Our schedule

Privacy Policy

Privacy Policy – DR Coaching Collective Ltd Effective Date: 1st July 2025 DR Coaching Collective Ltd (Company No: 16473597, registered in England and Wales) is deeply committed to protecting your privacy and ensuring the security of your personal data. We comply fully with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This policy outlines how we collect, use, store, and protect your personal information, and your rights regarding that information.

1. Who We Are and Our Role as Data Controller DR Coaching Collective Ltd provides grassroots football training through various services, including school holiday camps, the Monday Night Development Centre, Saturday Morning Centre, and other coaching programmes. For the purposes of data protection law, DR Coaching Collective Ltd is the Data Controller of your personal data. This means we determine the purposes and means of processing your data. Our Contact Details: Data Controller: Daniel Reilly Company Name: DR Coaching Collective Ltd Company Number: 16473597 Email: drcoachingcollective@gmail.com Phone: 07792819968

2. What Information We Collect We collect various types of personal information to provide our services effectively and safely. This information is primarily collected when you make a booking, register for a camp, attend an event, or communicate with us.

2.1 Information from Parents/Guardians: • Identity & Contact Data: Full name, email address, phone number, home address. • Emergency Contact Data: Names and phone numbers of emergency contacts (other than the primary parent/guardian). • Health & Welfare Consent: Preferences regarding medical treatment consent, photographic consent, and child collection authorisations. • Financial Data: Payment card details (processed securely by our third-party payment processor, Class 4 Kids – we do not store full card details ourselves), booking history, and payment confirmations. • Correspondence Data: Records of communications with us (e.g., emails, phone calls, messages).

2.2 Information from Participants (Children): • Identity Data: Full name, date of birth, current school year. • Sensitive Personal Data (Special Category Data): Medical conditions, allergies, specific dietary requirements (e.g., nut allergy), accessibility needs, and relevant health information. This information is handled with the utmost care and in accordance with specific lawful bases. • Participation Data: Attendance records, skill development notes, and progression information.

2.3 Automatically Collected Information via Class 4 Kids (our booking platform): • Booking history. • Payment confirmations. • Attendance records. • Technical data such as IP address, browser type, and operating system (collected by the platform for system administration and analysis, not typically directly identifiable to you by us).

3. How We Use Your Information We use your personal data for the following specific purposes: • Processing Bookings and Payments: To manage your registration, process payments, and confirm your child's place in our sessions or camps. • Communication: To send you essential details about your bookings, session updates, changes, cancellations, and important information regarding your child's participation. • Managing Health & Safety: To address medical and emergency needs effectively, ensuring the safety and well-being of all participants. This includes sharing necessary health information with qualified first aiders and coaches on a need-to-know basis. • Child Safety & Safeguarding: To comply with our legal and ethical obligations under our Safeguarding Policy, ensuring the protection of all children in our care. This includes maintaining attendance records and having necessary contact information readily available. • Service Improvement: To analyse participation trends, assess the effectiveness of our programmes, and improve the quality of our coaching and services. • Marketing & Updates (with Consent): To send you occasional newsletters, information about future camps, new programmes, special offers, or other relevant updates, only if you have provided explicit consent to receive such communications. • Performance & Development: Where applicable, to provide feedback on your child's progress and development notes to parents/guardians.

4. Lawful Basis for Processing Your Information Under UK GDPR, we must have a lawful basis to process your personal data. We rely on the following: • Contractual Necessity: Processing is necessary for the performance of a contract with you (e.g., to fulfil your booking for a session or camp, process payments, and provide coaching services). • Legal Obligation: Processing is necessary to comply with a legal obligation to which we are subject (e.g., for safeguarding children, meeting health and safety requirements, insurance purposes, and reporting to relevant authorities like the FA). • Consent: For specific activities where required, such as: o Photography and media use for promotional purposes. o Direct marketing communications (if not covered by legitimate interest). o Processing sensitive personal data (special category data) like medical conditions or allergies. Where consent is the basis, you have the right to withdraw it at any time. • Legitimate Interest: Where processing is necessary for our legitimate interests or those of a third party, provided your interests and fundamental rights do not override those interests. This includes: o Improving our services and communication. o Maintaining administrative and operational records. o Preventing fraud and ensuring security. o Resolving disputes. o Analysing anonymised data for business insights. o We always ensure that our legitimate interests are balanced against your rights and freedoms.

5. How We Store and Protect Your Data We implement robust security measures to protect your personal data from unauthorised access, alteration, disclosure, or destruction. • Digital Storage: o The majority of your data is stored securely on Class 4 Kids’ GDPRcompliant platform. Class 4 Kids acts as our Data Processor, and we have a data processing agreement in place to ensure they meet UK GDPR standards. o Additional development records or sensitive medical alerts may be stored in encrypted cloud-based systems (e.g., secure cloud storage with multi-factor authentication) with stringent access controls limited only to authorised personnel who require it for their roles (e.g., Designated Safeguarding Officer, lead coaches). • Physical Records: Any temporary paper records (e.g., daily attendance sheets, emergency contacts forms used on the day) are securely managed during sessions and shredded or securely disposed of immediately after the event or when no longer required for operational purposes. • Access Control: Access to personal data is strictly limited to relevant staff members who require it to perform their duties. All staff are trained on data protection principles. • Data Breach Procedures: We have procedures in place to detect, report, and investigate any suspected personal data breaches in accordance with UK GDPR requirements.

