No Away Season Tickets because of GDPR (5 Viewers)

hill83

Well-Known Member
GDPRmeme.jpg
 

shmmeee

Well-Known Member
What’s nonsense. GDPR doesn’t say anything about credit card details. They could just store a token from their payment gateway, that’s what we do. Of course businesses can keep payment details, how would any subscription service work otherwise?

Someone in admin needs shooting. No reason at all to stop away season tickets.

Best guess is they just want to stop and have found an excuse people won’t question.
 

shmmeee

Well-Known Member
The only good thing about GDPR is that it's the easiest way to purge your email of all the email from companies you never open, although they don't even need to have asked permission to keep spamming you if you had previously given it.

Depends. Consent has to be informed if that’s the rationale you’re going for. Could be that previous consent doesn’t meet the standard.

But informed consent is only one rationale, if they can prove they have reason to think you’re interested they can send you stuff. Could be you’re consenting to a closely related item or could be you’ve opened similar emails in the past.

Most of those GDPR emails are just a way to see who is live.
 

Nick

Administrator
What’s nonsense. GDPR doesn’t say anything about credit card details. They could just store a token from their payment gateway, that’s what we do. Of course businesses can keep payment details, how would any subscription service work otherwise?

Someone in admin needs shooting. No reason at all to stop away season tickets.

Best guess is they just want to stop and have found an excuse people won’t question.

Would have thought it would be dealt with through Ticketmaster, unless before CCFC had them all written down somewhere and now they have gone to Ticketmaster to ask if they can do it and they can't?
 

ajsccfc

Well-Known Member
This was all based on the worst training day I've ever had, but it was something like if you've bought something and therefore agreed to receive promotional emails, they didn't need to do anything or check if you're still cool as it's a consensual contract. I'll be honest though, the only thing I actually remember properly from it is which countries are part of the EEC but not the EU, and that question didn't even come up on the stupid fucking exam.

EDIT: EEA not EEC, can't even remember that part
 

JimmyHillsbeard

Well-Known Member
What’s nonsense. GDPR doesn’t say anything about credit card details. They could just store a token from their payment gateway, that’s what we do. Of course businesses can keep payment details, how would any subscription service work otherwise?

Someone in admin needs shooting. No reason at all to stop away season tickets.

Best guess is they just want to stop and have found an excuse people won’t question.

Exactly. I was just thinking how come iFollow (which stores cc details and rolls over payment from year to year) is unaffected and the away season ticket scheme has to be scrapped?
 

Nick

Administrator
Exactly. I was just thinking how come iFollow (which stores cc details and rolls over payment from year to year) is unaffected and the away season ticket scheme has to be scrapped?

Would guess that uses the EFL's system for payment and all of that is looked after by iFollow rather than CCFC.
 

David O'Day

Well-Known Member
From the hours of having to sit through GDPR sessions at work these is bubbles, they can store your payment details and still comply with GDPR. As someone above said it's a way of stopping something they didn't fancy running anymore and deflecting the blame.
 

MatthewWallis

Well-Known Member
Exactly. I was just thinking how come iFollow (which stores cc details and rolls over payment from year to year) is unaffected and the away season ticket scheme has to be scrapped?

Would guess that uses the EFL's system for payment and all of that is looked after by iFollow rather than CCFC.

iFollow probably uses a CPA which uses the 16 digit number on your card not all of the card details, so there isn't a need to store the expiry date and 3 digit code. The away season tickets will be the club manually have the card details somewhere and entered by a person manually each time which works completely differently.

It's probably the club covering themselves just incase, as no one wants to be on the receiving end of a GDPR fine
 

Nick

Administrator
Which would show CCFC and Ticketmaster can take recurring payments legally

It would depend on how they were doing it before (CCFC) as to whether that's still viable.

Did the payments used to go through Ticketmaster or CCFC?

If somebody at CCFC had card details in a spreadsheet and ran them through manually every time for example it's completely different.
 

shmmeee

Well-Known Member
This was all based on the worst training day I've ever had, but it was something like if you've bought something and therefore agreed to receive promotional emails, they didn't need to do anything or check if you're still cool as it's a consensual contract. I'll be honest though, the only thing I actually remember properly from it is which countries are part of the EEC but not the EU, and that question didn't even come up on the stupid fucking exam.

EDIT: EEA not EEC, can't even remember that part

I’ve been on the phone with the ICO a lot. It’s a lot more permissive than people think.
 

shmmeee

Well-Known Member
It would depend on how they were doing it before (CCFC) as to whether that's still viable.

Did the payments used to go through Ticketmaster or CCFC?

If somebody at CCFC had card details in a spreadsheet and ran them through manually every time for example it's completely different.

If they were doing that then they were in breach of PCI DSS anyway. That’s why most people use a payment gateway to handle PCI compliance and they just store a token.
 

Nick

Administrator
If they were doing that then they were in breach of PCI DSS anyway. That’s why most people use a payment gateway to handle PCI compliance and they just store a token.

Yep, that's why I wasn't sure how they were doing it before to be able to tell.

They could have easily made a database of away season ticket holders and stored a token from a payment processor and then just run a script to bill them all an amount with that payment processor every time.
 

David O'Day

Well-Known Member
It would depend on how they were doing it before (CCFC) as to whether that's still viable.

Did the payments used to go through Ticketmaster or CCFC?

If somebody at CCFC had card details in a spreadsheet and ran them through manually every time for example it's completely different.

Spreadsheet? As Shmmeee says there were already PCS regs on on card protection when taking card payments.
 

Nick

Administrator
Spreadsheet? As Shmmeee says there were already PCS regs on on card protection when taking card payments.

It was just a very loose / extreme example, I have no idea how they were doing it before.

I'm also not sure how it ties in with Ticketmaster as you would have thought it would need to go through them.
 

shmmeee

Well-Known Member
Regardless, everyone on whatever database they’re using has consented and is clearly interested in the services CCFC are supplying and also has an existing business relationship with CCFC. There’s no reason GDPR would stop them doing what they’re doing.
 

Terry Gibson's perm

Well-Known Member
So will people have to get the individual tickets through the useless ticket master and be charged every time.

I had the misfortune of having to ring them regarding the play off tickets and just got my mobile bill which was £15 more than normal as they kept me on hold for half an hour
 

Sick Boy

Super Moderator
Digital marketing is a massive pain,

Signed everyone else

:p

Hahaha I mostly do Organic so I make your lives better ;) I do some FB ads as well sometimes though, hence why i got rid of it years and years ago. ;)
 
Last edited:

Nick

Administrator
Regardless, everyone on whatever database they’re using has consented and is clearly interested in the services CCFC are supplying and also has an existing business relationship with CCFC. There’s no reason GDPR would stop them doing what they’re doing.

I can't see why Ticketmaster wouldn't be able to process it somehow as well.

Even just a setting on a person's account so everytime away tickets get added for sale it automatically orders them for that person and job done.
 

I_Saw_Shaw_Score

Well-Known Member
Don’t get this, surely the T&C & privacy agreement would say to the customer (the fan) we will need these details to do this with your details, pass them on to these (opposition club?)you can opt out anytime you wish.

I don’t get what’s changed from what they’ll already be doing apart from being maybe more transparent with the customer?
 

Nick

Administrator
Why do they need to give the away season ticket holder details to the other clubs? Surely it's just the same as a normal fan buying away tickets?
 

Users who are viewing this thread

Top