Privacy Policy

How we collect, use, share and protect personal data — including the data of children — on the Summit Badminton platform.

Last updated: [DATE LAST REVIEWED] · Version: draft for review

Draft — not yet legally reviewed. This Privacy Policy is a good-faith working draft describing how Summit Badminton processes personal data. It has not been reviewed by a qualified data-protection professional and must not be relied upon until it has been. Because the Platform processes children's personal data, a Data Protection Impact Assessment and professional review are strongly recommended. Items in [SQUARE BRACKETS] are placeholders to be completed by the operator (legal entity, ICO registration, retention periods, DPO details, etc.).

1. Who we are (the controller)

Summit Badminton ("the Platform", "we", "us") at summitbadminton.com is operated by [COMPANY LEGAL NAME], registered in [COUNTRY OF REGISTRATION], company number [COMPANY NUMBER], registered office [REGISTERED ADDRESS]. We are registered with the Information Commissioner's Office under [ICO REG NO.]. Our contact for privacy matters is info@summitbadminton.com [/ DPO NAME & CONTACT, if appointed].

Where a club uses the Platform to manage its members, the club and the Platform operator may act as joint or independent controllers depending on the activity. The specific allocation of controller/processor responsibilities is set out in [CLUB DATA-PROCESSING AGREEMENT].

2. The data we collect

  • Account data: name, email address, password (hashed), role, club, and for parents a contact phone number.
  • Player profile data: date of birth, gender, country/region, and federation membership numbers where provided.
  • Coaching data: training plans, attendance, session notes, development goals, and assessment scores on the Summit Player Assessment Framework, including coach and self-assessments and AI-generated overviews.
  • Communications data: messages, announcements and read receipts sent through the Platform, and moderation/report records.
  • Technical data: session/authentication cookies, device and browser information, and (if you opt in) web-push subscription details.

3. Children's data

The Platform is designed for clubs that coach children and young people, including those under 16 and under 18. We process children's data to deliver coaching, scheduling, assessment and safeguarding functions. Where required, a parent or guardian registers, provides consent and supervises the child's use. Communications with under-16 players are routed through a parent/guardian, and parents manage communication consent per child. We apply data-minimisation and safeguarding-by-design principles to children's data and [DESCRIBE ANY ADDITIONAL CHILD-SPECIFIC SAFEGUARDS / AGE-VERIFICATION MEASURES].

4. Why we use it and our legal basis

  • To provide the Platform (accounts, plans, calendars, assessments) — performance of a contract / legitimate interests / the club's instructions.
  • To send notifications by email and (optionally) web push — consent and/or legitimate interests.
  • To keep people safe (safeguarding, moderation, escalation) — legitimate interests and legal obligation.
  • To secure and improve the Platform — legitimate interests.
  • Children's data and any special-category data — handled on the basis(es) at [CONFIRM LAWFUL BASIS / SAFEGUARDING CONDITION].

5. Who we share it with (processors)

We use trusted third-party service providers to run the Platform. They process data on our instructions under data-processing terms:

  • Render — application and database hosting.
  • Resend — transactional and notification email delivery.
  • Cloudinary — image storage and delivery.
  • Web-push services — browser/OS push providers used to deliver push notifications you have opted into.
  • AI provider[AI PROVIDER NAME — e.g. OpenAI], used to generate training-plan and assessment overviews.

Some providers may process data outside your country. Where that happens we rely on appropriate safeguards such as [TRANSFER MECHANISM — e.g. Standard Contractual Clauses / UK IDTA / adequacy]. We do not sell personal data.

6. How long we keep it

We retain personal data only as long as needed for the purposes above and to meet legal obligations. Indicative periods: accounts and coaching records — [RETENTION PERIOD]; communications and moderation records — [RETENTION PERIOD]; safeguarding records — [RETENTION PERIOD]. When no longer needed, data is deleted or anonymised.

7. Your rights

Subject to applicable law, you (or, for a child, their parent/guardian) have rights to access, rectify, erase, restrict or object to processing, and to data portability, and to withdraw consent where processing relies on it. To exercise these, contact info@summitbadminton.com. You also have the right to complain to a supervisory authority — in the UK, the Information Commissioner's Office (ico.org.uk); in the Republic of Ireland, the Data Protection Commission (dataprotection.ie) [CONFIRM RELEVANT AUTHORITY].

8. Security

We use technical and organisational measures including hashed passwords, role-based access control, club-scoped permissions, an under-16 communications firewall, and encrypted transport. No system is perfectly secure, but we work to protect your data and to notify you and the relevant authority of a reportable breach as required.

9. Cookies

We use a small number of essential cookies (for sign-in/session) and may use limited functional cookies. See our Cookie Policy for details.

10. Changes & contact

We may update this policy; material changes will be notified by a reasonable means. Questions or requests: info@summitbadminton.com, or by post to [REGISTERED ADDRESS].

Bring Summit Badminton to your club.

Built by coaches, for coaches — one platform for your coaches, your players, and your parents.

Enquire about your club