Privacy policy

Privacy policy

At Athletic Club we are committed to the protection of privacy and the correct use of the personal data that we process and which you provide to us, both online (on this website, and, where appropriate, any of its sub-domains, micro-sites and/or mobile applications), as well as offline.

Please read this policy carefully and make sure that you understand it and agree with it, before providing us with your personal information. If you do not agree with it then please do not use this website or its services, or provide us with your information. The fact of accessing this site, using any of its services or providing your data, either online or offline, we take to understand as a clear affirmative action, by which you give us your consent (when necessary) to process your data for the purposes indicated below.

2- Who is responsible for the processing of your data?
3- How have we obtained your data?

If you are a member or supporter, you have provided your data to us, either offline or online, when requesting your registration as such, in order to maintain the relationship with you.

If you have provided us with your data via this website, we collect information, for example, when you access the webpage, when you register as a user, fill out any form with personal information, when you download our Mobile App, when you start a session in our Services via third-party services such as Facebook or Google, when you buy from our store or get tickets, or when you communicate with us directly by email.

We may process and register such uses, sessions and related information, either independently or with the help of third party services, including via the use of cookies and other tracking technologies.

When you provide us with your personal data, you guarantee that you are authorised to provide it, and that the information is true, accurate, exact and up-to-date, that it is not confidential, that it does not violate any contractual restrictions or rights of third parties, and that you agree not to impersonate other users by using their registration data for the different services and/or contents of the Website.

You are responsible for keeping your data correct and updated, Athletic Club declines all responsibility in case of not doing so.

The personal data that both Athletic Club and the Fundación Athletic process may come from third parties, such as, for example, Clubs or entities or organisations with which we have reached agreements for organising social, cultural or sports projects. In these cases, the categories of data that we may process include identifying data, personal characteristics data, social circumstances data, and even specially protected data.

3.1.- Third party data

With respect to the data of other people, you must respect their privacy, taking special care when publishing their personal data. If you provide us with data about third parties, it is your responsibility to have their prior and express consent to use it and to communicate it to us, and it is your responsibility to inform them of the inclusion of their data in our files.

The publication of data about third parties without their consent may also infringe data protection regulations, relating to the right of honour, privacy or the image of said third parties.

4- Why do we process your data?

We may process the data that you provide, as well as any other information generated during the development of the relationship that we have with you, for different purposes, for example:

  • If you are: member or supporter of the Club; a member of a group of supporters; member or collaborator of the Foundation; attendee or participant of any of our activities, events or sports, social or cultural projects, we use your data to:

– keep in touch and communicate with you,
– manage the contractual and/or commercial relationship, whereby, when appropriate, we will send you information about our activities, events, products and services, and, where appropriate, manage your registration and/or participation in such activities or events

– access control and compliance with regulations on the prevention of violence at sports venues

  • If you are a basic user of our website (and, if applicable, any of its sub-domains, micro-sites and/or mobile applications), we use your data to manage online ticket purchases (whether for matches, events, the museum, etc.), requests or services that you request from us via the website or from the club’s official app, and the relationship, including contractual, as the case may be, derived from the above, and, where appropriate, manage your registration and/or participation in the online activities or events in which you participate.

The provision of certain registration data (or its use if already registered as member or supporter, and marking the corresponding option in the registration form, or the data from your Facebook profile in case of using the Facebook Connect option to register, will be mandatory in some cases, for example for accessing certain services or content such as online shopping, online supporter, contact, VIP area, access for viewing or downloading audiovisual content etc., because such data is essential for the processing for the purposes as described above in this section. If you do not provide this information, we will not be able to fulfil the requested services.

5- How long will we keep your data?

The personal data that you provide us will be kept for as long as you do not request its deletion; even if this is requested, we may keep it, limiting its processing, solely for compliance with legal obligations and/or the exercise or defence of claims.

6- What is the legitimacy for the processing of your data?

In some cases (e.g. members, buyers of tickets or items from our online store), the legal basis which legitimises our processing of your data is the relationship derived from the existing contract between the parties; in others it will be via your consent, for example, if you have made a request via our web page, in the case of being a simple user, or if you are a participant in the activities and/or derived events, social, cultural or sports projects that we hold directly, via agreements with other entities or organisations. This consent is unequivocally granted to us by you providing us with your data online, via our website, or offline, considering said provision as a clear affirmative act which manifests such consent. You can withdraw this consent at any time by sending us an e-mail in this regard to rgpd@athletic-club.eus with said withdrawal not affecting the processing of your data for the rest of the purposes as described.

In other cases it may be to comply with a legal obligation, for example in the case of regulations on the prevention of violence at sports venues and in other cases, given the relevant and appropriate relationship that you have with us as member, supporter, collaborator or user of our site, participating in activities and/or events, social, cultural or sports projects that we run, we have a legitimate interest in processing your data for its maintenance and management.

