Legal
Privacy Notice
How Chester Referees’ Association collects, uses and protects personal information.
Last updated 11 July 2026 · Version 1.1
Overview
This Privacy Notice explains how Chester Referees' Association ("Chester RA", "we", "us" or "our") collects, uses, stores and protects personal information through the Chester RA website, members portal and association activity.
Chester RA is responsible for the personal information it decides to collect and use for its website, membership administration, communications and association activity. Exact organisational details, including any formal legal status or postal correspondence address, should be confirmed by Chester RA and added here when available.
This notice applies to people who contact Chester RA, apply for membership, use the members portal, attend meetings or events, appear in website content, or otherwise communicate with Chester RA.
Personal information we may collect
The information collected depends on how you interact with Chester RA. It may include:
- Name and contact details, such as email address, phone number and address.
- Membership application details, including date of birth, refereeing level, County FA and pathway information.
- Portal account details, including authentication information, email verification status and password reset records.
- Membership records, season registrations, payment confirmation status and internal administration notes.
- Meeting, event and RSVP information.
- Association Officer role information, profile biographies, images and public visibility settings.
- Contact enquiry details and correspondence.
- News, resource or website content submitted to Chester RA.
- Photographs, images and stories where they are supplied for publication or captured as part of association activity.
- Technical information needed to run and secure the website, such as logs, device and browser information, IP addresses, error information and privacy-minimised usage analytics. Nexus Shift analytics records page paths without query strings, a referrer without query strings, anonymous visitor and session identifiers, device type, browser and Core Web Vitals. It does not collect form contents, names or email addresses.
We do not intentionally collect more information than is needed for the relevant purpose.
How we use personal information
| Purpose | Examples of use | Likely lawful basis |
|---|---|---|
| Responding to public enquiries | Reading, routing and replying to messages sent through the contact form. | Legitimate interests, and taking steps at your request before any membership or other arrangement. |
| Membership applications and records | Creating member records, checking eligibility, administering registrations and managing local membership status. | Legitimate interests, performance of a membership arrangement, and legal obligations where applicable. |
| Portal accounts and authentication | Creating accounts, signing members in, confirming email addresses, resetting passwords and protecting accounts. | Performance of a membership arrangement and legitimate interests in secure portal administration. |
| Events and meetings | Managing attendance, RSVPs, event information, posters and follow-up administration. | Legitimate interests and performance of a membership arrangement where the activity is member-only. |
| Association Officer information | Showing current Association Officers, role details and approved public profiles. | Legitimate interests, with consent where a specific optional profile image, biography or other publication needs it. |
| Website administration and security | Hosting the website, preventing misuse, diagnosing errors, maintaining logs and keeping services reliable. | Legitimate interests and legal obligations where applicable. |
| Analytics and performance monitoring | Understanding website performance, page usage and technical issues. | Legitimate interests, unless consent is required for a specific analytics or tracking technology. |
| Emails and correspondence | Sending transactional emails, responding to messages and keeping records of important communications. | Legitimate interests, performance of a membership arrangement and legal obligations where applicable. |
| Photographs, news stories and website content | Publishing member news, event reports, achievements, images and other association updates where appropriate. | Legitimate interests for ordinary association reporting, and consent where the use is optional, sensitive, promotional or otherwise needs explicit permission. |
Consent is not the lawful basis for every form submission. For example, when you send a contact enquiry, Chester RA uses the information so it can respond to your request and manage its legitimate organisational interests.
Where Chester RA introduces optional marketing, publication, photography or similar consent, that consent should be requested separately from general form submission and can be withdrawn later.
Public contact enquiries
When you send a public enquiry, Chester RA collects the information you provide, including your name, email address, topic and message. We use it to understand the enquiry, send it to the right person where needed, and reply.
We may keep a record of the enquiry for a reasonable period so we can manage follow-up, maintain continuity and protect the association if a question or concern is raised later.
Membership and portal accounts
Membership is administered through the Chester RA website and members portal. Application and profile information is used to create your portal account, maintain membership records, administer seasons, support member activity and manage local association operations.
Portal authentication is used to protect access to member-only areas. Passwords should be handled by the authentication provider or secure authentication system and should not be visible to Chester RA administrators in plain text.
Sharing information
Chester RA may share personal information where it is necessary and appropriate, including with:
- Association Officers or authorised administrators who need the information for Chester RA activity.
- Service providers that host, secure, store or send information for the website and portal.
- Professional advisers or authorities where required by law or needed to protect the association, members or the public.
- Football, refereeing or event bodies where sharing is needed for a specific association activity and is lawful.
The codebase confirms use of the following providers:
- Vercel, for website hosting and related platform infrastructure.
- Nexus Shift, for solution-level, privacy-minimised website analytics and performance monitoring.
- Neon, for database services used by the portal and website-backed content.
- Resend, for sending contact and portal-related emails.
- Vercel Blob, for storing uploaded public website and portal media where used.
- OpenStreetMap Nominatim, for address search suggestions when an address lookup is used.
Supplier infrastructure may process or store information outside the United Kingdom. Where this happens, Chester RA should rely on appropriate safeguards, such as supplier contractual protections and any transfer mechanisms required by data protection law.
How long we keep information
Chester RA keeps personal information only for as long as it is needed for the purpose collected, including any legal, accounting, safeguarding, dispute or association-record reasons.
Typical retention considerations include:
- Contact enquiries are kept for a reasonable period after the enquiry is resolved.
- Membership and portal records are kept while someone is a member and for a reasonable period afterwards.
- Event and meeting records are kept for association administration and historical records where appropriate.
- Published news, photographs and officer information may remain online while relevant, unless there is a good reason to remove or update them.
- Security and technical logs are kept for limited periods needed to operate and protect the website.
Chester RA should review retention periods as its portal and records processes mature.
Security
Chester RA uses technical and organisational measures intended to protect personal information. These include limiting access to authorised users, using hosted services with security controls, protecting portal access through authentication, and using secure connections where available.
No website or online service can guarantee absolute security. If Chester RA becomes aware of a personal data incident, it should investigate it promptly and take any required action under data protection law.
Your rights
Depending on the circumstances, you may have the right to:
- Request access to personal information held about you.
- Ask for inaccurate or incomplete information to be corrected.
- Ask for information to be deleted.
- Object to certain uses of your information.
- Ask Chester RA to restrict how information is used.
- Ask for information to be transferred to another organisation where data portability applies.
- Withdraw consent where Chester RA is relying on consent.
These rights are not absolute, and Chester RA may need to keep some information where there is a lawful reason to do so.
To make a privacy request, use the website contact form and state that your message is about privacy or data protection. Chester RA may need to confirm your identity before acting on a request.
Complaints
If you are unhappy with how Chester RA handles your personal information, please contact Chester RA first so the issue can be reviewed.
You can also complain to the Information Commissioner's Office (ICO), the UK regulator for data protection. The ICO website is https://ico.org.uk.
Contacting Chester RA about privacy
Use the Chester RA website contact form for privacy questions, access requests, correction requests or deletion requests. A dedicated privacy contact address or postal address should be added here if Chester RA confirms one.
Changes to this notice
Chester RA may update this Privacy Notice when its website, portal, suppliers, records, legal obligations or association processes change. Material updates should be version-controlled in this repository and the last-updated date should be changed.
Last updated: 2026-07-11.
