ATHLETIC CLUB is committed to protecting privacy and making proper use of the personal data that we process and that you provide us with, both on this website and, where applicable, any of its sub-domains, micro-sites and/or mobile applications, and offline.
Please read this policy carefully and make sure that you understand it and agree to it before providing us with your personal data. If you do not agree with it, do not use this website or its services or provide us with your data.
3.1 Obtained from the data subject.
If you are a member, supporter, or assignee of another member’s membership card, or user of our website, you have provided data yourself, either off-line or on-line, when applying for membership or registration, or any of our products or services (tickets, products from our on-line shop, visiting the museum or the stadium, etc.), or contacting us for information.
By providing us with your data, you warrant that you are entitled to do so, and that the information is accurate, up to date, and does not infringe any contractual restrictions or third party rights. You are responsible for keeping your data accurate and up-to-date, and ATHLETIC CLUB accepts no responsibility if you do not do so. You undertake not to impersonate other users by using their registration data for the different services and/or contents of the website.
3.2 Obtained automatically when visiting our website:
We collect information through cookies and other tracking and web analytics technologies when you visit our website. That means that data are sent from your browser to our servers to optimise our services and improve your user experience. Such data may be collected and stored automatically by us or by third parties on our behalf. Please check out our cookie policy.
Our website does NOT use internet retargeting technology, but we do use such technologies on Google, social networks, etc. We believe that showing personalised advertising, based on your interests, is more interesting for our partners/supporters than advertising that does not have a personal connection.
To do this, we work with companies that use tracking technologies to display ads from us on the internet. Retargeting technologies may collect information about your visits to our website or mobile applications and your interaction with our communications, including advertising. They analyse their cookies to show you advertising based on your browsing behaviour, both on our website and on other third-party sites. We do not store any personal data about you using this technology, as it is stored in your own browser.
In relation to this, we use location-based services to help you find the nearest Athletic shop through mobile applications such as Google Maps and Bing Maps. To facilitate this process, we load an image into the application, and save the map image and route data on our server. If you use these mobile apps, they can receive information about your actual location (such as GPS signals sent by a mobile device) or information that can be used to approximate your location. Generally, you can enable or disable your location services in your device or browser settings. For more information about Google Maps and Bing Maps please see their privacy policies.
3.3 Obtained from someone other than the data subject.
It is possible that your data have not been provided to us directly by you, but by a third party to whom you have previously provided such data. For example: Someone who decides to associate you, the president of a supporters’ club who provides details about its members, clubs or entities or organisations with which we reach agreements to develop social, cultural or sporting projects, etc. In such cases, the types of data we may process are mainly identification data and, in some cases, data on personal characteristics, or data on social circumstances.
With respect to the data of other people, you must respect their privacy, taking particular care when passing on or publishing their personal data. Only the data subject may authorise the processing of their personal data. In addition to infringing the legislation on data protection, the publication of third party data without their consent may also infringe legislation relating to the right to honour, right to privacy or the right to self-image of third parties.
It is the responsibility of those who provide data of third parties: a) to have their prior and express consent to use them, and b) to inform them of how we will process their data. By accepting this privacy policy, whoever provides third party data expressly warrants that they have the authorisation to provide such data, exonerating us from any liability in the event of any claim by the data subject.
The types of data we process may include:
Special categories of data:
We do not process special categories of data on this website.
Data relating to minors:
If you are under the age of 14 and would like to provide us with your data so that you can use our web services, request our services or products, or take part in any of the activities we offer, you can register on the ATHLETIC CLUB websites and apps only with the permission and consent of your parents. Ask them to help you fill in the forms where we ask for your personal details.
Parents of children under the age of 14 must prevent minors in their care from accessing the web pages and apps and/or providing personal data without their supervision, and the Club accepts no responsibility in this regard.
If we find that a child under the age of 14 has registered without authorisation, we may ask their parents or guardians to send the appropriate documents proving that they have given their permission. If not, the user or registration will be deregistered as soon as possible.
If parents, guardians or legal representatives of minors detect unauthorised data processing, they may submit their complaints or queries to [email protected].
We may process the data you provide us together with all the data generated during the course of our relationship with you for different purposes, under different legal grounds:
Said contents may be published on the internet (on this website, on our social media profiles, etc.), on paper (reports, brochures, programmes, magazines, advertising and information posters and other printed material, etc.), as well as on the Club’s own premises.
If you do not want your image to be captured or disseminated, please let us know if possible at the time the image is captured or by sending an e-mail to [email protected], so that we can respond to your request as a matter of priority.
We may make automated decisions based on that profile. However, the only consequence for you resulting from these automated decisions will be to send you personalised information, so we understand that this does not have a significant impact on your rights (as it has no legal effect on them). Nor does it affect you significantly in a similar way, or have a discriminatory effect, which is why these profiles are based on our legitimate interest.
