, and analyse social media data in order to resolve issues and improve our brand perception, product and service offering. This may involve responding to comments and messages, monitoring brand mentions, responding to inquiries or complaints, initiating conversations with potential customers, tracking key performance indicators such as engagement rates, sentiment analysis, or identifying trending topics. What personal data do we use? Contact Information, Communications, Observed Information, and other Voluntary Information.
Lawful basis and purpose: Consent you gave us to send you notifications to let you know, for example, when the products/sizes you are interested in are back in stock. You can always change your preferences/opt-out of these types of communications via the unsubscribe link on communication from us. You may also sign up to receive specific notices about product or service offerings that are separate from your direct marketing preferences. For example, if you asked us to notify you when products/sizes you are interested in are back in stock, you will still receive these messages, even if you unsubscribed from general marketing messages in the marketing preference centre you accessed through your Account or when clicking on unsubscribe button in one of the general marketing messages. What personal data do we use? Contact Information.
Lawful basis and purpose: Consent: To collect certain personal data about you via cookies or other tracking technologies (including session replay or screen recording tools) or from third party sources, as well as infer observed information for purposes that include:
(i) analytics, such as where we, sometimes with or other third parties, (such as our data enrichment services providers), interpret information to detect general trends related to what our customers like or dislike. These insights into customer behaviour and preferences, allow us to tailor our sales strategies to better target our audience and increase conversion rates;
(ii) better targeting advertising to your interests (about our products, products of our affiliates or other third parties and services) such where we or other third parties try to build a better picture of the types of Properties, products, offers and communications from us, our affiliates, business partners (as defined below) and other third parties that we/they can provide, which you might be interested in, so that the these are more relevant to you. This may also include us trying to determine how likely it is that you will (not) interact with these (e.g., how (un)likely are you to be a basketball fan);
(iii) analysing how you interact with our properties and webforms and identifying areas where you may encounter problems or confusion. This information can then be used to improve the user experience and make the properties and webforms more intuitive and user-friendly. Similarly, this information can help our developers identify and troubleshoot technical issues, such as broken links, slow page load times, or software bugs;
(iv) ensuring we recognize that you are a returning customer to allow you to benefit from your preferred settings on our properties, and to recommend the intended geographic website for the location we observed you may be in (e.g., based on your IP address); and
(v) identifying your activity across devices, channels, and platforms for the above purposes.
We may rely on our legitimate interest to place/access cookies that are necessary for us to operate the website and provide other requested services to you; or where we consent is not required for further use of data collected through cookies or trackers on our Properties. What personal data do we use? Contact Information, Preference Information, Observed Information, Other Voluntary Information. Where possible, we will use statistical or pseudonymised data for these purposes.
Lawful basis and purpose: Performance of our contract with you: to fulfil your order, take payment and deliver your goods to you or the recipient you indicate, to deal with any complaints or any after sales services, including for warranty purposes. What personal data do we use? Transaction Information, Contact Information.
Lawful basis and purpose: Legitimate interest of us and our Business Partners: to fulfil your order and deliver your goods, where, in certain cases, we fulfil orders on behalf of our Business Partner, who have a contract with you, from our own stock. What personal data do we use? Transaction Information, Contact Information.
Lawful basis and purpose: Our legitimate interest: to facilitate payment options, we share your personal data with our payment services providers (such as PayPal) to assess whether you qualify for their payment options and to tailor the payment options for you. Your interactions with payment services providers, including how they process your personal data, are governed by their respective privacy policies. What personal data do we use? Transaction Information, Contact Information.
Lawful basis and purpose: Our legitimate interest: To provide you with an option to log in to your account and access our services using third-party services log-in (such as Sign in with Google). Consult relevant service provider’s website on how to stop using the third-party log-in to access your Club Retros account. If you stop using the third-party log-in, we may retain Personal Data we received from those third parties, for other relevant purposes outlined in this Privacy Policy (e.g., to continue providing our services), in line with our standard retention practices. What personal data do we use? Contact Information, Other Voluntary Information.
Lawful basis and purpose: Complying with legal obligations/our legitimate interest: To confirm your identity. To keep records required by law or to evidence our compliance with laws, including tax laws, consumer protection laws and data protection laws (e.g., to keep evidence that we complied with your data subject requests, to make sure we are able to identify you when checking whether you gave us your consent or not, e.g., based on cookie or other information we collect/observe/infer about you). To provide information to law enforcement agencies or other authorities where we are required to do so. What personal data do we use? Legal information, Transaction information, Communications (where relevant), Contact Information, Preference information.
Lawful basis and purpose: Our legitimate interests: For our internal business administration, to manage customer accounts, including keeping general records of customers, sales, customer care and other interactions and to protect genuine customers and our business from fraud to minimise the risk of false details being used, and abuse of card details by fraudsters. This is necessary for us to operate efficiently, deal with any issues which may arise and to protect ourselves against any future legal claims and ourselves and others against fraudulent transactions. What personal data do we use? Transaction information, Legal information, Communications, Preference information, Contact information, Preference information, Communications, Other Voluntary information.
Lawful basis and purpose: our legitimate Interest: When we want to hire a service provider to help us analyse/enrich personal data for one of the above purposes, we want to make sure that they can provide services we need adequately. We may share limited personal data with them to test/ensure quality of analytics services they offer. Where possible, we will use anonymised or pseudonymised data for these purposes. What personal data do we use? Contact Information, Other Voluntary Information, Observed Information, Preferences Information, Transaction Information.
​
4. What are your rights and how to exercise them?
· Access the personal data, we hold about you and obtain a copy of such data.
· Correct inaccurate or incomplete personal data, we hold about you.
· Ask to have your personal data erased under certain circumstances.
· Restrict our use of your personal data under certain circumstances.
· Ask that we transfer the information you gave us from one organisation to another, or give it to you. The right only applies if we are processing information based on your consent or under, or in talks about entering into a contract and the processing is automated (this is known as a Data Portability right).
· Refuse or withdraw consent, where we ask(ed) you for one. The lawfulness of our processing of your data that occurred before you withdrew your consent will not be affected.
· Object to our processing of your personal data for the those of the above purposes, where we rely on our legitimate interest to do so (e.g., where we use third party service providers to learn additional attributes about our customers to improve our services and advertising). You always have the right to object when we process your personal data for direct marketing purposes (see below how).
Please contact us if you have any concern about how your personal data is processed at sales@clubretros.co.uk and we will try to resolve your concerns. However, if you consider that we are in breach of our obligations under data protection laws, you may lodge a complaint with the Information Commissioner’s Office in the United Kingdom or your home country.
5. Third-Party Websites and Social Media Services
The website may contain links to other websites or Internet resources. When you click on one of those links, you are contacting another website or Internet resource. We have no responsibility or liability for, or control over, those other websites or resources or their collection, use and disclosure of your personal data. We suggest that you read the privacy policy and terms of use of each such website, which govern your interaction with them.
6. Children’s Data
Our properties are generally not intended for individuals below 16 years of age/13 years of age in specific countries, which allow for personal data collection based on child’s own consent (such as the UK). As a general rule, we do not knowingly collect any personal data from children under 16 years of age/13 years of age in certain specific countries, such as the UK, without consent of their parents/legal guardians. If you believe that we have inadvertently collected personal data from a child under the age of 16/13 in the UK without such consent, please contact us at the address above and we will use reasonable efforts to delete the child’s data from our databases.
7. Social Media, Widgets and Open Forums
Our properties may allow you to engage with social media services, such as Facebook, Twitter, and Instagram (“Social Networks”), and widgets such as the “Share this” button, or interactive mini programs that run on our website or which link from Social Networks to our website (“Social Functions”). These Social Functions may access, collect, and integrate with your Social Network accounts and information. For example, these Social Functions may collect your IP address, identify which page you are visiting on our properties, or set a cookie. We may make available the opportunity for social functions to be used to register you as a website user. For example, if you are not currently registered as a website user and you use certain Social Functions, you will be asked to enter your Social Network credentials and then be given the option to register and join the Website. If you choose to use these Social Functions, you may be sharing certain Social Network profile elements with us, including your name, birthday (month/day), comments, contacts, email address, photos, or favourite teams.
