This document is designed to give you important information about how your information is collected and used by Everton Football Club for the purpose of mandatory NHS Covid-19 Pass ground entry requirements.
1. Privacy notices
Everton has a number of privacy notices to explain how each service or function operates.
The tier one privacy notice, with principles and definitions is available from: https://www.evertonfc.com/content/privacy/efc-privacy-policy
Tier two privacy notices are specific to an activity. All notices are available from the Privacy Portal: https://www.evertonfc.com/content/privacy
Everton Football Club Company Limited is registered to process personal and sensitive data – registration number Z5476849.
2. How your information is used
In order to comply with the requirements of the mandatory NHS Covid-19 Pass, the Club will require you to complete a self-certification questionnaire. This indicates your Covid-19 status and entry eligibility in advance of attending on a match day. This data is stored and maintained alongside your supporter record. The Club may refuse entry if the self-certification questionnaire is not complete.
On a match day, attendees may be required to present evidence of their Covid-19 status to a COVID-19 Trained Steward. This will be a visual check only and no evidence of your Covid-19 status will be maintained by the Club, other than the status type.
Everton supporters attending another ground as away fans, will have to self-certify with Everton. The opposition may impose their own checks – any data recorded by the opposition is under their control and privacy policies.
Individuals aged 17 and under are exempt from the NHS Covid-19 Pass ground entry requirements.
3. What personal data will we collect
The Club will process your identifying information, including name, age, contact information and ticket data. This will be matched to information you provide on your Covid-19 self-certification questionnaire.
The Club will not store evidence of vaccination status, beyond the data collected in the self-certification questionnaire.
The Club will follow legal requirements on accepting vaccination exemptions. From 25th December, the only Government-accepted method of demonstrating an exemption will be to use the NHS COVID-19 Pass in the same way that people who are fully vaccinated use it. For more information, please see https://www.nhsx.nhs.uk/covid-19-response/using-the-nhs-covid-pass/#exemptions
4. Who has access to your information
Information is only accessed when there is an authorised purpose and access to the data is auditable.
Access to the information will be required for ticketing, ground safety and security, and for governance purposes to monitor the Club’s compliance with its legal obligations. Wherever possible, data will be anonymised so that no personal information is included; this includes reporting to external agencies such as the Premier League.
Match Day COVID-19 Trained Stewards may record information about the Covid-19 status checks they have undertaken with attendees; however, Match Day COVID-19 Trained Stewards will not have access to the data once recorded.
Data will be stored on the Club’s ticketing and supporter systems. Personal data will be retained for the duration of the season. Data may be retained beyond this timeframe in an anonymised format. In the event that legal requirements change, it may be necessary to retain data for a longer period of time.
5. Lawful basis for processing
Under data protection legislation, there must be a valid lawful basis in order to process personal data.
The lawful basis for processing personal data is that processing is necessary for compliance with a legal obligation to which the Controller is subject; that legal obligation relating to the mandatory use of the NHS Covid-19 Pass.
A person’s Covid status is special category data, as private health information. Special category data is personal data that needs more protection because it is sensitive. There must also be a lawful basis in order to process sensitive data.
The lawful basis for processing special category data is that processing is necessary for reasons of substantial public interest; that substantial public interest being responding to threats to public health.
The Club will follow the principles of data minimisation and only process the personal data which is necessary to comply with the mandatory NHS Covid-19 Pass requirements and to operate this in a safe and effective manner.
6. What rights to your information do you have?
Your Information rights, based on processing which is necessary for compliance with a legal obligation, are:
· Right to be informed
· Right of access
· Right to rectify
Full details of your rights and how to exercise these are included in the tier one notice.
Please keep your information up to date and let us know if anything changes.
7. Further Information
For general enquiries about how your information is used, or for further Privacy notices, please see the tier one notice available from https://www.evertonfc.com/content/privacy/efc-privacy-policy