  • Holding draws and promotions among our members and supporters, participating in activities and/or events, social, cultural or sports projects that we run
  • In activities or events, taking photographs and/or videos that may be posted on this website, and, where appropriate, any of its sub-domains, micro-sites and/or mobile applications, in the profiles that the Club or the Foundation possess, in any social networks, as well as on YouTube, to inform users about events, to document them, and be part of the photographic/video memory of them. So your image may be published in advertising posters, brochures, programs, and other Club materials.
  • Improving your user experience or developing, customising and further improving our services according to preferences, experiences and common or personal difficulties of users, and for this purpose we may produce profiles with the information we have, but we will not take automated decisions on the basis of said profiles.
  • Conduct opinion and/or satisfaction surveys and send you information about our activities, products and/or services (including advertising and/or commercial communications for the purposes of article 21 LSSICE 34/2002), or any of the companies collaborating with the Club or the Foundation, although in no case will we communicate your personal data, but rather that information will always be produced via our own means.
  • Your comments on the Athletic Club profiles on social networks may be published on our website, as well as any photographs included in those comments

These purposes are compatible with the initial purposes for which we collected your data (managing contact and communication with you, and maintaining the relationship that binds us), but, in any case, the provision of your data for the above purposes, derived from our interest legitimate, is always voluntary and your interests, rights or freedoms will always prevail over our legitimate interest, so if you ask us to delete and stop processing your data for these purposes (sending us an e-mail in this regard to rgpd@ athletic-club.eus) we will do so, being able to retain your information in blocked form for the formulation, exercise or defence of claims. This withdrawal does not affect the processing of your data for the rest of the purposes described.

If you have provided sensitive data subject to special protection, the legitimacy to process it is by express consent. You give us this consent unequivocally when you provide us with your information, considering this provision as a clear affirmative act that manifests such consent. The provision of the data requested is mandatory because it is essential to respond to your request; if you do not provide it, we cannot carry out your request. You can withdraw this consent at any time by sending us an e-mail in this regard to rgpd@athletic-club.eus. This withdrawal does not affect the processing of your data for the rest of the purposes described.

7- To which recipients will we be able to communicate your data?

We inform you that the data you provide may be communicated to third parties for the fulfilment of purposes directly relating to legitimate functions of the assignor and assignee, such as:

  • To companies which are responsible at all times for the logistics of sending and delivery of products from the on-line store;
  • To entities or organisations to which the Club has a legal obligation to communicate data, to the Professional Football League, as the owner of the member management program, to third parties as obliged by antiviolence regulations and the Professional Football League for access control and compliance with antiviolence regulations at sports venues, tax administration;
  • To banking entities for payment management;
  • To the Fundación Athletic Club Fundazioa to send you information about its activities;
  • In the case of competitions that we organise within the framework of activities or events, we may communicate data of participants to the jury, although we will try to send them pseudonymised or anonymous data.
  • We inform you that, in case of using US suppliers providing auxiliary services for our activities (hosting, housing, SaaS, remote backups, support services or computer maintenance, email management, sending e-mails and e- mail marketing, etc.), that they may have access to personal data: we will choose companies that adhere to the Privacy Shield agreement between the US and the EU, which means that they are obliged to meet requirements equivalent to European standards in terms of data protection. In any case, the acceptance of this protection policy expressly and unequivocally authorises the communication of data to these companies, understanding that this involves an international transfer of data to a country outside the European Economic Area, and giving your unequivocal consent to said transfer.

Our services include certain features and widgets of Social Networks, such as the features “Connect with Facebook” or “Login with Google”, the “Like” button on Facebook, the “Share” button or other common interactive mini-programs on social media. These Characteristics of Social Networks may collect information such as your IP address or what pages you visit on our Website, and may create a cookie to enable them to function correctly. The Characteristics of Social Networks are not hosted by a third party or directly in our Services. Your interactions with these third parties are governed by their policies and not by ours.

8- What are your rights when you provide us with your information?
  • Right of access: You can ask us what personal information we process, including requesting a copy of it.
  • Right of rectification: You can request the rectification of inaccurate personal data or that we complete information which is incomplete, including by means of an additional declaration.
  • Right of deletion (right to be forgotten): You can request the deletion of your personal data when: it is not necessary for the purposes for which it was collected, you withdraw your consent, there has been unlawful processing of it, or for compliance with a legal obligation.
  • Right to limitation of processing: You can ask us to limit the processing of your data, in which case we will only keep it for the exercise or defence of claims.
  • Right to data portability: You can ask us to return your personal data in a structured format commonly used and mechanically read, to you or a third party which you indicate.
  • Right of objection: You can oppose the processing of your data if said processing is based on the legitimate interest of the person responsible for the data file or is for advertising purposes.

To exercise all these rights you can contact us by written and signed request, enclosing in all cases a copy of your ID, to the postal or electronic address indicated in section 2 of this privacy policy. In case of modification of your data you must notify this at the same address, absolving any responsibility on the part of the company in case of not doing so.

Once received, any of the above requests will be responded to within a maximum period of 10 days.

You have the right to complain to the Spanish Agency for Data Protection. If you want more information about the rights you can exercise and for requesting models forms for the exercise of your rights, please visit the website of the Spanish Agency for Data Protection (Agencia Española de Protección de Datos), www.agpd.es.

PD718

Feedback