This sharing is subject to each Social Network’s own privacy policy and terms of use. We do not control those Social Networks or your profiles on those services. Nor do we modify your privacy settings on those services or establish rules about how your personal data on those services will be used. Social Functions are either hosted by a third party or hosted directly on our website. Your interactions with them are governed by the privacy policy of the company providing them. Please refer to the privacy settings in your Social Network account to manage the data that is shared with us through your account. Information you include and transmit online in a publicly accessible blog, chat room, or Social Network, or that you share in an open forum such as an in-person panel or survey, may be viewed and used by others without us being able to restrict their use by third parties (to the extent we use such personal data, this Privacy Policy will apply). We do not control such uses of your personal data, and by using such services you assume the risk and acknowledge that the personal data provided by you may be viewed and used by or third parties for any number of purposes and that the usage restrictions set forth in this Privacy Policy do not apply to such services.
8. Who do we share personal data with and where are they?
We will share your personal data with our service providers (who process data on our behalf), third party affiliates (which may process your personal data for their own purposes), our Business Partners and our Fanatics affiliated entities. Some of these parties may not be located where you reside.
Service Providers and Club Retros and Other Third-Party Affiliates
We will have in place an agreement with our service providers which will restrict how they are able to process your personal data and require them to keep it secure. We use some service providers directly in the fulfilment of your orders, for example for personalisation services, or where products are shipped directly by the manufacturer from their warehouse. Other service provider examples include IT providers, internet service providers, data analytics providers, and Contact Center Automation platform services. We may also use service providers in less direct ways, such as in the provision of our payment and finance systems, and to anticipate, prevent, and detect fraud.
We also share personal data with our own affiliates, including our sister company Club Retro (www.clubretro.co.uk), and other affiliated entities who provide some services for us, or where they process personal data for their own purposes (e.g., where you provide consent for them to send you direct marketing communications).
We may also share your personal data with various professional advisors such as lawyers, accountants, auditors, translators, and other professionals, where they advise us on our relationship.
Our website also contains scripts from third party affiliates who will gather observed Information about you in order to verify referrals from third party advertising (i.e., to verify that you actually purchased something on our properties, based on your interaction with an advertisement on a different site). We do not process this information, but it is collected directly by them and processed in accordance with their privacy policies. Some of our third-party affiliates, which we share your personal data with, also help us broaden our marketing activities to reach an audience, which is/may be interested in visiting our Properties. Some of our third-party affiliates, which we share your personal data with, also help us better understand our customers, by providing additional information collected about those customers.
Other Use Cases
We may share any of your personal data with a prospective purchaser or purchaser of any part of our business, or otherwise in connection with a sale, merger, change of control, bankruptcy, or similar transaction on the basis of our legitimate interests and the interests of our purchaser, so that they can appropriately value the business and assess any risks and continue doing business with you after the acquisition.
We may share your personal data: (a) as required by law or legal process; (b) to investigate suspected fraud, harassment, or other violations of any law, rule, or regulation; (c) to investigate suspected violations of any terms or policies applicable to the Properties or the services provided by us or our third party providers or affiliates; or (d) where we reasonably conclude that it is necessary for defending, exercising or establishing our legal rights.
We may also share your personal data with media, such as in instances where you participated in some of our competitions and events, youth and community programs and other Fanatics public engagement activities.
With other third parties with your consent.
International Transfers
If any service provider, this party affiliate, Business Partner or affiliated entity is based outside of the United Kingdom, the European Economic Area or Switzerland, in a country, which was not recognized as providing adequate protection to personal data by the European Commission the United Kingdom Secretary of State and/or the Swiss Federal Data Protection and Information Commissioner, data protections provided by those countries may not be equal to those of the UK, EEA or Switzerland. In those cases, we will ensure that we have an appropriate contract for the international transfer of personal data with them, they have binding corporate rules, approved code of conduct or certification in place, or that we can apply a permissible statutory derogation.
​
9. How long do we keep your information for?
We will only retain your personal data for as long as we need to fulfil the purposes set out in the Privacy Policy and for as long as we have a legal requirement to do so. Different retention periods may apply for to different types of records and data, however the longest we will generally hold any personal data is 7 years from the date of your last transaction, for taxation, accounting, and risk management purposes. This may be extended in the event of a query, investigation, or dispute until fully resolved.
If you would like to know more about retention periods applicable to your particular circumstance, you can contact us using details provided above.
10. Updates to this Privacy Policy
We may update this Privacy Policy from time-to-time. When required under applicable law, we will provide you with an appropriate notification regarding any changes we make by posting the updated version of the Privacy Policy/ provide a notification on this website/ or reaching out to you directly, as appropriate.