We are committed to good information handling principles and the privacy and confidentiality of any personal information we deal with.
The terms “you” and “your” mean any visitors and users of this Site and individuals who otherwise interact with us in connection with our services.
When we use the term “Personal information”, we mean the same as “personal data”. Personal data is defined in data privacy laws applicable in your country. It includes any information relating to an identified or identifiable natural person. This means any individual who can be identified directly or indirectly by reference to an identifier such as name, identification number, location data, online identifiers (for example, IP addresses – if they can be used to identify you) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Put simply, this includes data which either by itself or with other data held by us or available to us, can be used to identify you.
Personal information collected from you in connection with our services includes the following:
Personal information also includes special or sensitive categories of personal data, including medical or disability information which we may collect in connection with any trips or events you choose to attend for health and safety purposes.
If you communicate with us by email over the internet you should be aware that the nature of the internet may not be secure and may pass through several different countries on route to us. Please do not email us with confidential or sensitive information such as your credit card details. We comply with data privacy laws in relation to security, but cannot accept responsibility for unauthorized access to your information that is outside our control. Further information regarding our approach to the security of personal information is included in the section below on Security of personal information.
If you give us personal information about another person, in doing so you confirm that they have given you their prior permission to provide it to us and for us to be able to process their personal data (including any sensitive personal data).
You must also ensure this and other relevant privacy policies are brought to their attention so they can review how their personal information may be used.
We will only use your personal information for the purposes that you would reasonably anticipate or that we state when we collect it and, where necessary, for which you have given us your consent, as set out in the table below.
We are required to indicate our processing activities with your personal information and the legal basis for those activities (see the table below). The legal basis includes handling your personal information:
|Purpose of Data Use||Personal information used||Our Lawful Basis for using the information|
|To administer any membership you have with us and managing our relationship with you, including dealing with payments and any support, service or product enquiries made by you||
All contact and membership details, transaction and payment information, records of your interactions with us, and marketing preferences.
This is necessary to enable us to properly manage and administer your membership contract with us.
|To arrange and manage any contracts for the provision of any services or products||
Contact details, transaction and payment information.
Records of your interactions with us.
|This is necessary to enable us to properly administer and perform any contract for the provision of any services and products you have purchased from us.|
|To send you information which is included within your membership benefits package, including details about advanced ticket information, competitions and events, partner offers and discounts and any updates on our sport and leisure offerings||Contact and membership details.||
This is necessary to enable us to properly manage and administer your membership contract with us.
|To send you other marketing information we think you might find useful or which you have requested from us, including our newsletters, information about membership, events, products and information about our commercial partners and to occasionally inform you of new services we will be providing or we consider will be of interest to you.||
Contact details and marketing preferences.
The lawful basis for handling this data is as described below:
|To answer your queries or complaints||Contact details and records of your interactions with us||We have a legitimate interest to provide complaint handling services to you in case there are any issues with your membership.|
|Retention of records||All the personal information we collect.||
We have a legitimate interest in retaining records whilst they may be required in relation to complaints or claims. We need to retain records in order to properly administer and manage your membership and run CSSC and in some cases we may have legal or regulatory obligations to retain records for the purposes of accounting and to audit our operations.
We process special category personal data on the basis of the “special category reasons for processing of your personal data” referred to above.For criminal records history we process it on the basis of legal obligations or based on your explicit consent.
|The security of our IT systems||
Your usage of our IT systems and online portals.
|We have a legal obligation to ensure that our IT systems are secure.|
|To conduct research and data analysis and develop statistics to better understand event attendance and trends within the CSSC offering.||Records of your attendance at any events or competitions hosted by us or your use of CSSC offering ie. online shop and my savings||This is necessary to perform our legitimate interest with you to ensure that our membership is targeted and relevant.|
|For the purposes of promoting CSSC, our events and membership packages.||Images in video and/or photographic form.||Where you have given us your explicit consent to do so|
|To comply with health and safety requirements||Records of attendance, CCTV footage and other information obtained through electronic means such as swipe card and key fob records, medical information about your health.||We have a legal obligation to provide you and other members of our organisation with a safe environment in which to participate in sport.|
|To administer your attendance at any workshops, programmes or events you sign up to||
All contact and membership details, transaction and payment data.