6. Sharing Your Information We do not sell, rent, or trade your personal data to third parties. We only share your information in the following limited circumstances, and strictly on a "need-to-know" basis: • Medical Emergencies: With healthcare professionals (e.g., paramedics, doctors) if required for the immediate medical care of a participant. • Safeguarding Authorities: With local authority children's services, the police, or other relevant safeguarding bodies if required by law or if we have a safeguarding concern. • Regulatory & Governing Bodies: With our insurer or Football Association (FA)- affiliated bodies for reporting purposes, compliance, or incident investigation. • Third-Party Service Providers: With trusted service providers who assist us in operating our business (e.g., Class 4 Kids for booking management, email service providers for communications). These providers are contractually obligated to protect your data and only process it according to our instructions and UK GDPR requirements. • Legal Compliance: When legally required to do so by a court order or other legal process.

7. Photography & Media • Consent-Based: Images or videos of participants may be taken during sessions and used on our website, social media channels, or for other promotional and marketing purposes only if explicit consent is provided by the parent/guardian during the booking process. • Withdrawal of Consent: You have the right to withdraw your consent for photographic and media use at any time by contacting us at drcoachingcollective@gmail.com. We will endeavour to remove images/videos from our active promotional materials promptly, though some may remain in previously published or printed materials. We will ensure that images/videos of children whose parents have specifically withheld or withdrawn consent are not used for future promotional activities. • Safeguarding: All photography and media use adheres strictly to our Safeguarding Policy, ensuring the dignity and safety of all children.

8. Your Rights Under UK GDPR As a data subject, you have significant rights regarding your personal data: • Right of Access: You have the right to request a copy of the personal data we hold about you or your child. • Right to Rectification: You have the right to request that we correct any inaccurate or incomplete personal data we hold about you or your child. • Right to Erasure (Right to be Forgotten): You can request the deletion of your personal data where there is no compelling reason for its continued processing, subject to certain legal exemptions (e.g., ongoing safeguarding requirements). • Right to Restrict Processing: You have the right to request that we limit the way we use your data in certain circumstances. • Right to Data Portability: You can request to receive your personal data in a structured, commonly used, and machine-readable format, or to have it transmitted directly to another controller. • Right to Object: You have the right to object to processing based on legitimate interests or for direct marketing purposes. • Right to Withdraw Consent: Where we rely on your consent for processing, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing based on consent before its withdrawal. • Right to Lodge a Complaint: If you have concerns about how we are handling your data, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK's independent authority for data protection. o ICO Website: www.ico.org.uk o ICO Helpline: 0303 123 1113

9. Data Retention We retain your personal information for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. Our data retention periods are determined by legal obligations, regulatory guidance (such as from the FA), and our legitimate business needs. Here is an overview of our general data retention periods: • Participant & Parent/Guardian Booking and Contact Data: o Period: We will generally retain your core contact details, booking history, and participant identity data for up to 2 years after your child's last session or camp attendance. o Purpose: This allows us to handle any post-participation queries, confirm attendance history for insurance purposes, facilitate re-booking, and ensure continuity for returning participants. • Sensitive Personal Data (Medical Conditions, Allergies): o Period: Retained for up to 2 years after the child's last session or camp attendance, or immediately deleted upon specific written request once active participation ceases, unless there is an ongoing safeguarding investigation or legal requirement to retain. o Purpose: Essential for health, safety, and emergency response during participation. Retention for a limited period after is for review of past incidents or potential queries. • Safeguarding Records & Serious Incident Reports: o Period: Records related to safeguarding concerns, serious accidents, or significant incidents will be retained for a minimum of 25 years from the date of the incident or resolution, or until the child reaches the age of 25, whichever is longer. This aligns with safeguarding best practices and statutory limitation periods for potential claims. o Purpose: To comply with legal and ethical safeguarding duties, assist in any future investigations, and protect the welfare of children. • Financial Records (e.g., invoices, payment confirmations): o Period: Retained for a minimum of 6 years plus the current financial year, in line with UK tax and accounting regulations (HMRC requirements). o Purpose: For financial auditing, tax compliance, and managing payment queries. • Correspondence Data (emails, general enquiries): o Period: Typically retained for up to 2 years if they do not relate to a booking or formal complaint. Formal complaints and serious incident correspondence will follow their specific retention periods. o Purpose: To manage communications and maintain a record of interactions. • Marketing Consent Records: o Period: Retained as long as consent is active. If consent is withdrawn, we will retain a record of that withdrawal for up to 2 years to ensure compliance. o Purpose: To demonstrate compliance with marketing preferences. • Staff and Volunteer Records (including DBS check results): o Period: Personnel files are typically retained for 6 years after employment or volunteering ceases, to comply with employment law and potential references. DBS records are retained only for the necessary period to make a recruitment decision, then securely destroyed, with only the date and outcome of the check retained in personnel files. o Purpose: For legal compliance, employment references, and historical staffing records. After the applicable retention period, your personal data will be securely deleted, destroyed, or anonymised in a manner that ensures it can no longer be associated with you.

10. Updates to This Policy We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal requirements. Any updates will be posted on our website with a revised "Effective Date." We encourage you to review this policy periodically.

11. Contact Details If you have any questions about this Privacy Policy, or if you wish to exercise any of your rights, please contact our Data Controller: Daniel Reilly DR Coaching Collective Ltd. Company No: 16473597 Email: drcoachingcollective@gmail.com Phone: 07792 819968