Read our Privacy Policy below or download it here.

1. DEFINITIONS

Data Subject (or “you”)

Means an identified or identifiable natural person.

Personal Data

Means all information about an identified or identifiable natural person.

Personal Data processing

Any operation or set of operations, whether or not performed using automated processes, applied to personal data or sets of data.

Data controller

The natural or legal person, public authority, department or other body which, alone or jointly with others, determines the purposes and means of the processing operation.

Legislation Personal Data

Means (i) the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data, and repealing Directive 95/46/EC as from 25 May 2018, hereinafter referred to as General Data Protection Regulation or GDPR (ii) the Belgian law of 30 July 2018 on the protection of natural persons with regard to the processing of Personal Data and (iii) every other current or future applicable legislation concerning or having an impact on the privacy and on the processing of Personal Data.

2. IDENTITY AND CONTACT REFERENCES OF THE CONTROLLER

2.1. We attach great importance to the protection of your privacy and Personal Data. This Privacy Policy describes how we will process your Personal Data. Please note that we will only process your Personal Data within the European Economic Area.

2.2. SRL Royale Union Saint-Gilloise (“We”, “Us”, “Our”, “RUSG” or the “Club”) is a Belgian company having its registered office at Chaussée de Bruxelles 223 at Forest (1190), registered with the Crossroads Bank for Enterprises under number 0417.144.936. For questions regarding our Privacy Policy, please send an e-mail to privacy@rusg.be. Our (remaining) contact references are available on our website: www.rusg.brussels.

2.3. We qualify as a controller, as defined in the Legislation Personal Data, regarding the processing of your Personal Data for the purposes defined in this Privacy Policy.

3. PERSONAL DATA

Personal data which is shared with RUSG can be divided in 4 categories:

– Category 1: users without registration (your IP address);

– Category 2: users with registration (e.g. on newsletter): your e-mail address;

– Category 3: users having a club ID/RUSG profile: personal data, invoice data and preferences (e.g. for fanshop and ticketing);

- Category 4: individuals contacting the club, applicants, suppliers, …: personal data, invoice data and preferences (e.g. for fanshop and ticketing).

You can visit the RUSG website(s) without communicating any personal information about yourself. You are under no obligation to transmit such information to us if you simply consult the website(s). However, you may not be able to take advantage of certain information, features and/or services offered by RUSG through one of its websites if you choose not to provide certain specific personal data about yourself required by our forms.

Consequently, the categories of personal data that we are likely to process concerning you are as follows:

• Personal data and contact details: name, address, e-mail address, mobile phone number, landline telephone number, title, gender, date of birth, place of birth, etc.;
• ID Personal details: title, gender, surname, first names, date (and place) of birth, national register number, ID photo, personal address, etc.;
• Government identification data, subject to applicable laws and regulations: name, address, e-mail address, mobile phone number, landline telephone number, company informations (eg. UBO register,…) etc. ;
• [VC1] Financial information and account details (such as bank account number, credit card number, account details, financial transactions, financial means, credit history, credit reference information and other financial information);
• Marketing preferences, marketing activities and customer comments;
• Information on online activities;
• Transactional data (IP address, connection dates and times, web browser used, ... );
• Security (password);
• Hobbies and interests :
  • Fan data (fan club, club name, hobbies, interests, etc.);
  • Sports data (current and past clubs, sports qualifications, sports experience, etc.);

• Professional and educational data (current job, employer, business sector, professional associations, academic curriculum, professional qualifications, professional experience, etc.);
• Lifestyle (mobility habits, information on purchases, consumption of goods and/or services, content of orders, individual (fan) behaviour,  product returns, etc.);
• Physical description;
• Data relating to physical health;
• Image.

We are also likely to process any other information communicated voluntarily when using RUSG services or making any request made on one of the websites, but also when participating to surveys and/or contests launched by RUSG. This data is processed in accordance with this Privacy Policy, the provisions of the GDPR and the law of 30 July 2018 on the protection of individuals with regard to the processing of personal data. The processing of this data by the club does not involve automated decision-making.

We gather your Personal Data in different ways:

- By using cookies;

- When registering to RUSG website (ticketing and fanshop), newsletter, contact forms, participating in surveys or contests and using the website or engaging with RUSG social networks.

Cookie List

A cookie is a small text file containing data that a website (when a user visits it) wants to store on your device in order to remember information about you, such as your language preference or login information. These cookies are set by us and are called internal cookies. We also use external cookies. These are cookies from a different domain than where you are located. We use them for advertising and marketing purposes. In particular, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

These cookies are necessary for our website to work correctly and are therefore placed without your permission. For example, we use them to register your consent. We do not collect any personal data with these cookies and never pass the collected information on to third parties.

Performance Cookies

We always want to continue to improve our website and services. Analytical cookies are a useful tool in this regard. They give us information such as the number of visitors to our website, which pages are the most popular, etc. However, we never post them without your permission, but of course we would really appreciate it if you give us your permission.

Functional Cookies

We are happy to offer you additional functions and personal settings so that you have the best browsing experience. Functional cookies help us a long way. Among other things, they allow us to remember your language choice. Unfortunately, certain functions of our website will not work without your permission.

Targeting Cookies

These cookies are placed for marketing purposes and are used to track your surfing behaviour after you have visited our website and/or to show you personalized advertisements. These cookies may be placed on our website by us or by third parties. You always decide whether you give permission for the placement of such marketing cookies.

4. PURPOSES OF PROCESSING

4.1. We will process your Personal Data for the following purposes and the corresponding legal grounds:

Personal Data

Purposes of processing

Legal ground

Personal data and contact details

• The sale of (football) tickets and products from the Web shop and on-site Fan shop.

• Sending direct marketing e-mails or surveys related to products or services of the club or associated partners.

• Stadium visit and safety and security during football matches.

• Execution of the agreement.

• Consent and/or Soft-Opt-In (see further point 4.4.) to inform internal club decisions, strategy and direction.

• Belgian law of 21st of December 1998 regarding safety and security at football games.

Personal data and contact details, in particular all personal details on the ID card or passport, including but not limited to ;

• surname;
• first names;
• date (and place) of birth;
• national register number;
• ID photo;
• personal address;
• …

• The sale of (football) matches tickets.

• Stadium visit and safety and security during football matches.

• Execution of the agreement.

• Belgian law of 21st of December 1998 regarding safety and security at football games.

Personal data and contact details

• Profiling as sending direct marketing e-mails in connection with products or services of the club or affiliated partners and based on the following logic : We will bundle data that we obtain directly from you with data that we obtain from the Pro League to determine your area of interest.

• Profiling/grouping responses to inform internal club decisions.

• Consent

• Consent

Transactions details

• The sale of (football) tickets and products from the Web shop and on-site Fan shop.

• Stadium visit.

• Execution of the agreement

• Belgian law of 21st of December 1998 regarding safety and security at football games.

Preferences

• Use of the website.
• Prize draws.

• Justified interest
• Consent

Data concerning health, (im)mobility or disabilities (physical or mental)

• The sale of (football) tickets.
• Stadium visit and safety and security during football matches.

• Processing refers to personal data that have apparently been made public by the data subject (article 9.2., e) GDPR)

Name, contact details, address, proof of shareholdership, proof of successorship

• Identification of shareholders and correct registration of shareholders in the share register
• Contacting shareholders or successors of deceased (former) shareholders regarding information relating to the shares or the club
• Enabling shareholders to exercise their shareholder rights
• General corporate administration

• Code of Companies and Associations, including article 5:25 of said Code

• Consent[VC2] 

Personal data and contact details of natural and legal persons, including but not limited to ;

• Name;
• Date (and place) of birth;
• ID photo;
• Company information (including statutes, bank certificate,…);
• UBO register;
• Group structure;
• …

• Prevention and detection of money laundering, related predicate offences and terrorism financing

• Justified interest and legal obligation
• Belgian Law of the 18th of September 2017 on the prevention of money laundering and terrorist financing and on the restriction of the use of cash (art. 64, 65,…)
• Royal Decree of the 20th of March 2023 implementing the AML Law of the 18th of September 2017

Personal data and contact details of natural and legal persons of the whistleblower and of any person to whom the protection and support measures extend, as well as of the person concerned

• Protection of persons who report breaches of Union or national law within a private-sector legal entity

• Belgian Law of the 28th of November 2022 on the Protection of persons who report breaches of Union or national law within a private-sector legal entity (art. 21

The purposes of processing of the personal data that is shared with the club are based on the following legal grounds:

• Consent : article 6.1 (a) GDPR;
• Execution of the agreement / necessity for the performance of a contract: article 6.1 (b) GDPR;
• Legal obligation: article 6.1 (c) GDPR;
• Legitimate and justified interest: article 6.1 (f) GDPR.

4.2 We will inform you beforehand if we intend to process your Personal Data for other purposes than the purposes indicated in this Privacy Policy.

4.3 For certain purposes, as stated above, you give your consent to us by explicitly agreeing to a certain processing (e.g. by ticking a box when registering and/or purchasing tickets with further information about a certain processing).

4.4 We can use your Personal Data to send you information. Sending direct marketing via e-mail, for example, is permitted in some cases without permission because we have obtained your electronic contact details directly from you in the context of the sale of products or services and because our commercial messages relate to our own similar products or services (“Soft-opt-in”).

4.5 As stated above, some cases of processing of Personal Data will occur based on the legal ground “execution of the agreement”. Based on this legal ground, the processing of your Personal Data is necessary in order to conclude and execute an agreement with you. The execution of an agreement will in that case qualify as a legal ground for the processing of Personal Data (as opposed to your permission). In such a case, we cannot execute the agreement if you object to the processing of your Personal Data.

4.6 Certain processing of the Personal Data will be processed by the club, inter alia, based on the Law of 21 December 1988 concerning the safety and security at football games, which serves as a legal ground for such processing. In these cases, the club processes the Personal Data for the performance of its legal obligations regarding safety and security at football matches.

The following legal bases are, among others, also legitimate grounds for the collection of Personal Data:

• Law of 18 September 2017 on the Prevention of Money Laundering and Terrorist Financing (AML legislation) jointly with the Act approving the regulation made in implementation of the law of September 18, 2017 on the prevention of money laundering and terrorism financing and on limiting the use of cash, concerning top-level professional soccer clubs.
• Act on the protection of persons who report infringements of Union or national law detected within a legal entity in the private sector of 28 November 2022 (Whistleblowing legislation).
• Code of Companies and Associations, including article 5:25 of said Code.
• …

5. RECIPIENTS OF PERSONAL DATA

5.1. We may pass on your Personal Data to affiliated or associated companies, suppliers, service providers, solely in connection with the purposes stated in article 4 of this Privacy Policy, such as but not limited to sponsors, direct marketing service providers etc. We may pass on your Personal Data to the Pro League, insofar you have given your explicit permission for this (see further in article 5.5).

5.2. Our service providers include, but are not limited to, IT service providers, marketing agencies, etc.

5.3. We may also pass on your Personal Data to third parties if we are required to do so on the basis of legal provisions or decisions of courts, administrative or regulatory authorities.

5.4. In the event of a total or partial reorganization or transfer of our organization, we may also pass on your Personal Data to (un)related third parties.

5.5. To the extent that you have agreed that we will pass your Personal Data to the Pro League for its direct marketing purposes, you acknowledge that we, together with the Pro League, will act as ‘joint controllers’ for this specific processing. This processing consists of the joint controllers sending your Personal Data to each other, if you have explicitly consented (via an opt-in box), via the same CRM-database.