|This is necessary under your contract with us to enable us to register you on to and properly manage and administer your attendance on the course and/or programme.|
|To arrange for any trip or transportation to and from an event||Identification documents details of next of kin, family members and emergency contacts, transaction and payment information, health and medical information.||This is necessary under your vital interests to enable us to make the necessary arrangements for the trip and/or transportation|
|To use information about your physical or mental health (including any injuries) or disability status, to ensure your health and safety and to assess your fitness to participate in any events or activities we host and to provide appropriate adjustments to our sports facilities.||Health and medical information||We process special category personal data on the basis of the “special category reasons for processing of your personal data” referred to above.|
|To gather evidence for possible grievance or disciplinary hearings||All the personal information we collect||We have a legitimate interest in doing so to provide a safe and fair environment for all members and to ensure the effective management of any disciplinary hearings, appeals and adjudications.|
|Complying with legal and regulatory requirement; and establishing and defence of legal rights.||Information needed for legal defence||For criminal records history we process it on the basis of legal obligation or based on your explicit consent|
You should be aware that you are entitled under data privacy law to withdraw your consent,where that has been given, at any time. You can withdraw your consent by contacting us. See more details in the Contact us section below. You can also withdraw your consent by accessing My CSSC.
You should be aware that if you do this and if there is no alternative lawful reason for us to rely on to justify the relevant use or other processing on your personal information, this may affect our ability to provide our services.
We will keep your name, address and contact details (including telephone numbers and email addresses) on our databases and (unless you have opted-out of this at the point at which we first collected your details from you) we may from time to time use that information to make you aware of our own same or similar products and sports events and leisure services which may be of interest to you. We may contact you in writing, by telephone or email. If at any time you decide that you do not want your contact details used for these purposes, please contact us or amend your preferences on My CSSC.
If you have provided your consent, CSSC’s other group companies and third parties (that you have indicated to us you would be interested to hear about) may contact you by email or text that you have indicated is your preferred contact method, about sports, events and leisure activities administered or arranged by CSSC.
When you sign up with us, we will also share some limited personal information with Parliament Hill Ltd and People Value Ltd who operate MySavings+ to enable them to identify you:
Where appropriate, before disclosing personal information to a third party or affiliate who process your information under our instructions as a data processor, we require the third party to take adequate precautions to protect that data and to comply with applicable privacy laws.
We keep your personal information for no longer than is necessary to fulfil the purposes for which it was collected as described above or in another privacy notice provided to you, taking into account the requirements from the following criteria:
Retention in case of queries. We will retain it for a reasonable period (up to 5 years) in case of queries from you;
Retention in case of claims. We will retain it for the period in which you might legally bring claims against us (in the UK this means we will retain it for 6 years);
If you would like further information about our data retention practices please contact us (see Contact us below).
We endeavour to use appropriate technical and physical security measures to protect personal information which is transmitted, stored or otherwise processed from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of or access, whenever this is collected in connection with our services.
On our Site, these measures include computer safeguards and secured files and facilities. We have received ISO 27001 accreditation for compliance with best practice in information security management. Our service providers are also selected carefully and required to use appropriate protective measures.
In particular, we endeavour to implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including as appropriate: (a) pseudonymisation (such as where data is separated from direct identifiers so that linkage to an identity is not possible without additional information that is held separately) and encryption, (b) ensuring the ongoing confidentiality, integrity, availability and resilience of systems and services used to process your personal information, (c) ensuring the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident; and (d) ensuring a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational security measures.
If there is a breach of security involving your personal information which we are concerned will involve risks to you, we shall without undue delay, work to mitigate those and contact you and/or the data privacy supervisory authority in accordance with applicable laws.
You have various rights under data privacy laws. These may include (as relevant) the right to:
Please see the contact details in the Contact us section below if you wish to exercise any rights. We endeavour to acknowledge requests within two working days and the appropriate response and information promptly and within the relevant statutory timescale (usually one month).
Links to other websites and providing information to third parties
Other countries may have different data protection laws than your country of residence or they may not have data protection laws at all. They may not be deemed by the European Commission as providing adequate protection for personal information.
We only send information outside of the UK if you have specifically requested a trip outside of the UK which is organised with or via a third party. We do not otherwise have any suppliers outside the European Economic Area (“EEA”).
We will only make transfers of personal information outside the EEA:
If you have any questions please contact us (see Contact Us below).
You can contact us directly if you have any concerns or complaints regarding how your personal information is handled. We take privacy seriously and will respond promptly. You can access our complaints form here.
In addition to any other administrative or judicial remedy you might have, you have the right to lodge a complaint with the relevant data protection supervisory authority if you consider that we have infringed applicable data privacy laws when processing your personal information. The data privacy regulator’s details in the UK are as follows: Information Commissioner’s Office and their site is: https://ico.org.uk/ which includes current contact details and how to lodge a complaint in writing or by telephone to their contact centre.
If you wish to provide comments, update any of your preferences or exercise any of your rights you can: