Data Protection / Privacy Policy

1)  Please could we have a copy of your data protection policy?

You can find this in the privacy policy: https://clubspark.lta.org.uk/PrivacyPolicy

2)  Does ClubSpark hold an ISO27001 Accreditation? or any other Data Protection Certificates?

We do not have ISO27001 Accreditation but our hosting partner, Microsoft Azure, does (see below). We are registered as a data controller with the Information Commissioner's Office (ICO).

Our latest registration certificate is available upon request: support@clubspark.com

3)  How is ClubSpark affiliated with the LTA? Is your product an official LTA tool?

ClubSpark is an official LTA tool and is offered for free by the LTA to registered venues.

https://www.lta.org.uk/venue-management/support-your-venue

4)  Where are your IT services/databases hosted and who has access to them?

Our infrastructure is hosted in Microsoft Azure. It runs in geographically dispersed data centres that comply with key industry standards, including ISO/IEC 27001:2005. They are managed, monitored, and administered by Microsoft operations staff.

More information on Windows Azure security can be found here:

https://azure.microsoft.com/en-gb/support/trust-center/

5)  Do you keep my financial information?

We don't store financial information as this is held by our payment gateway providers Stripe (stripe.com) and GoCardless (gocardless.com).

We encrypt passwords, and the website is only accessible via SSL (secure sockets layer).

6)  What information or data is held?

In terms of personal information, from user registration, we store; name, gender, date of birth, address, email address, postcode.

The venue or user can add the following information in the user's venue profile: address, work number, phone number, emergency phone number.

Additionally, the venue can also add the following information in the user's venue profile: occupation, medical information.

7a) Where is it held?

It is held in the Microsoft Azure West Europe data centre.

7b) In what form is it held?

The data is stored in cloud-hosted data stores. Data is encrypted at rest as well as in transit and has strict access control policies.

Clearly, we would not want to go into too much detail in this area as it would represent a security risk in itself but if you have specific questions we may be able to answer them at support@clubspark.com  

8)  Do you pass on any personal data to any 3rd parties to perform the above? And if so is there a way to opt-out as I'm sure there will be members in the club that do not want to be contacted by 3rd parties selling their products

We do not pass on any personal data to any 3rd parties, but the LTA can. Here is a link to the latest Privacy Policy for the LTA:

https://www.lta.org.uk/about-the-lta/policies-and-rules/privacy-policy/

When registering on venue sites users can opt-out of:

a) The LTA viewing their data. If they do opt-out b & c are automatically opted out.

b) The LTA sending them information about their offers and about offers from carefully selected third parties by post/email/SMS.

c) The LTA passing their contact details to carefully selected third parties so that they can send you, by post, details of their products and services.

Please contact us for more information:

• Telephone: 020 8247 3857
• Email: support@clubspark.com