Privacy Policy

Introduction
This privacy policy applies to selected companies in the Parken Sport & Entertainment group, i.e. Parken Sport & Entertainment A/S, F.C. København P/S, Parken Services A/S, Parken Ejendomme A/S and F.C. København Kvindefodbold A/S (hereinafter referred to as “F.C. København”, “our”, “us” or “we”). 

F.C. Copenhagen takes the responsibility for your privacy very seriously and we are committed to complying with applicable data protection legislation, including the EU General Data Protection Regulation (“GDPR”).

F.C. Copenhagen is the data controller for the processing of your personal data, and in this privacy policy you will find information about how we process your personal data on our websites, our digital platforms, when you participate in events and shop in our stores.

Please note that our website and apps may contain links to third-party websites/digital platforms. We therefore recommend that you check the privacy policies and procedures of these websites/digital platforms before using them.

What personal data do we process about you and why?

When you make a reservation, book tickets or purchase products from us
When you book a ticket or shop in our stores, we receive various personal data, including:

  • Contact information (including name, email, phone number and address)
  • Details about your purchase (e.g. what and how much you bought, when you bought it, etc.)
  • Information about whether you need special health assistance, etc. when you receive our services 

This information is used solely for the purpose of fulfilling our agreement with you (see Article 6(1)(b) of the GDPR). Where we collect sensitive personal data, our legal basis will be compliance with your specific rights (see Article 9(2)(b) of the GDPR, in accordance with Article 6(1)(b) or (c) of the GDPR).
 

When you attend events
When you attend events, such as football matches and concerts, you may be asked to show identification so that we can validate the authenticity of your ticket and whether you are subject to a quarantine, where we process various personal data:

  • Contact information (including name, email, phone number and address)
  • Details about your purchase (e.g. what and how much you bought, when you bought it, etc.)
  • Information about whether you need special health assistance, etc. when you receive our services

 
The legal basis for this processing is our legitimate interest in preventing ticket fraud and event security (see Article 6(1)(f) of the GDPR). Where we collect sensitive personal data, our legal basis will be compliance with your specific rights (see Article 9(2)(b) and Article 6(1)(b) or (c) of the GDPR).

Our events will be covered by the media, where the media, like us, will take pictures etc. for use in media coverage and marketing. We will always strive not to publish compromising pictures and most pictures will basically be "mood pictures".

The legal basis for this processing of mood images is our legitimate interest in marketing events etc. (cf. Article 6(1)(f) of the GDPR). Where we process individualised images, the legal basis for this processing will be the conclusion of an agreement for use for marketing purposes (cf. Article 6(1)(b) of the GDPR).
 

When your personal information is used for security at events
To create safe conditions when holding events and at the same time prevent criminal offences, your personal data will be registered in our quarantine register if you violate our rules of procedure (offences and criminal offences, etc.), including:

  • Contact information (including name, email, phone number and address)
  • Picture
  • Incident details (circumstances related to violation of rules of order)
  • Social Security Number
  • Quarantine details (data and length)

The legal basis for this processing is our legitimate interest in creating safe conditions when holding events and in being able to enforce the rules of order, as well as being able to assert legal claims (cf. Article 6, paragraph 1, letter f), of the GDPR).

Where we collect CPR numbers, our legal basis will be our legitimate interest in being able to register information about criminal offences, including for the purpose of filing a later police report, etc. (cf. Section 8, paragraphs 3 and 4 of the Data Protection Act).

Automatic facial recognition, where we process biometric data (facial recognition), will be activated at the entrance to and in selected stall and grandstand areas at Parken Stadium for F.C. Copenhagen matches in order to ensure that persons who are temporarily or permanently banned from staying in Parken are not granted access.

A decision as to whether a person is unlawfully attempting to gain access to or staying at Parken Stadium will never be made without human intervention. If a face does not appear in the quarantine system, no information about the person in question will be stored or processed, and the facial recognition function will not lead to unambiguous identification for these persons. However, the surveillance images themselves will be stored, as described in the section “Video surveillance”.