We will keep the personal data you provide us with for the duration of the contractual, pre-contractual or commercial relationship and, once these are terminated, for as long as the data subject does not request their deletion. Even if deletion is requested, we may keep them for as long as necessary, and limit their processing, solely for the following purposes:
In coordination with the above criteria, the deletion of personal data either in computerised records or on paper may be carried out, at the organisation’s discretion, depending on logistical and/or storage space requirements that make it advisable to delete information or documentation.
The data you provide us may be disclosed to third parties to fulfil purposes directly related to the legitimate functions of the transferor and transferee, such as:
ATHLETIC CLUB will ensure that personal data is always processed and located in the European Economic Area. However, in certain circumstances, we may make international transfers of data, for example, where it is necessary to enter into or execute a contract, in the interest of the data subject, between ATHLETIC CLUB and another natural or legal person; or where it is necessary to execute a contract between the data subject and ATHLETIC CLUB, for example when using service providers located outside the European Union, who may have access to personal data to provide ancillary services to our business (hosting, housing, SaaS, remote backups, IT support or maintenance services, e-mail managers, sending e-mails and e-mail marketing, file transfer, etc.) or to execute pre-contractual measures taken at the request of the data subject.
These entities may be different and vary over time, but we will endeavour to choose entities from countries with a level of protection equivalent to the European level of data protection, or which have the appropriate guarantees to achieve this level, or on the basis of one of the exceptions provided for in the GDPR.
In the event that we provide you with an instant messaging app to facilitate communication with you, please use it responsibly, read the privacy policy of the app and configure it according to your preferences before sending information with personal data by such means.
Although these types of instant messaging apps can be useful in certain circumstances, we would like to remind you that the information you post on the internet is accessible to many known and unknown people, so there is a risk to your privacy and the privacy of others.
We recommend that you do not provide personal, private and/or intimate information or information that you want to keep confidential, as there are more secure ways to do so. We cannot be held responsible for the functioning and availability of the service as it is not provided by us but by third parties.
Our services may include certain social network features and widgets, such as the “Facebook Connect” connection button, the “Like” button, the “Share” button and other common interactive social media mini-programs. We shall not be held responsible for the proper functioning of these.
The provision of certain registration data (or their use if you are already registered as a member or supporter and mark the corresponding option on the registration form, or data from your Facebook profile if you use the Facebook Connect option to register) shall be compulsory in some cases: for example, to access certain services or content, such as online shopping, online supporter, contact, VIP area, access to view or download audiovisual content … as these data are essential requirements for processing for the purposes described further above in this section. Failure to provide the information will mean that we cannot carry out the services requested.
Please note that if you decide to take part, publish or share content through our official page on a social network, such content will be public, and it will be your sole responsibility to ensure that such content complies with legal regulations.
You can prevent your personal data associated with this participation from appearing by configuring your privacy settings, or by pseudonymising your data (e.g. by using a nickname or alias).
We would like to remind you that, with regard to other people’s data, you must respect their privacy and take special care when communicating or publishing their personal data. Only the data subject may authorise the processing of their personal data.
The user may only publish personal data, photographs and information or other content that belongs to them or for which they are authorised by a third party on this website or on our official social media page. If you publish data of third parties, it is your responsibility to have their prior and express consent to use and publish them. In addition to infringing the legislation on data protection, the publication of third party data without their consent may also infringe legislation relating to the right to honour, right to privacy or the right to self-image of third parties.
In any case, we may remove any content published by a user from this website and from our social media pages when we detect that the user has violated current legislation and the provisions of this privacy policy.
Social networks are not hosted directly on our services. Your interaction with these social networks is governed by their policies, not ours. Read the privacy policies of these social networks for more detailed information about the process of collecting and transferring your personal data, your rights and your privacy settings.
We collect data through these applications, in particular through functional and analytical cookies to enable them to function properly. These cookies may collect information about your IP address, or your browsing.
In addition, if you log in to one of these social networks during a visit to one of our websites or mobile applications, the social network may add that information to your profile and that information will be transferred to the social network. If you do not want this data transfer to take place, please log out of the social network before entering our websites or mobile apps, as we have no influence over this data collection and transfer via social plug-ins.
Likewise, we can offer third-party content or services through our website (using framing techniques), preserving the appearance of our website, and displaying the appearance of the third party providing the service within it. Please note that the information you provide will be supplied to those third parties, not to us, and therefore the policies of those third parties will apply, not ours.
Where applicable, you may exercise your rights of access, rectification, deletion, limitation and opposition to your data being processed, and other rights, at the postal or e-mail address stated at the beginning of this privacy policy, in both cases by means of a written and signed request, attaching a copy of your ID card or passport or other valid document that identifies you. If you wish to modify your data, you must notify us at the same address, with the Club disclaiming all liability if you fail to do so.
Once we have received any of the above requests, we will respond to you within the legally established time frames. You may make a complaint to the Spanish Data Protection Agency. If you would like more information about the rights that you may exercise and to request the forms required to exercise your rights, you can visit the website of the Spanish Data Protection Agency at www.aepd.es