Privacy

MU PRIVACY POLICY

Manchester United's Privacy Policy

Manchester United is a group of companies which includes Manchester United Football Club Limited and various other entities (together “Manchester United”, "we", "our" and "us"). For a full and up-to-date list of entities within our Group please click here. This Privacy Policy ("Policy") applies to all companies within the Manchester United Group from time to time.

Date effective and last updated: 14 April 2025

A PDF version is available to download here.

 

1. About this Privacy Policy


As a data controller, Manchester United takes your privacy very seriously and so we want to safeguard the privacy and security of your personal data. This Policy explains what personal data we may collect about you, how we may use it, and the steps we take to keep it secure. In addition, this Policy explains your rights in respect of the processing of your personal data. This Policy also forms part of our digital terms of use, which you can read here.

This Policy applies whenever we process your personal data, except where we have otherwise stated below, which may be in the course of your use of the official Manchester United website (please see the following link here), the official Manchester United app, in connection with your receipt of our products or services, or in your other dealings with Manchester United as a member of the public, so please read it carefully. This Policy does not apply to our processing of your personal data related to our recruitment activities or in the capacity of your employment., as we have a separate Privacy Policy for those circumstances. If you are under the age of 16, please also refer to Section 15 "If you are under the age of 16 years" of this Policy for further information about the processing of your personal data.

Please note that if you make a purchase, or otherwise submit your personal data, via the official United Store (please see the following link here) then we will also process your personal data for this purpose in accordance with this Policy. Global-e Online Limited ("Global-e"), who act as merchant of record and are responsible for processing the payments made via the United Store, will also be processing your personal data but will do so in accordance with their own privacy policy, which can be found at the following link: Global-e Privacy Policy

In this Policy, the term “Data Protection Legislation” means any applicable data protection and direct marketing laws, including, but not limited to the General Data Protection Regulation (Regulation (EU) 2016/679) ("EU GDPR"), the Data Protection Act 2018 ("DPA 2018"), the EU GDPR as implemented into UK law ("UK GDPR") and any successor legislation to the EU GDPR, the UK GDPR, the DPA 2018 or any other applicable data protection and direct marketing laws.

Please note that our website and our other digital platforms contain links to third party websites and other digital platforms that are provided for your convenience. We are only responsible for the privacy practices and security of our own website and digital platforms. Therefore, we recommend that you check the privacy and security policies and procedures of every other website and digital platform that you visit.

2. How to contact us

If you have any questions or concerns about this Policy or how we process your personal data, please email us at privacy@manutd.co.uk or write to us at the following address:

Legal and Business Affairs, Manchester United Football Club Limited, Sir Matt Busby Way, Old Trafford, Manchester M16 0RA.

3. What personal data do we collect and what purposes do we use it for?

The personal data that we process about you and the purposes for which we process your personal data are set out in this Section 3 of this Policy.

Processing purposes

Please see the following list of processing purposes and related purposes:

· to manage general enquires;

· to administer and provide products and services that you purchase, request or have expressed an interest in;

· to provide e-ticketing products and services and fulfil our contract with you by providing the platform for you to engage in either a 'strong relationship' and/or 'standard relationship' with other individuals as these relationships relate to e-ticketing (please see Section 7 "How we process your personal data for e-ticketing purposes" of this Policy for more information);

· to administer any competitions or other offers and/or promotions which you enter into;

· for fraud screening and prevention;

· for crime prevention and detection;

· for safety and security purposes, including the safety and security of our players, supporters, staff, workers and other individuals who are present at our stadium (both on match days and non-match days);

· for record keeping purposes;

· for service messaging; · for marketing purposes (please see Section 4 "What is our lawful basis for processing?" and Section 13 "Direct Marketing" of this Policy for more information);

· to carry out market research so that we can improve the products and services that we offer;

· to create and manage/update an individual account for you so that we can understand and respect your preferences;

· to track, personalise and improve your experience on our digital platforms (e.g. the Manchester United website and the Manchester United app); and/or

· to conduct identification checks using facial recognition technology for season ticket renewals (please see Section 7 "How we process your personal data for e-ticketing purposes" of this Policy for more information).