Processing of biometric data is necessary for reasons of essential public interest, cf. the Danish Data Protection Authority's permission (cf. Section 7(4) of the Data Protection Act and Article 9(2)(g) of the GDPR).

When you create a profile
When you create a profile on our website or in our app, you must accept our terms and conditions under which we process various personal data:

  • Contact information (including name, email and phone number)
  • Details about your purchase (e.g. what and how much you bought, when you bought it, etc.)
  • Birthday 

This information is used solely to enable us to fulfill our agreement with you (see Article 6(1)(b) of the GDPR).

When you use our digital platforms (websites, social media and apps)
When you visit our digital platforms (such as our websites, social media and apps), you will transfer the following information to us for technical reasons:

  • The page from which the file was downloaded
  • The name and folder where the file can be found
  • Date and time of the request
  • The amount of data transferred
  • Access status (file transfer, file not found, etc.)
  • Description of the type of web browser used
  • Your IP address

This information is used exclusively to ensure the technical operation of our platforms and for statistical optimization purposes. The legal basis for this processing is our legitimate interest in providing, operating and improving our digital platforms (see Article 6(1)(f) GDPR).

If you participate in satisfaction survey
As part of our follow-up on customer satisfaction, we periodically conduct satisfaction surveys or ask for customer feedback to improve and develop our products, services and marketing - in both cases, we process the following personal data based on general customer data:

  • Contact information (including name, email and address)
  • User behavior from cookies (provided we have received prior consent from you)
  • Information from your social media profiles
  • Details about your purchase (e.g. what and how much you bought, when you bought it, etc.)
  • History of your communication with us
  • Other information you enter in the survey

The legal basis for our processing of your personal data for these purposes is our legitimate interest in conducting the investigation (see Article 6(1)(f) of the GDPR).
 

If you agree to receive newsletters etc. from us
If you consent to receive newsletters etc. from us, we process personal data about you in order to carry out marketing in newsletters via e.g. e-mail, SMS and push messages, where we process your personal data:

  • Contact information (including name, email, address, telephone number)
  • Your preferences, if any

The legal basis for our processing of this personal data is your consent (see Article 6(1)(a) of the GDPR).

When we send targeted marketing to you
We will tailor our marketing materials to you in various contexts, such as in emails, on websites, apps or on social media. The content may be based on the personal information we have collected about you, including:

  • Contact information (including name, email, address)
  • Browsing behavior (including cookies, etc.)
  • Details about your purchase (e.g. what and how much you bought, when you bought it, etc.)
  • History of your communication with us
  • Any answers submitted in connection with competitions

The legal basis for our processing of your personal data for these purposes is our legitimate interest in targeting our marketing (see Article 6(1)(f) of the GDPR).

When we process your personal data for the purpose of marketing our products and services, we may share your personal data with social media etc. (e.g. Facebook). However, this is done solely for the purpose of marketing our products and services on the social media in question. The legal basis for our processing of your personal data for these purposes is also our legitimate interest in targeting our marketing (cf. Article 6(1)(f) of the GDPR).

When you participate in a competition
When you participate in one of our competitions and we may need to contact you as a winner, we process the following personal data:

Contact information (including name, email, address, telephone number)
Correspondence with us
Answer submitted in competition

This data processing takes place so that we can draw a winner of the competition and contact the winner (see Article 6(1)(b) of the GDPR).

Depending on the terms and conditions of the competition, we will publish your name if you have won the competition.

When you, or the company you are employed by, is a tenant in one of our properties, we receive various personal data, including:
Contact information (including name, email, phone number, position and address)
Details and contractual conditions in the concluded rental agreement.
 
This information is used solely to enable us to fulfil our agreement with you or the company you are employed by (see Article 6(1)(b) or (f) of the GDPR).

Security when using our websites and apps, etc.
We monitor user behavior on our websites, apps and in our physical stores in order to ensure an adequate level of security. Therefore, we have implemented a number of technical security measures, including control and logging, where we process:

Contact information (including name, email, phone number and address)
User behavior from cookies (provided we have received prior consent from you)
Details about your purchase (e.g. what and how much you bought, when you bought it, etc.)
 
The legal basis for processing your personal data in such cases is based on our legitimate interests in maintaining security on our platforms and in our physical stores (cf. GDPR, Article 6(1)(f).

Video surveillance
We have installed video surveillance systems in certain areas, both inside and outside the Park, and in our stores, in order to prevent disturbances and ensure compliance with our rules of order, as well as to be able to document security incidents if they occur.

If video surveillance is installed, this will be clearly indicated by signage, where the legal basis for our processing of your personal data for these purposes is our legitimate interest in preventing disturbances and documenting security incidents (see Article 6(1)(f) of the GDPR).

Recordings are stored for up to 30 days but may be stored longer if necessary for the purposes of a filed criminal report, our handling of a specific dispute, or processing the information for crime prevention purposes.

Whistleblower scheme
We process your personal data, which may be of a general, confidential and sensitive nature, including information about your CPR number and criminal convictions, in order to carry out the necessary case processing of the inquiry, as well as with a view to achieving efficient and rational case management, and to be able to keep track of which cases the whistleblower unit has processed (cf. Section 22 of the Act on the Protection of Whistleblowers).

Other treatment
In addition to the various processing activities described above, we may process all of your personal data if it is necessary for the performance of our normal business activities, as well as for the establishment, exercise or defence of legal claims (see Article 6(1)(f) of the GDPR), or if it is necessary for the implementation or preparation of a transaction involving all or part of our business (see Article 6(1)(f) of the GDPR).

Recipients of your personal data and joint data responsibility
We share your personal data with selected companies in the Parken Sport & Entertainment group, i.e. Parken Sport & Entertainment A/S, F.C. København P/S, Parken Services A/S, Parken Ejendomme A/S and F.C. København Kvindefodbold A/S, if we have a legal basis for doing so.

We may also share your personal data with other business partners to fulfill an agreement that you have entered into. In particular, we share personal data with business partners such as partners/sponsors, other sports clubs, ticket issuers or the Danish Football Association (DBU) if you have purchased a ticket for international matches, sports events or concerts, etc., if we have a legal basis for this.

Information about club quarantines (certain sporting events) may be disclosed to other clubs in accordance with the current Executive Order on the Exchange of Information on Private Quarantines, Section 1, Subsection 1.

Authorities
If we receive a request from an authority or a court, we may disclose your personal data to them if necessary for us to comply with our legal obligations.

We may also choose to disclose your personal data to the Police or other authorities where we have a legitimate interest, e.g. in connection with the investigation of serious incidents or otherwise in the event of a violation of our rules of procedure.

Data processors
We also use third parties to store and process personal data on our behalf, such as hosting providers and third-party providers of analytics and marketing tools. These third-party recipients act as data processors under the GDPR. They may therefore only process your personal data in accordance with our documented instructions. In addition, we ensure that the third parties have implemented all necessary security measures to protect your personal data.

Shared data responsibility
In certain cases, we are joint data controllers with our contractual partners/collaborators. You are entitled to request additional information at any time, including a copy of the essential content of the division of responsibilities.

You can also find more about our joint data responsibility under "cookies".

Other
We may also be obliged to disclose your personal data pursuant to legislation or other legal obligations.

Transfer of personal data to third countries outside the EU/EEA
In certain cases, we may also transfer personal data to third countries outside the EU/EEA. Such cases could be, for example, to IT providers or contractual partners. Such transfers will be carried out if one of the following conditions is met:

  • The European Commission has determined that the country in question has an adequate level of protection, or
  • Other necessary safeguards are in place, such as the use of standard contractual clauses adopted by the European Commission or the use of Binding Corporate Rules (BCR) by the data processor or there are exceptions in specific situations, such as in connection with the performance of contracts or consent to specific transfers.

You can view the relevant standard contractual clauses that we use for transfers here. You are entitled at any time to request from us a copy of the necessary or appropriate guarantees to which a given third party is subject.

