Privacy Policy

Introduction

PitchPlay (“we”, “us” or “our”) is committed to respecting your privacy and protecting your personal data. This Privacy Policy explains how we collect, use, and safeguard your personal information in line with the UK General Data Protection Regulation (UK GDPR) and other relevant privacy laws.

Who We Are

PitchPlay is a UK-based organisation that provides welfare-focused services and football development programmes to students and young people.

• Business Address: 29 Stonewold Close, Northampton, England, NN2 8QD

• Email: info@pitchplay.co.uk

• Website: https://www.pitchplay.co.uk/

For any privacy-related queries, please contact us at the email address above.

What Personal Data We Collect

We may collect and process the following types of personal data:

• Names and contact details

• Date of birth

• Addresses

• Photographs or video recordings (including CCTV if relevant)

• Information relating to compliments or complaints

• Information relating to sponsorship arrangements

Purposes of Processing

We process personal information for the following purposes:

• To deliver our services and programmes

• To communicate service updates and marketing information

• To comply with legal or regulatory requirements

• To maintain accurate records, manage customer relationships, and support safeguarding obligations

Lawful Bases for Processing

We process your data under the following lawful bases:

• Consent – where we have obtained your explicit permission for specific purposes (e.g. marketing, sharing with third parties).

• Contract – to perform services or take steps prior to entering into an agreement with you.

• Legal Obligation – where processing is required to comply with UK law or safeguarding frameworks.

Legitimate Interests

Although not currently in active use, we are aware that certain scenarios may involve Legitimate Interests. If this becomes applicable, we will ensure a Legitimate Interests Assessment (LIA) is conducted. This will balance our need to process data against any potential impact on your rights and freedoms.

Where We Get Your Data From

We collect data from:

• Directly from individuals (e.g. through forms, emails, phone calls, sign-ups)

• Education providers such as schools, colleges, and universities

• Publicly available sources

• Third parties such as recruitment agencies or professional introducers

Sub-Processors and Third Parties

We use the following systems and providers to support our operations and handle your personal data:

• Wix – CRM and website platform

• Microsoft OneDrive – Secure cloud storage for internal documents

• Tide – For managing business accounts

We may also share data with:

• Organisations we are legally obliged to share data with (e.g. safeguarding bodies)

• Professional consultants

• Selected partners and event organisations with your prior consent

• On occasion, publicly on our website or social media for marketing purposes with your prior consent.

Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required under legal, regulatory, or safeguarding obligations. This will vary depending on the nature of the interaction and the data involved.

 

International Data Transfers

We may share data with organisations based outside of the UK (e.g. international partners who wish to attend our events). In such cases, we:

• Inform the client beforehand

• Obtain their consent before sharing information

• Ensure appropriate protections (e.g. Standard Contractual Clauses) are in place to safeguard data integrity

 

Data Security

We take data security seriously and have implemented technical and organisational measures, including:

• Encryption of data at rest and in transit

• Multi-Factor Authentication (MFA) for access to sensitive systems

• Role-based access controls

• Routine reviews of permissions and staff training on data protection principles

 

Your Rights

You have the right to:

• Access the personal data we hold about you

• Request rectification of inaccurate data

• Request deletion where data is no longer necessary

• Object to or restrict processing under certain circumstances

• Withdraw consent (where applicable)

• Lodge a complaint with the Information Commissioner’s Office (ICO)

How to Complain

If you are unhappy with how your data is handled, you can raise a complaint directly with us. Alternatively, you have the right to lodge a complaint with the UK’s data protection regulator:

​

Information Commissioner’s Office (ICO)
Website: www.ico.org.uk
Helpline: 0303 123 1113
Post: ICO, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

​

​