Clubspark Group Limited (Clubspark) want to make sure all the personal information we have collected about you as part of the delivery of our services is safe and secure. This Policy set outs our commitments to you, in compliance with and beyond the General Data Protection Regulation (commonly known as the GDPR) and explains how we collect, store and use your personal information.
Collecting specific, relevant personal information is a necessary part of us being able to provide you with any services you may request from us or just managing our relationship with you.
As a data processor this privacy notice sets out in detail what information we hold about you (such as your contact details, address, etc.), how your personal information may be used and the reasons for these uses, together with details of your rights. We will provide this privacy notice at the time we collect the personal information from you. The privacy policy of the data controller (venue/coach) should be read alongside this privacy policy.
We will always comply with data protection law. This states that personal information that we hold about you must be:
i) Used lawfully, fairly and in a transparent way
ii) Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with these purposes.
iii) Relevant to the purposes that we have informed you about and limited to only those purposes.
iv) Accurate and kept up to date
v) Kept only as long as is necessary for the purposes we have informed you about.
vi) Kept securely.
Personal data or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). Depending on the circumstances (see section 4 – how we collect your personal information), we may collect, store, and use the following categories of personal information about you:
i) Personal contact details such as name, title, addresses telephone numbers and e-mail addresses
ii) Date of birth
iii) Gender
iv) Medical information
We may collect personal information about users of the platform in a number of different ways.
i) Directly from you - for example, through the booking of a resource (court, table, running group), booking of a course or session (coaching), purchasing or renewing membership or booking an activity at an event.
ii) From someone else acting on your behalf – for example where a parent or guardian has purchased a membership or course for a child. On occasion a data controller may upload your personal information directly i.e. when first setting up a venue on ClubSpark. In these circumstances, you will be requested to provide consent to the use of your personal information prior to any utilisation of the data by Clubspark.
Performance of a contract.
To perform the services, you have requested on acceptance of the terms and conditions of ClubSpark and any other agreements which we enter into with you from time to time or the data controller. For example, to:
i) Process court or other resource bookings
ii) Process coaching sessions, course and programme bookings
iii) Process membership transactions
iv) Process event bookings
v) Set up and process competition data
vi) Set up coaches or volunteers to run coaching programmes
Pursuit of legitimate interests.
In some cases, we may use your personal information to pursue legitimate interests of our own including commercial interests and those with a wider public benefit. In essence our principal legitimate interest is in pursuing our mission of enabling more people to be active through the use of technology. For example, we need to process personal data in pursuit of our legitimate interests to:
i) Market ClubSpark new and premium features to administrators to improve the user experience and encourage new users to ClubSpark;
ii) Operate a customer services team and conduct surveys to improve the service provided by Clubspark;
iii) To make parts of the website easier for you to use by not making you enter your personal information more than once;
iv) Research and statistical analysis. For example, to review participation patterns.
In all instances we will ensure your interests and fundamental rights do not override those interests.
Consent.
Clubspark may also process your personal data on the basis of consent you give, for example to send you certain direct marketing communications.
Compliance with our legal obligations.
In some cases, Clubspark needs to process your personal data in order to comply with its legal obligations. For example, we need to process personal data in order to comply with health and safety legislation, link to suppliers for Disclosure and Barring Services (criminal records) to obtain checks on coaches and volunteer roles (where relevant) for safeguarding purposes, report certain tax information about our financial arrangements with third parties to HM Revenue & Customs and assist with investigations by police and/or other competent authorities.
"Special categories" of sensitive personal data such as medical information requires higher levels of protection. We need to have further justification for collecting, storing and using this type of personal information. The provision of medical information is optional, and we only process this personal information where it is required by a venue or coach to improve your user experience of the course, session or programme provided.
Personal information collected and processed by Clubspark may be shared with the following recipients, or categories of recipients, where necessary:
i) Someone acting on your behalf, for example a parent or guardian who has purchased Membership, coaching course or programmes for you as their child;
ii) Competition organisers and officials involved in competitions you are taking part in;
iii) Your venue, coach, run leader for the purposes of membership, booking a court or other resource; coaching programme or running group;
iv) Our suppliers where they process data on our behalf. For example, payment providers – Stripe or Go Cardless who process your transactions as appropriate, e-mail providers such as Mailjet and Disclosure and Barring service providers.
v) Our clients. For example, national governing bodies where we have a contractual commitment who will utilise the data in pursuit of their legitimate interests.
Information may be sent to your computer in the form of an Internet "cookie" to allow the Clubspark Group Limited servers to monitor your requirements. The cookie is stored on your computer. The Clubspark Group Limited server may request that your computer return a cookie to it. These return cookies do not contain any information supplied by you or any personally identifiable information about you.
Such measures are necessary to allow the Clubspark Group Limited to measure the usability of the systems, which will help in its continuing development to ensure that we understand the requirements of our users. Your browser software should however enable you to block cookies if you wish to. For more information about cookies, please visit www.allaboutcookies.org.
We will keep your information for as long as is necessary for us to fulfil the purposes that we describe in this policy. We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements of the data controller. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.
i) Your duty to inform us of changes
It is important that the personal information we hold about you is accurate and current. Please update your personal records for any changes on a timely basis.
ii) Your rights in connection with personal information
Under certain circumstances by law you have the right to:
• Request access to your personal information (commonly known as a "data subject access"). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
• Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
• Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
• Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
• Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
• Request the transfer of your personal information to another party.
If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please write to us at the contact details below. You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive.
Alternatively, we may refuse to comply with the request in such circumstances. We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
We have put in place measures to protect the security of your information, for example to backup and protect the integrity of our electronic communications and data storage systems. Details of these measures are available upon request.
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
Typically, Clubspark will not transfer your personal data to countries outside the European Economic Area (EEA) with the exception of those clients based outside of the EEA where we will comply with local data protection laws. On the limited occasions when this does occur (for example, because your personal data is stored on an IT system hosted outside of the EEA), we ensure that any such transfer meets the requirements of GDPR, for example because it is necessary for the provision of our products or services to you or for the establishment, exercise or defence of legal claims; or is otherwise subject to prescribed safeguards such as 'model clauses' approved by the European Commission. You can obtain more details of the protection given to your personal data when it is transferred outside the EEA by contacting us using the details below
In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent please write to our Data Protection Officer – see section 14 Contacts. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
We have appointed a Data Protection Officer to oversee compliance with this privacy notice. If you have any questions about this privacy notice or how we handle your personal information or would like to withdraw consent in line with section 13 (Right to withdraw consent) or would like to access, correct, erase, or restrict access to your personal information in line with section 10 please contact the Data Protection Officer
By e-mail: gdpr@clubspark.com
By post: Clubspark Group Ltd, Highland House - 165 The Broadway, Wimbledon, London SW19 1NE
We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.
If you have any questions about data protection or this privacy notice, please contact us.