Mandatory information
Most of the personal data we collect from you is provided voluntarily or in order to enter into or fulfill a contract with us or a third party or to assert a legal claim.

For example, if you need to be registered in our systems, added to the quarantine list, or if we need to fulfill our legal obligations, including the requirements of the Whistleblower Act, we need to be able to identify you. Therefore, it will often be necessary for us to be in possession of your contact information and/or CPR number, etc.

The consequence of not providing us with the personal data may be that we cannot fulfill the stated purposes, including achieving safety at the stadium, fulfillment of the contractual relationship, or that we cannot fulfill our legal obligations.

Storage periods
Personal data you share with us will generally only be retained for as long as is necessary to fulfil the processing purposes outlined above. In cases where the law requires data to be retained for a longer period, we will retain your personal data for a longer period to comply with our obligations. This also applies in cases where we have an individual legitimate interest (e.g. in the event of a legal dispute).

Personal data collected in connection with ordering tickets and other products is stored for up to 5 years after the end of the financial year in which you purchased the ticket or product.

We retain personal data collected for direct marketing as long as you wish to receive material from us and for up to three (3) years after you have notified us that you no longer wish to receive marketing from us.

Personal data collected in connection with competitions and used to select a winner of the competition and to contact the winner will be deleted three (3) months after the winner has received their competition prize, unless there is a legal requirement to retain such data for a longer period.

Personal data collected through the use of our whistleblower scheme will be retained for as long as necessary for the purposes mentioned, including:

  • as long as the investigation is ongoing;
  • if the report turns out to be unfounded, the personal data will be deleted within 6 months of the determination that the report was deemed unfounded; and
  • if a report is made to the police or another authority, the information will be stored for at least as long as the investigation is ongoing with the police/authority.

In other situations, it is specifically assessed whether there are objective reasons to store the personal data and, if so, for how long.

Cookies
On our websites, apps and in our newsletters, we use third-party providers for analytical purposes, to help us optimize our marketing to you and to expand our understanding of our business. We or the third-party providers in question may place "cookies", i.e. text files on your computer or tracking pixels, which analyze how you use our websites, apps or how you interact with our newsletters.

You can opt out of cookies by changing your browser settings. However, please note that if you opt out of cookies, some of the website's features may not be fully usable.

In our cookie policy you can find more information about how we use cookies and joint data responsibility: Cookies | F.C. Copenhagen (fck.dk)

Your rights
When we process your personal data, you have the following rights:

Right to access. You have the right to request access to your personal data and to request to receive a number of information about the processing(s) we carry out.

Right to rectification. You have the right to have inaccurate personal data rectified and incomplete personal data completed.

Right to be deletion. You have the right to request deletion of your personal data.

Right to restricted processing. You also have the right to have the processing of your personal data restricted, so that the personal data may not be processed in any way other than simply being stored.

Right to data portability. Finally, you have the right to receive the personal data that you have provided in a structured, commonly used and machine-readable format for personal use, as well as the right to transfer your personal data to another data controller.

Right to object. You have the right in special situations to object to lawful processing of your personal data, e.g. through direct marketing.

Right to withdraw consent. If our processing of your personal data is based on consent, you may withdraw this consent at any time. However, this does not affect the lawfulness of the processing carried out before the withdrawal. Withdrawal of consent only takes effect from the time you inform us of this.

There may be conditions or limitations to these rights; this depends on the specific circumstances of the processing activities.

If you wish to exercise your rights, you can write to us at fck.dk/dataformular

Complaint
You have the right to complain to the Danish Data Protection Agency, and in this connection we refer toThe Danish Data Protection Agency's website.

Contact
If you have any questions about our processing of your personal information or this privacy policy, please feel free to contact us:

F.C. Copenhagen P/S
CVR No. 43952161
Per Henrik Lings Allé 2
DK-2100 Copenhagen Ø.

kundeservice.fck.dk

We strive to meet a high standard of privacy protection and our policies and procedures are constantly reviewed. We may therefore change this Privacy Policy from time to time.

Last modified on February 12, 2025