Privacy Policy

1. Introduction

At the Sir Stanley Matthews Foundation, accessible via sirstanleymatthewsfoundation.com, we are committed to safeguarding the privacy and personal data of all visitors and users. We recognise the trust you place in us by sharing your personal information and are fully committed to protecting it in accordance with the highest standards of data protection under the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable laws.

This Privacy Policy explains how we collect, use, disclose, and secure your personal information, and outlines your rights in relation to that information. We prioritise privacy as a fundamental right and ensure all data processing activities are conducted transparently, lawfully, and fairly.

2. Scope of This Policy and Data Controller

This Privacy Policy applies to all personal data collected through the website sirstanleymatthewsfoundation.com, including all services, features, and communications offered or facilitated therein.

The Sir Stanley Matthews Foundation is the data controller responsible for the processing of your personal data. As the data controller, we determine the purposes and means of processing your personal information in accordance with applicable data protection legislation.

3. Categories of Data We Collect and Process

We collect and process a variety of personal data to deliver, operate, and improve our services, and to communicate effectively with our users. These categories include:

a. Usage Data:
Includes information such as IP address, browser type and version, operating system, referral URLs, pages visited, time spent on pages, session duration, and general site interaction behavior. This data helps us understand website usage patterns and improve user experience.

b. Account Data:
When you create or manage an account, we may collect your name, postal address, email address, phone number, and other identifiers. This is used for authentication and account management purposes.

c. Profile Data:
Includes your communication preferences, purchase history, event participation, program involvement, and behavior across our services. This helps us personalise your experience and deliver relevant content and services.

d. Communication Data:
Encompasses support requests, submitted inquiries, correspondence via email, and other interactions. We retain communication history to provide continued support and maintain communications records.

e. Technical Data:
Collected from your device, including device model, operating system, browser settings, screen resolution, and other system configuration details used to ensure the website functions correctly across all platforms.

f. Transaction Data:
If you make a donation or purchase via our website, we may collect billing details, transaction timestamps, amounts, currency, payment method, and delivery information. We do not store actual payment card details; these are managed by secure, PCI-compliant third-party processors.

g. Preference Data:
Includes marketing preferences, consents provided, opt-in/out status, and interests in specific projects or events to tailor our communications and offerings to your expectations.

4. Legal Bases for Processing Personal Data

We process your personal data under the following lawful bases defined by the GDPR:

– Consent: When you voluntarily provide personal data or opt in to receive marketing materials.
– Contractual necessity: When processing is required to perform a contract with you, such as fulfilling a donation, issuing receipts, or booking an event.
– Legal obligation: When compliance with legal or regulatory requirements necessitates processing.
– Legitimate interests: For purposes such as website analytics, communication improvements, fraud detection, and enhancing website functionality—provided these interests are not overridden by your data protection rights.

5. Your Rights

As a data subject under the GDPR and CCPA, you have the following rights, which you may exercise by contacting us at [email protected]:

– Right of Access: You may request a copy of the personal information we hold about you.
– Right to Rectification: If your data is inaccurate or incomplete, you may request correction or update.
– Right to Erasure: You may request erasure of your personal data under certain conditions (“right to be forgotten”).
– Right to Restrict Processing: You may request limitations on how we process your data.
– Right to Data Portability: You may request that we provide your data in a structured, commonly used format, or transfer it to a third party.
– Right to Object: You may object to processing based on legitimate interests or direct marketing.
– Rights under CCPA: California residents may request disclosure of collected categories of data, data deletion, and the right to non-discrimination for exercising any CCPA rights.

6. Security Measures

We implement a range of organisational, technical, and procedural safeguards to protect your personal data:

– Encryption: Data in transit and at rest is secured using industry-standard encryption protocols.
– Access Control: Personal data is only accessible to authorised personnel who require access to perform their functions.
– Backups: Regular, secure backups prevent data loss and maintain service continuity.
– Staff Training: Personnel undergo training in privacy and data security practices to maintain compliance and awareness.

7. International Data Transfers

Where personal data is transferred outside the United Kingdom or European Economic Area (EEA), we ensure adequate protection through appropriate safeguards such as Standard Contractual Clauses (SCCs), UK Addendum, or other regional compliance frameworks, consistent with applicable data protection legislation.

8. Data Retention

We retain personal data only for as long as necessary for the purposes stated in this Privacy Policy, or as required by applicable law. Typical retention periods include:

– Account and Profile Data: Retained for the duration of the user relationship and for up to 6 years thereafter.
– Transaction Data: Retained for tax and auditing compliance for 7 years.
– Communication Records: Retained for 3 years post-interaction unless extended due to ongoing inquiries.
– Technical and Usage Data: Retained for functionality and analytics for up to 24 months.

Upon expiration of these periods, data is securely erased or anonymised.

9. Cookie Policy

Our website uses cookies and similar tracking technologies for the following purposes:

– Essential Cookies: Required for operation and security of the website (e.g., authentication, session management).
– Functional Cookies: Enhance site functionality and user experience (e.g., language preferences).
– Analytics Cookies: Collect aggregated, anonymised data to understand usage patterns and improve performance (e.g., Google Analytics).
– Performance Cookies: Monitor the website’s performance and ensure consistent loading and functionality across devices.

10. Cookie Management and GDPR/CCPA Compliance

Upon your first visit to sirstanleymatthewsfoundation.com, you are prompted to manage your cookie preferences through our cookie consent banner. You may change your preferences or withdraw consent at any time via the “Cookie Settings” link in the footer, or by adjusting your browser settings.

Under GDPR and CCPA, users have the right to opt-out of non-essential cookies and do-not-track requests are respected to the extent technically feasible.

11. Children’s Privacy

We do not knowingly collect or solicit personal data from children under the age of 13. If we become aware that a child under 13 has provided personal information without parental or guardian consent, we will delete such information promptly. Parents who believe their child has submitted data may contact us at [email protected] for assistance.

12. Policy Updates and User Notification

We may update this Privacy Policy from time to time to reflect applicable legal or operational requirements. When material changes are made, we will notify users via the website or by email when appropriate. We encourage you to periodically review this policy to stay informed of how we protect your data.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, you may contact us directly at:

Email: [email protected]
Website: https://sirstanleymatthewsfoundation.com

We are fully committed to compliance with all applicable data protection and privacy laws, and welcome your inquiries regarding how we collect and manage personal data.