5.6. Regarding the rights that you can exercise under the GDPR with regard to this processing (including under articles 13 and 14 GDPR), you can address this to us (see contact details in article 7.8).

6. PERIOD DURING WHICH WE WILL STORE PERSONAL DATA

Your personal data will be retained by us for the following period:

1. For the entire duration during which you use our services.
2. For as long as necessary for the aforementioned purposes.
3. For as long as we are legally obliged to keep your Personal Data.

Relevant Data Subject

Retention period

Category 1 (users without registration)

Data from users of the RUSG website and smartphone application, are kept for up to 2 years after the last visit or use of the Website or smartphone application.

Category 2 (users with registration)

Data from people who have created an account through the RUSG website or smartphone application will be kept for maximum 2 years after the deletion of the account.

Category 3 (users having a club ID/RUSG profile)

Data from RUSG ID users will be kept for up to 5 years after the last season the RUSG ID was used.

Category 4 (individuals contacting the club, applicants, suppliers, …)

• Data from persons who contact RUSG through the Website, by e-mail, by telephone or by any other means are kept for 2 years after the last contact.
• Applicant data will be kept for 6 months after the last qualitative contact with you as an Applicant.
• Supplier records are kept for 7 years after the termination of the supplier's services.

[VC3] Others

• Customers data as defined in the Royal Decree of the 20th of March 2023 implementing the AML Law of the 18th of September 2017 are kept for 10 years from the date of full performance of a contract or, where applicable, the end of the business relationship (art. 8 of the Decree).
• Data as defined in the Whistleblowing Law of the 28th of November 2022 are kept until the infringement is prescribed (art. 8 of the Law).
• Data as defined in the Law on safety at football matches of the 21st December 1998 are kept for 3 months, or 6 months if the the data is used to draw up a report on facts, offences and breaches (art. 10novies of the Law).

We will review abovementioned retention periods for your Personal Data at regular intervals and will in any case delete your Personal Data after a period of five (5) years after the expiry of the last of abovementioned periods.

7. YOUR RIGHTS

7.1. In accordance with the provisions of the Legislation Personal Data you have the right to request access to, correction or deletion of your Personal Data.

7.2. You have the right to withdraw your consent at any time. The withdrawal of your consent does not affect the lawfulness of the processing based on the consent prior to the withdrawal thereof.

7.3. You have the right to request the limitation of the processing of your Personal Data or to oppose the processing of your Personal Data or make objections to it.

7.4. With regard to the processing consisting of profiling, which we carry out based on e.g. your Personal Data, you have the right to object to this processing free of charge and at any time.

7.5. You can object at any time to continue receiving our direct marketing messages by clicking on “UNSUBSCRIBE”. The “unsubscribe” option is provided in every direct marketing email.

7.6. You have the right to obtain your Personal Data in a structured, current and machine-readable form and to have it transferred to another controller.

7.7. You have the right to file a complaint with the supervisory authority (in Belgium the Data Protection Authority, https://www.gegevensbeschermingsautoriteit.be or https://www.autoriteprotectiondonnees.be/citoyen) or any other governmental body that replaces the Belgian Data Protection Authority.

7.8. You can exercise the abovementioned rights by:

• sending a request to privacy@rusg.be ;
• via a similar technical solution implanted on the website or in the e-mails you receive from RUSG;
• sending a postal mail to the attention of the Privacy Officer at the following address:

Royale Union Saint-Gilloise SRL

Stade Joseph Marien

Chaussée de Bruxelles 223

1190 Forest, Belgium

8. MODIFICATIONS TO THIS PRIVACY POLICY

We reserve the right to modify this Privacy Policy at any time. We will announce any modified version of this Privacy Policy and, where appropriate, request your consent in accordance with the provisions of Article 4 of this Privacy Policy.