Categories of personal data and additional processing purposes

When we provide you with products or services, we may process any personal data that you provide to us. For example, we may process your name, address, date of birth, delivery address, email address, telephone number and payment card details. We may also be required to record details of any disability, health or dietary needs that you may have at the time of booking an event or service, which will take place at the stadium or any of our other premises to help us ensure your comfort and safety.

In respect of e-ticketing products and services, we may process your name, address, date of birth, delivery address, email address, telephone number, payment card details, information provided or created as part of identification check processes for season ticket renewals (for example, your identification documents) and details about your relationship connections with other individuals, including the type of relationship. We may also process details about the sharing of tickets, subscriptions and other purchasing details. Please see Section 7 "How we process your personal data for e-ticketing purposes" of this Policy for more information about how we use your personal data in relation to our e-ticketing products and services.

When you otherwise interact with us (for example, when you sign up with us for an online account, register to receive marketing communications from us and/or our sponsors and partners, enter one of our competitions, fill in one of our online or offline forms or otherwise expressly provide us with your personal data), we will process any personal data that you provide to us. This may include, but is not limited to, your name, address, email address, date of birth and mobile telephone number. We may use this data to personalise and improve your experience on our digital platforms, provide products and services you request from us (including personalisation of those products or services), and carry out profiling and market research.

When you interact with our website or other digital platforms, we may also automatically process certain information about your visit that may include us using this data to analyse which marketing activity led to you taking a specific action on our digital platforms (e.g. downloading the Manchester United app). Please note that this processing is based on your consent and/or in our legitimate interest to help us better understand how our supporters use our digital platforms, to enable us to create more relevant content and communications (please see Section 4 "What is our lawful basis for processing?" of this Policy for more information). Please see the following non-exhaustive list of personal data that we may process for this purpose:

· how you have reached our digital platform and the internet protocol (IP) address you have used;

· inferring your country of location from the IP address you have used to access our digital platforms;

· your browser type, versions and plug-ins, and your operating system;

· your journey through our digital platform, including which links you click on and any searches you made, how long you stayed on a page, and other page interaction information;

· which videos you have watched and for how long;

· what content you like or share;

· which adverts you saw and responded to;

· which pop up or push messages you might have seen and responded to;

· your subscription status; and/or

· information collected in any forms that you complete.

We may also participate in ‘audience’ services across all social media channels upon which Manchester United has a presence in order to display personalised advertisements when you visit these social media platforms. An example of these services is Meta's ‘Custom Audience’ service. These audience services work by converting your email address (or other personal data such as name, address, date of birth, mobile number and/or geographical location) to a unique number that the social media platform uses to match to unique

numbers that the social media platform generates from email addresses of its users. Where we use such social media advertising services, we will only include you if you have consented to receive marketing from us. Please note that you can withdraw your consent at any time by changing your preferences in your online preference centre or contacting us as set out in Section 2 “How to contact us” of this Policy.

When you choose to use our customer services screen share to allow our customer service advisors to remotely access your Manchester United web page, then the session may be recorded for the purpose of training, monitoring and quality control. This will be done based on the lawful basis of legitimate interests (please see Section 4 "What is our lawful basis for processing?" of this Policy for more information). Please note that card payment details will not be recorded for this purpose.

4. What is our lawful basis for processing?

In this Section 4 of this Policy, we provide a general explanation of each 'lawful basis' that Manchester United rely on to process your personal data to assist you with understanding this Policy.

Please see the following non-exhaustive list of lawful bases that we may rely upon:

· Performance of a Contract: When it is necessary for Manchester United (or a third party) to process your personal data to enter into and then fulfil a contract with you to provide you with the products and/or services that you have requested.

· Legitimate Interests: We may process your personal data to pursue our own legitimate interests or those of a third party, such as:

o Commercial interests (e.g. to conduct direct marketing via the post or where an exception to the consent requirement applies for electronic direct marketing – please see Section 13 "Direct Marketing" of this Policy for further information; and

o Non-commercial interests (e.g. to detect and prevent fraud) in providing a high-quality service to you. If you would like more information about this, please contact us as set out in Section 2 “How to contact us” of this Policy.

· Consent: We rely on consent to process your personal data in certain circumstances:

o To conduct electronic direct marketing activities, where you have opted in with us directly or via a third party – please see Section 13 "Direct Marketing" of this Policy for further information; and/or

o In respect of some special category data (which is personal data considered more sensitive in nature such as disability, health or dietary needs information and biometric data), we rely on your explicit consent.

In these cases, you can withdraw your consent at any time and can do this by contacting us as set out in Section 2 “How to contact us” of this Policy. However, your withdrawal of your consent will not affect the lawfulness of any processing carried out by us before you withdraw your consent.

· Compliance with Legal Obligations: When we must process your personal data to comply with our regulatory and/or legal obligations within the markets that we operate (e.g. to detect and prevent fraud and/or criminal acts).

· Substantial Public Interest: We may process your personal data for reasons of substantial public interest and, specifically in the UK, based on the available exemptions contained within the DPA 2018 which permit us to process your special category data without your explicit consent (for example, to prevent fraud, to prevent or detect unlawful acts and/or to fulfil our regulatory requirements relating to unlawful acts and dishonesty).

· Vital interests: We may process personal data where it is necessary to protect your vital interests or those of others, for example in the event of an emergency or an imminent threat to life.

5. How do we collect your personal data?

In this Section 5 of this Policy, we set out how we collect and process your personal data. We provide a list of potential sources below:

· provided by you to Manchester United;

· from other individuals where you have either a strong relationship or standard relationship as these relationships relate to e-ticketing products and services (please see Section 7 "How we process your personal data for e-ticketing purposes" of this Policy for more information);

· when you use any Manchester United digital platforms such as the Manchester United website and/or Manchester United app;

· from other sources such as authorised third parties who administer services on behalf of Manchester United;

· law enforcement and fraud prevention agencies to undertake checks for the purposes of preventing financial crime, fraud, and to verify your identity or in connection with any sanctions and/or legal proceedings; and/or

· the Premier League, The Football Association, other football and sports clubs and other users of our premises such as organisers of events.

When we receive data from organisations such as law enforcement agencies, the Premier League, The Football Association, other football and sports clubs and other users of our premises (such as organisers of events), this will primarily be based on the lawful basis legitimate interests. We also rely on other lawful bases for certain processing activities for the purposes set out in elements (c), (d), (e) and (f) under the heading "Other third parties and purposes" of Section 6 "Who do we share your personal data with and for what purpose?" of this Policy.

6. Who do we share your personal data with and for what purpose?

In this Section 6 of this Policy, we set out the third parties that we share your personal data with and for what processing purposes.

Service providers

In order to provide our products and services to you, to host your data, manage and/or respond to your enquires, or to otherwise fulfil contractual arrangements that we have with you, we appoint other organisations to carry out some of the data processing activities on our behalf. To do this we will need to share your personal data with these service providers. These providers may include, but are not limited to, the following: 1) payment processing providers; 2) delivery providers; 3) fraud prevention and screening organisations; 4) identification

verification service providers (such as GBG Group plc); 5) credit risk management companies; and 6) mailing houses.

Advertising networks and/or social media platforms

With advertising networks and/or social media platforms for the purposes of selecting and serving relevant adverts to you via those networks/platforms (including to serve relevant adverts to you when you visit our own digital platforms), and to search engine and analytics providers. We will only do so where your preferences enable us to. Sponsors and partners With our carefully selected sponsors and partners (as may change from time to time) but we will only do this if you have consented to receive marketing from our sponsors and partners or if we are required to do so for any of the purposes set out in this Section 6 of this Policy. Please note that you can withdraw your consent at any time and can do this by contacting us as set out in Section 2 “How to contact us” of this Policy.

