Privacy Policy

Last updated: 02/08/2025

1. Introduction

The Club Management Portal ("we", "our", "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your personal information in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Data Controller

For the purposes of data protection legislation, Direct IT Services Ltd acts as the data controller for personal data processed through our Club Management Portal service.

3. Personal Data We Collect

We may collect and process the following categories of personal data:

3.1 Account Information

• Name and contact details (email address, telephone number)
• Account credentials (username and encrypted password)
• Club affiliation and role within the club

3.2 Member Data (processed on behalf of clubs)

• Personal details (name, address, date of birth)
• Contact information (email, telephone, postal address)
• Membership details (membership number, type, status)
• Financial information (subscription payments, arrears)
• Proposer and seconder information

3.3 Technical Data

• IP address and browser information
• Login timestamps and usage patterns
• Device information and operating system
• Cookies and similar tracking technologies

4. Legal Basis for Processing

We process personal data on the following legal bases:

• Contract: Processing necessary for the performance of our service agreement with you
• Legitimate Interests: To improve our service, prevent fraud, and ensure security
• Legal Obligation: To comply with applicable laws and regulations
• Consent: Where you have provided specific consent for particular processing activities

5. How We Use Your Personal Data

We use your personal data for the following purposes:

• Providing and maintaining our club management services
• Processing club membership and billing information
• Communicating with you about our services
• Ensuring the security and integrity of our platform
• Complying with legal and regulatory requirements
• Improving our services through analysis and feedback

6. Data Sharing and Third Parties

We may share your personal data with:

• Service Providers: Trusted third parties who assist in providing our services (e.g., hosting providers, payment processors)
• Legal Authorities: When required by law or to protect our rights and interests
• Business Transfers: In the event of a merger, acquisition, or sale of assets

We do not sell or rent your personal data to third parties for marketing purposes.

7. International Transfers

Your personal data is primarily processed within the UK. Where we transfer data outside the UK, we ensure appropriate safeguards are in place, including:

• Adequacy decisions by the UK government
• Standard contractual clauses approved by the UK authorities
• Other appropriate safeguards recognised under UK data protection law

8. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected:

• Account Data: Retained for the duration of your account plus 7 years for legal compliance
• Member Data: Retained as directed by the relevant club, typically for the duration of membership plus 7 years
• Technical Data: Retained for up to 2 years for security and service improvement purposes

9. Your Data Protection Rights

Under UK data protection law, you have the following rights:

• Right of Access: Request copies of your personal data
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data in certain circumstances
• Right to Restrict Processing: Request limitation of processing in certain circumstances
• Right to Data Portability: Request transfer of your data to another service
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Where processing is based on consent

10. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including:

• Encryption of data in transit and at rest
• Regular security assessments and updates
• Access controls and authentication measures
• Employee training on data protection
• Incident response and breach notification procedures

11. Cookies and Tracking

Our website uses cookies and similar technologies for:

• Essential functionality (strictly necessary cookies)
• Performance and analytics
• Security and fraud prevention

You can control cookie settings through your browser preferences. Please note that disabling certain cookies may affect the functionality of our service.

12. Data Breach Notification

In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay and no later than 72 hours after becoming aware of the breach.

13. Children's Privacy

Our service is not intended for children under 16. We do not knowingly collect personal data from children under 16. If you become aware that a child has provided us with personal data, please contact us immediately.

14. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be notified to you via email or through our service. The updated policy will be effective from the date of publication.

15. Contact Information

For any questions about this Privacy Policy or to exercise your data protection rights, please contact:

16. Supervisory Authority

You have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe your data protection rights have been violated: