Data Protection Officer
by e-mail: firstname.lastname@example.org
by post: Floor 2, 41-47 Hartfield Road, Wimbledon, SW19 3RQ
1.1 what information we may collect about you;
1.2 how we will use information we collect about you;
1.3 whether we will disclose your details to anyone else; and
1.4 your choices and rights regarding the personal information you have provided to us.
Please note that the Services may contain hyperlinks to services owned and operated by third parties (e.g. venue or coaches). These third party services may have their own privacy policies and we recommend that you review them. They will govern the use of personal information that you submit or which is collected by cookies and other tracking technologies whilst using these services. We do not accept any responsibility or liability for the privacy practices of such third party services and your use of these is at your own risk.
1. Information We May Collect About You
To provide our Services to you, we collect and process the following information which may include your personal data. "Personal data" or "personal information" means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
Information provided by you when using the Services
We may collect the following information from you:
- Your user ID (where you create a ClubSpark account);
- Contact details: name, title, addresses, telephone numbers and e-mail addresses (compulsory);
- Date of birth (compulsory);
- Gender (optional);
- Password (compulsory);
- Medical information.
Information about you collected from third parties
("Third Party Log In Information")
When you access the Services via a third party social media provider such as Facebook, Google, Microsoft or a sports governing body, we may collect and store personal and non-personal information which is available on that third party social media provider, such as your name, its URL, your User ID, email address and gender information. We will also receive technical data in order to ensure the Services connect to the correct third-party account.
ClubSpark purchase information
When you purchase anything via Sportlabs, we use a third party payment system called Stripe or Go Cardless which transacts all our payments. We have no access to your card payment information.
2. How We Collect Your Personal Information
We may collect personal information about users of the platform in a number of different ways.
2.1 Directly from you - for example, through the booking of a resource (court, table, pitch), booking of a course or session (coaching,runs), purchasing or renewing membership or booking an activity at an event.
2.2 From someone else acting on your behalf – for example, where a parent or guardian has purchased a membership or course for a child. On occasion a venue/coach may upload your personal information directly, i.e. when first setting up a venue on ClubSpark.
3. Our Basis For Processing Personal Data And The Purposes For Which We Use It
The main purpose of processing personal information during the provision of the Service is to:
- process court or other resource bookings;
- process coaching sessions, course and program bookings;
- process membership transactions;
- process event bookings;
- set up and process competition data;
- set up coaches or volunteers to run coaching programs
Where we decide the purpose or means for the processing of the personal data that you provide when using the Services, we are the "data controller" for the purposes of Data Protection law. We have provided further detail on our lawful reason for processing your personal information below.
Performance of a contract. To perform the services, you have requested under the terms of our services agreed between us and other relevant agreements which you enter into from time to time.
Pursuit of legitimate interests. In some cases, we may use your personal information to pursue legitimate interests of our own including commercial interests and those with a wider public benefit. In essence, our principal legitimate interest is in pursuing our mission of enabling more people to be active through the use of technology. For example, we need to process personal data in pursuit of our legitimate interests to:
- understand the effectiveness of our marketing to attract new users and re-engage our current users;
- conduct surveys to improve the service provided by Sportlabs;
- ensure that our Services function properly so that you and other users have the best experience;
- research and statistical analysis (e.g. to review participation patterns).
In all instances we will ensure your interests and fundamental rights do not override those interests.
Consent. Sportlabs may also process your personal data on the basis of consent you give, for example to send you certain direct marketing communications.
Compliance with our legal obligations. In some cases, Sportlabs needs to process your personal data in order to comply with its legal obligations. For example, we need to process personal data in order to comply with health and safety legislation, link to suppliers for Disclosure and Barring Services (criminal records) to obtain checks on coaches and volunteer roles (where lawful) for safeguarding purposes, report certain tax information about our financial arrangements with third parties to HM Revenue & Customs and assist with investigations by police and/or other competent authorities.
5. How We May Use Special Categories Of Personal Information
"Special categories" of sensitive personal data, such as medical information, requires higher levels of protection and further justification for collecting, storing and using this type of personal information.
The provision of medical information is optional, and we only process this personal information where it is required by a venue /coach to improve your user experience of the course, session or program provided.