Other individuals for e-ticketing

With other individuals (e.g. other supporters) to facilitate either a strong relationship and/or standard relationship as these relationships relate to e-ticketing products and services (please see Section 7 "How we process your personal data for e-ticketing purposes" of this Policy for more information).

Other third parties and purposes

Furthermore, we may share your data with third parties for the purposes set out in the following non-exhaustive list:

(a) if we are under a legal or regulatory duty to do so; (b) if it is necessary to do so for our legitimate interest of enforcing our Terms & Conditions of Sale, our Terms of Use or other contractual rights;

(c) to lawfully assist the police, law enforcement or security services with the prevention and detection of crime or terrorist activity;

(d) where such disclosure is necessary for the legitimate interests of protecting the safety or security of any persons, including without limitation the safety and security of our players, supporters, staff, workers and other individuals who are present at our stadium both on match days and non-match days (please see Section 4 "What is our lawful basis for processing?" of this Policy for more information);

(e) where such disclosure is necessary for the legitimate interests of investigating breaches of our ticketing terms and conditions and/or ground regulations which may include, without limitation, investigation of behaviour which is liable to attract a sanction under our sanctioning policy (please see Section 4 "What is our lawful basis for processing?" of this Policy for more information);

(f) where such disclosure is necessary to provide or fulfil a product or service you have ordered; and/or

(g) otherwise as permitted under applicable law.

Where we disclose your personal data to any third parties, we will take appropriate steps to ensure that your information is appropriately protected.

7. How we process your personal data for e-ticketing purposes

In this Section 7 of this Policy, we explain how we process your personal data for e-ticketing purposes. As described in Section 3 “What personal data do we collect and what purposes do we use it for?” of this Policy, we may process your personal data to fulfil a contract with you by facilitating our e-ticketing products and services and to conduct identification checks using facial recognition technology to confirm your identity for season ticket renewals. This processing will include enabling you to manage your relationships with other individuals in respect of e-ticketing. The two types of relationships that we offer on the e-ticketing platform are either: (a) strong relationship; or (b) standard relationship, which are explained below:

Strong relationship

In respect of a strong relationship, we recommend that this type of relationship is reserved for close family members only because people sharing this relationship type have full access to each other's tickets, subscriptions, and other purchases. A strong relationship offers more management capabilities, such as renewing, upgrading, or forwarding another person's tickets. For a strong relationship if you want to view and manage each other's tickets directly in the Manchester United app, then you will also need to set up an 'app ticketing relationship' with the other individual.

Standard relationship

A 'standard relationship' allows for basic interactions only such as applying for match tickets together and forwarding tickets to someone you are linked with at this level, so this type of relationship can be used more widely and for less formal relationships. If you do not need Manchester United app ticket visibility, then a 'standard relationship' will suffice.

Age 16 or under For information specific to individuals under 16 years of age, please refer to Section 15 "If you are under the age of 16 years" of this Policy for further details.

Identification checks from season ticket renewals

Existing season ticket holders will receive an email informing them that their season ticket is expiring which will contain a link to start the renewal process electronically. By clicking on the link, you will be directed to GBG Group plc's website who will obtain your explicit consent and complete an identification check using facial recognition technology on our behalf. The purpose of these checks is so that we can fulfil our regulatory obligations and detect and prevent fraudulent activity. For the purpose of conducting the identification checks, GBG Group plc will process the information provided as a processor on our behalf.

As part of the electronic identification check, you will be asked to take a live passport-style photograph of yourself and also provide a copy of a photographic identification document. Our FAQs page provides some examples of the accepted forms of identification. GBG Group plc's facial recognition technology will compare the live photograph and the photograph on the identification document to verify your identity and cross-reference the information provided against the information that we hold about you through our ticketing solution

(SeatGeek) to ensure that they match. As part of this process, a passive liveness check will be conducted which will involve a series of checks to detect common 'spoofing' tactics to ensure that you are a genuine individual.

GBG Group plc will then share the result of your identification check with us – if you have passed the identification check, you will be able to proceed to renew your season ticket; if you have not passed the identification check, you will be told the reason for this and what you need to do next.

If you require assistance or further information on the accessible alternative option (for example, if you do not have a photographic identification document), please refer to our FAQs page for support.

We will only use the information collected as part of the identification check to verify your identity in order to renew your season ticket with us. Our service provider, GBG Group plc, may also use this information to generate risk scores or create fraud and/or identity alerts, insights and reports via their Consortium Fraud Network (for fraud prevention and/or compliance purposes), which may involve combining and matching the data and profiling – please refer to the "What do we do?" section of GBG Group plc's Privacy Policy for more information about this. Your information will not be sold to anyone.

Please see Section 10 "How long do we retain your personal data?" of this Policy to understand how your information provided as part of the electronic identification check process is stored.

8. Telephone calls and CCTV

In this Section 8 of this Policy, we explain how we process your personal data during telephone calls and our use of CCTV.

Manchester United may monitor or record telephone calls for security purposes, fraud prevention, training purposes and to improve the quality of services that we provide to you.

Please note that for your safety and security, the safety and security of our staff and visitors, and for the prevention and detection of crime, CCTV is in operation in all of our premises that are open to the public.

There is signage in and around all sites that operate CCTV.

9. Security of information

In this Section 9 of this Policy, we explain how we keep your personal data secure.

Manchester United takes the security of your personal data extremely seriously. When you submit your credit card details to our payment processing providers, they use industry standard Secure Sockets Layer (SSL) encryption technology and solutions compliant with The Payment Card Industry Data Security Standard to protect your information. In addition, we have robust security procedures in place to protect our databases from loss and misuse, and we only allow access to them when it is absolutely necessary to do so, and then under strict guidelines as to what use may be made of the personal data contained within them. We also have contracts in place with our service providers which require them to have an appropriately high degree of security in place to protect the personal data that they process.

Where a password is required to access certain areas of our digital platforms, you are responsible for keeping your password secure and confidential. Please do not share or disclose your password to any other person.

10. How long do we retain your personal data?

In this Section 10 of this Policy, we explain how long we retain your personal data and how it is deleted.

We will securely retain your information for as long as is reasonably necessary to fulfil the purpose for which it was collected (and in accordance with applicable law). At the end of that retention period, your data will either be deleted completely or anonymised, for example by aggregation with other data so that it can be used in a non-identifiable way for statistical analysis.

In respect of the electronic identification process, our service provider (GBG Group plc) will retain this data on our behalf for 31 days. Where GBG Group plc requires this data for its own audit purposes, and as set out in Section 7 "How we process your personal data for e-ticketing purposes", it will retain it for one year. In these circumstances, GBG Group plc will act as an independent controller.

11. Do we transfer your personal data to other countries?

In this Section 11 of this Policy, we explain how we protect your personal data if it is transferred to other countries.

The personal data that we collect about you may be transferred to, and stored at, a destination outside the United Kingdom ("UK") and/or the European Economic Area ("EEA"). Whenever we transfer your personal data outside of the UK and/or the EEA to a third country, we make sure that a similar degree of protection is afforded to it by ensuring that at least one of the safeguards required under the Data Protection Legislation is implemented. Please contact us if you want further information on the specific mechanism used by us when transferring your personal data outside of the UK and/or the EEA.

12. What are your rights in respect of the processing of your personal data?

In this Section 12 of this Policy, we explain the rights you have related to the processing of your personal data.

Under the Data Protection Legislation, you have certain rights (subject to certain exemptions) that we have set out below. Please note that you may have additional rights depending on where you are located:

· Your right of access: You have the right to ask us for copies of your personal data.

