Privacy Policy

Who We Are

The Celtic Trust (“CST”, “The Trust”,“we”, “our”, “us”) is an Industrial & Provident Society registered with the Registrar of Friendly Societies on 13 November 2000, and the Information Commissioner’s Office (ICO)
ICO Registration number ZB396287.

We are committed to protecting the privacy of our members and visitors. This Privacy Policy explains how we collect, use and protect your personal data when you use our websites (celtictrust.net, shareholders.celtictrust.net) or join as a member.

Data Control

CST is the data controller for all personal data submitted through our websites or membership portal.
Contact: trust@celtictrust.net

Data We Collect

Identification Data

• Name
• Telephone Number
• Email Address
• Date of birth
• Postal Address
• Shareholder or season ticket status
• Your membership type
• Volunteer status (whether or not you wish to offer help in the running of The Trust)

Account Data

• Login credentials
• Membership start, renewal and cancellation history
• Communication preferences

Payment Data

• Stripe payment identifiers
• Subscription details
• Card expiry month and year (via Stripe)

CST does not store full card numbers.

Technical Data

• IP address
• Device and browser information
• Cookies
• Analytics

Cookies

CST uses cookies to improve website functionality, security and user experience.

Types of Cookies We Use

• Essential cookies: Required for site functionality, login, payments and security.
• Analytics cookies: Used to understand site usage (Google Analytics or equivalent).
• Preference cookies: Remember user settings.

Consent

Visitors can accept or decline analytics cookies.
Essential cookies cannot be disabled.

Data Collected

• IP address
• Browser type
• Device data
• Time spent on pages
• Actions taken on the site

This data is processed under legitimate interests.

How to Control Cookies

Users can disable cookies via browser settings

Lawful Basis for Processing

We process your data on the following lawful bases:

• Contract – to provide membership services, manage subscriptions, communicate operational updates and administer your account.
• Consent – for marketing communications.
  Legitimate Interests –
  • Ensuring site security and fraud prevention
  • Improving member experience
  • Tracing lost shareholders
  • Maintaining accurate membership records
  • Legal Obligation – keeping necessary financial and compliance records

How We Use Your Data

We use your data to:

• Provide membership services
• Manage subscription payments
• Communicate updates, governance activity and operational messages
• Respond to enquiries
• Build and maintain accurate shareholder engagement records
• Improve our services
• Comply with legal duties
• Deliver share tracing support and related services

We never sell personal data.

Sharing Your Data

We share data only with:

• Stripe (payment processing)
• Email service providers
• Website hosting providers
• CRM or membership management platforms
• Professional advisers (legal/accounting)
• Regulators or authorities where required by law

All third-party processors are bound by data processing agreements.
Some providers may process data outside the UK/EEA, in which case CST uses standard contractual clauses and equivalent safeguards.

Data Retention

We retain your data only for as long as necessary:

• Membership account data: duration of membership + 6 years
• Payment records: 6 years (legal requirement)
• Communications data: 2 years from last contact
• Cookies: see Cookie Policy above

You may request deletion at any time unless legal obligations require retention.

Your Rights

Under the UK GDPR you have the right to:

• Access your personal data
• Request correction
• Request deletion
• Restrict processing
• Object to processing (including marketing)
• Data portability
• Withdraw consent
• Lodge a complaint with the ICO

Security

We use industry-standard encryption and access controls. Access is restricted to authorised personnel and volunteers under strict confidentiality obligations.

Children

We do not knowingly collect data from children under 16. Any such data will be deleted.

Contact

For privacy requests: trust@celtictrust.net