6. Who We May Share Your Data With
Personal information collected and processed by Sportlabs may be shared with the following recipients, or categories of recipients, where necessary:
- if we are involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via, account message and/or a prominent notice on our website of any change in ownership or uses of this information, as well as any choices you may have regarding this information;
- someone acting on your behalf, for example a parent or guardian who has purchased membership, coaching course or programs for you as their child;
- competition organisers and officials involved in competitions you are taking part in;
- your venue, coach, run leader for the purposes of membership, booking a court or other resource; coaching program or running group;
- our suppliers where they process data on our behalf. For example, payment providers and e-mail providers.
- our clients. For example, national governing bodies where we have a contractual commitment who will utilise the data in pursuit of their legitimate interests;
- we may disclose your information to the extent that we are required to do so by law (which may include to government bodies and law enforcement agencies); in connection with any legal proceedings or prospective legal proceedings; and in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention).
Information may be sent to your computer in the form of an Internet “cookie” to allow the Sportlabs servers to monitor your requirements. The cookie is stored on your computer. The Sportlabs server may request that your computer return a cookie to it. These return cookies do not contain any information supplied by you or any personally identifiable information about you.
Such measures are necessary to allow the Sportlabs to measure the usability of the systems, which will help in its continuing development to ensure that we understand the requirements of our users. Your browser software should however enable you to block cookies if you wish to. For more information about cookies, please visit www.allaboutcookies.org.
8. The Period For Which We Will Keep Your Information
We will only retain your personal information for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting or reporting requirements.
Where we are the data controller, to determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means and the applicable legal requirements. In some circumstances, we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.
9. Rights Of Access, Correction, Erasure, And Restriction
You have the following rights over the way we process personal data relating to you. We aim to comply without undue delay. Where the venue/coach holds and determines the purpose and means for the personal data (and we do not decide these), they are the “data controller” and we are the “data processor”. In these instances, we may forward your request to the relevant controller.
To make a request, please let us know by contacting our Data Protection Officer with the details below.
- Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information and to check that we are lawfully processing it.
- Request correction of the personal information. This enables you to have any incomplete or inaccurate information we hold about you corrected. It is important that the personal information we hold about you is accurate and current. Please update your personal records for any changes on a timely basis.
- Object to the processing data about you. You can request the restriction, termination of processing or deletion of your personal data if:
- you consented to other processing the personal data and have withdrawn that consent;
- there is no longer a need to process that personal data for the reason it was collected;
- the personal data is being processed because it is in the public interest or it is in order to pursue a legitimate interest of Sportlabs or a third party, you do not agree with that processing and there is no overriding legitimate interest the continued processing;
- the personal data was unlawfully processed;
- you need the personal data to be deleted in order to comply with legal obligations;
- the personal data is processed in relation to the offer of a service to a child.
- Obtain a machine readable copy of your personal data, which you can use with another service provider. Where it is technically feasible, you can ask us to send this information directly to another IT system provider if you prefer.
10. Data Security
We will take all reasonable technical and organisational precautions to prevent the loss misuse or alteration of your personal information.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
Please be aware that, although we endeavour to provide reasonable security for information we process and maintain, no security system can prevent all potential security breaches.
11. Transferring Of Data Internationally
Our information is generally stored within the EEA on secure databases.
Where we transfer your information outside of the EEA, normally because our clients are based outside of the EEA (for example, because your personal data is stored on an IT system hosted outside of the EEA), we ensure that any such transfer meets our legal requirements. You can obtain more details of the protection given to your personal data when it is transferred outside the EEA by contacting us using the details below
We have appointed a Data Protection Officer to oversee compliance with this privacy notice. If you have any questions about this privacy notice or how we handle your personal information, please contact the Data Protection Officer:
by e-mail: email@example.com
by post: Floor 2, 41-47 Hartfield Road, Wimbledon, SW19 3RQ
13. Make A Complaint To A Supervisory Authority
If you are unhappy with the way we are processing your personal data, please let us know by contacting us.
If you do not agree with the way we have processed your data or responded to your concerns, an alternative is to submit a complaint to a Data Protection Supervisory Authority: www.ico.org.uk
14. Changes To This Privacy Notice
We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.
If you have any questions about data protection or this privacy notice, please contact us.