Privacy Policy
Privacy Policy
Super Star Sport UK Privacy Statement
The Purpose of this privacy statement is to explain, in general terms, how Super Star Sport
(SSS) processes your personal data from the moment it is collected to the point it is deleted or
destroyed. It is written for anyone who is making an enquiry about one of SSS’s services or making a booking for a course. Other ‘specific to customer’ privacy notices will be provided when needed.
The personal data processed by SSS will only be basic contact information such as names,
addresses, telephone numbers and an email address to be able to respond to your query. If you are
booking a course for a child, SSS will need additional information about the child which will
include health related data, sufficient to complete the booking. SSS will
also collect minimal financial details for the purposes of recognising payments for activities.
The way we collect or receive your personal data is directly from you when you make your initial
enquiry either through the web page contact form, a direct call, by email or the result of a visit to
our premises.
SSS’s duty of confidentiality means that SSS staff will treat your personal data in confidence. SSS
uses reasonable technical and organisational measures to ensure personal data is safe guarded.
Access is strictly limited to those members of staff who need it. SSS expects the same duty of
confidentiality of all third parties with whom we need to share your personal data for the purposes
of fulfilling our contractual obligations to you. They are required to enter into a separate data
processing agreement with us when they have the role of data processor unless the equivalent
clauses are already included in our contract with them.
SSS will process personal data using a lawful basis; such instances are described below:
• When we have a legitimate interest to respond to your general enquiry regardless of how it
reached us in the first instance
• When we have a legitimate interest to use your contact details, as a former and/or current
customer, to send you a newsletter with updates about our services
• When we have a legitimate interest to record your images using CCTV equipment
positioned around SSS’s offices, should you have reason to visit
• When we have your consent in the situation where you have not been a customer of ours
before, in order to send you a newsletter with updates about our services
• When we have your explicit consent when we need to process special category data such as
medical/health related data needed to support activity applications
• To fulfil our contractual obligations to you either as a customer for the purposes
of delivering the service(s) you have asked of SSS
• To comply with our legal obligations
SSS will never sell your personal data and will only disclose it when it’s absolutely
necessary, to some or all of the following third parties:
• Company accountant and the legal firm appointed by SSS
• HMRC for invoice related activities
• The franchise(s) that run the activities
• Sub-contractors appointed by SSS, subject to a data processing agreement or
equivalent commitment to confidentiality
SSS will process your personal data at its UK premises and utilises Microsoft Azure cloud (UK) for
back up services. This website is hosted at a UK based data centre. We use HubSpot purely for
marketing purposes which is US based and this is subject to the equivalent data safeguarding
measures as the former EU-US Privacy Shield Agreement.
SSS follows a retention schedule to determine the length of time it holds different types of personal data of the customer. The key points of the schedule are shown below:
• If you make an enquiry about a service that you subsequently choose not to use, we
will routinely delete any information we have collected about you 36 months
• If you make an enquiry about a service that generates a quotation that does not result in an
order, we will retain your contact details indefinitely, unless you ask us to delete it
• If you are or have been a customer, we will retain the details of your order, including your
contact details, indefinitely, unless you ask us to delete them. If we don’t have another over
riding legal basis for processing, we will fulfil your request
• If we have your consent to hold your contact details, we will retain them until you notify us
that you want to withdraw your consent
• For financial records and invoices, which include your personal data, these will be retained
for 6 years after the end of the current tax year of processing
• Personal data collected about children is not retained beyond their 12th birthday unless
separate consent has been granted by the parent for specific activities
By exception, documentation that includes your personal data may be retained by SSS beyond
the schedule, but only for a specific purpose and only when SSS believes there is a legitimate interest or has a legal obligation to do so. None the above affects your rights stipulated under the UK GDPR
(see below).
At the end of the retention schedule SSS will either return, destroy or delete/ anonymise your
personal data and any associated emails or relevant documentation. If it is technically impractical to do so, we will put it beyond operational use. It allows up to 3 months after the retention criteria has expired to do this.
The SSS website uses cookies (and similar technologies) with your permission when this is needed
and does not attempt to identify individuals who visit the website. For further details please
read the SSS cookie policy, a link to which can be found at the foot of the homepage.
CCTV is in operation at SSS s office premises primarily to safeguard the location but also for the
safety and wellbeing of SSS staff, contractors and any other visitors.
The UK General Data Protection Regulation defines the rights that you have (although these do not apply in all situations). For convenience, these rights are shown below:
• Right to be informed as to how your personal data is being processed by SSS – this is
done through this privacy policy and/or separate SSS privacy notices when appropriate
• Right to access your personal data held by SSS which is done by making a ‘Data Subject
Access Request’ (DSAR) to the SSS privacy officer
• Right to rectification of your personal data if you believe SSS has collected it incorrectly or it
needs to be updated
• Right to erasure of your personal data for which SSS no longer has an overriding lawful basis
with which to process
• Right to restrict processing under certain circumstances, during which time your personal
data will be out of operational use until the related matter is resolved
• Right to data portability in a machine-readable version of the personal data you have
provided to us, but this only applies to data provided with your consent or under contract
• Right to object to SSS processing your personal data when it does not relate to a legal or
contractual obligation
• Rights related to automated decision making and profiling (however SSS does not use these
techniques in its decision making)
• Right to withdraw your consent at any time to any service for which have previously sought
and obtained your consent as the lawful basis for processing your personal data
Further details on data subjects’ rights can be found on the Information Commissioner’s Office (ICO) website: https://ico.org.uk.
Exercising rights or making queries to SSS can be done by contacting the Privacy Officer. We will
need to confirm your identity before proceeding with any request, therefore it may be necessary
to ask you to provide documentation to verify your identity. If you have any concerns about the way we are processing your personal data, please contact the Privacy Officer in the first
instance. Alternatively, you may also contact the ICO directly using the details found on the ICO
website.
In the event of a takeover or acquisition, the personal data SSS holds will form part of the assets of the organisation to be taken over by the new company, but only used for the same or similar
purpose. If this happens, we will notify you using the latest contact details held.
This privacy statement is subject to a routine review every 12 months or sooner if there
are significant changes to UK/EU legislation.