· Your right to rectification: You have the right to ask us to rectify personal data you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. Please note that you can also update the information on your account on our website at any time. We encourage you to promptly update your personal data if it changes.

· Your right to erasure: You have the right to ask us to erase your personal data in certain circumstances.

· Your right to restriction of processing: You have the right to ask us to restrict the processing of your personal data in certain circumstances.

· Your right to object to processing: You have the right to object to the processing of your personal data in certain circumstances.

· Your right to data portability: You have the right to ask that we transfer the personal data you gave us to another organisation, or to you, in certain circumstances.

· Your right to not be subject to a decision based on automated processing: You have the right to request that certain decisions are made with human intervention.

As mentioned above, where we are relying on consent to process your personal data, you are able to withdraw your consent at any time. You can do this by changing your preferences in your online preference centre or contacting us as set out in Section 2 “How to contact us” of this Policy or by. However, your withdrawal of your consent will not affect the lawfulness of any processing carried out by us before you withdraw your consent.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information to clarify your request to assist us with providing you with a response.

We are generally required to respond to requests within one calendar month. We may extend this deadline by a further two months if your request is complex and/or if you submit several requests to us. Please note that other laws may apply to you with different timescales. If we do extend the deadline then we will communicate this to you and we will always aim to provide you with a response to your request as soon as possible.

You are not usually required to pay any charge for exercising your rights. However, we may charge a 'reasonable fee' for administrative costs if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

13. Direct Marketing

In this Section 13 of this Policy, we explain the processing of your personal data for direct marketing purposes.

If you have ‘opted in’ (either with us directly or via a third party, e.g., the Premier League etc.), we may contact you by telephone, e-mail or using other contact details supplied by you in order to inform you of services or products in which we believe you may be interested.

We may also have legitimate interests in sharing information about our services or products via the post, or we may contact you where an exception to the consent requirement applies (e.g. to follow up on your purchase of our products or services and/or an enquiry that you have made about our products or services).

At a later stage, if you do not wish to receive such information, you may unsubscribe at any time by:

· Following the instructions provided in the communication you have received from us;

· Changing your preferences via your online account; · E-mailing us at privacy@manutd.co.uk with your name, address and customer number; or

· Writing to us at Legal and Business Affairs, Manchester United Football Club Limited, Sir Matt Busby Way, Old Trafford, Manchester M16 0RA.

Please include your name, postal address, date of birth and email address when you contact us.

Please allow up to one calendar month, unless local laws require otherwise, for the unsubscribe process to be completed.

14. Cookies

In this Section 14 of this Policy, we provide you with information about our use of cookies to process your personal data.

In common with many other website operators, we use standard technology called 'cookies' on our website. Cookies are small pieces of information that are stored by your browser on your computer's hard drive and they are used to record how you navigate this website on each visit.

For further, more detailed information on how we use cookies, please refer to our Cookie Policy that you can read here.

15. If you are under the age of 16 years

In this Section 15 of this Policy, we provide you with additional information about the processing of your personal data if you are under the age of 16 years.

e-ticketing

If you are under 16 years of age then you will only be able to create and engage with strong relationships for purposes of e-ticketing products and services. This means that you will not be able to form any 'standard relationships'. Please note that an app ticketing relationship is not required for an adult that you have a strong relationship with to be able to view and manage your e-tickets.

In order to renew your season ticket with us through the electronic process, we will need your parent or legal guardian to provide their consent before you complete the identification check. Please see Section 7 "How we process your personal data for e-ticketing purposes" of this Policy to understand how that process works and the alternative accessible option that is available.

Age 16

If you are under 16 years of age and register for restricted areas of our digital platforms, we will collect your date of birth and retain that with your name and other details that you may provide. This is so that we can ensure that we treat you in an age appropriate way in line with this Policy.

For so long as you are under 16 years of age we will not send you any marketing communications, allow you to access any of our digital platform message boards, or share your details with our Manchester United commercial partners. However, if you have signed up to receive a product or service then we may contact you about this.

Ages 13 – 15

If you are aged 13 – 15 years of age, then you must first tell your parent or legal guardian that you wish to register on our digital platforms and get their consent to do so. You must make sure that your parent or legal guardian knows and agrees each time before you do any of the following:

· email us, or ask us to email anything to you;

· send any information to us;

· enter any competition or game that requires information about you or offers a prize;

· purchase an official membership; and/or

· offer or agree to buy anything online.

If you are the parent or legal guardian of a user of our digital platforms who is aged 13 to 15 years of age we do not seek your direct consent to their registration. However, we do expect them to inform you and get your agreement in advance before they register with our digital platforms and before each time they do any of the activities listed above in this Section 15 of this Policy.

Aged under 13

If you are under 13 years of age, you may only use the restricted areas of our digital platforms if your parent or legal guardian has first told us that you are allowed to do so.

If you are under 13 years of age and wish to register with our digital platforms, then you must truthfully tell us your name, email address, country and date of birth. Our system will then ask you for the name and email address of your parent or legal guardian. We will send them an email so that they are aware of your request. We will ask them for their consent to allow you to register and to confirm that they have the authority to give consent. We need to receive their consent or refusal within seven days, or we will assume that their consent is not granted. Please keep in mind that their consent can be withdrawn at any time.

Even if your parent or legal guardian gives their consent to your registration with our digital platforms, if you are under 13 years of age then we still expect you to tell them and get their agreement in advance each time before you do any of the following:

· email us, or ask us to email anything to you;

· send any information to us;

· enter any competition or game that requires information about you or offers a prize;

· purchase an official membership; and/or

· offer or agree to buy anything online.

Parent or legal guardian

If you are the parent or legal guardian of a user of our digital platforms who is under 13 years of age, then they can access and use unrestricted areas of our digital platforms but we will need your direct consent if they wish to gain access to restricted areas.

If a user enters a date of birth which indicates that they are under 13 years of age when they try to register, our system will request them to provide us with your name and email address so that we can contact you to get your consent. The registration process cannot proceed without this. If we do not hear from you within seven days, then we will assume your consent is refused. If you consent, then we will complete the registration process. Whether you refuse or provide consent, we will update the child by email of the outcome.

16. Where to make a complaint

In this Section 16 of this Policy, we provide you with information about how you can submit a complaint about the processing of your personal data.

If you have any concerns regarding the processing of your personal data, then you have the right to lodge a complaint with an appropriate regulator. We would always appreciate the opportunity to resolve a complaint before you contact a regulator and so we encourage you to contact us initially before you submit a complaint to a regulator. Our details are in Section 2 "How to contact us" of this Policy.

United Kingdom

For the UK the appropriate regulator would be the Information Commissioner's Office ("ICO"), please see the following contact details:

The ICO’s address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.

ICO website: https://ico.org.uk/

ICO helpline number: 0303 123 1113

ICO live chat option: https://ico.org.uk/global/contact-us/contact-us-public/public-advice/

European Economic Area

For the EEA you can submit a complaint to any regulator located in the EEA such as Ireland's Data Protection Commission ("DPC"), please see the following contact details:

The DPC’s address: Data Protection Commission, 21 Fitzwilliam Square, South Dublin 2, D02 RD28.

DPC website: https://www.dataprotection.ie/en

DPC helpline number: (01) 765 01 00 (Monday – Friday 9:30am – 1pm)

DPC online form: https://www.dataprotection.ie/en/contact/how-contact-us

17. Changes to this Policy

We aim to meet high standards and so our policies and procedures are periodically reviewed. From time to time, we may change this Policy and so we recommend that you check this page often in order to review the latest version. Any material changes made to this Policy will be communicated to those affected by the update.

(Last updated on 14 April 2025)