Thank you for visiting our website and considering the use of our Sportsrooms. Our use of your personal information on this website, when you make a booking and any other interaction between us, is governed by this Privacy Notice.
This policy covers the following topics:
- Who we are and how to contact us
- Information we collect
- Using your personal information
- Automated decision making and credit reference agencies
- Protection and storage of your personal information
- Access to your personal information and your rights
- Information that we share
- Information sent outside the EEA/UK
- Data transfers
- PCI DSS Policy
- Changes to this policy
Who we are and how to contact us
We are Sportsrooms Limited (company number 09478046), trading as Sportsroom, registered in England and Wales. For the purposes of data protection law, we are the controller of the personal information we hold about you. This means we make decisions about how and why your information is used, and have a legal duty to make sure that your rights are protected when we use it and share it.
Information we collect
When using or seeking to use our services we collect the information you provide to us including:
Personal information such as your
- Your name, your email and phone number that you send us requesting further information about our products and services. – If you make a purchase from us, we will process your personal details (including first name, last name, date of birth and passport information) processing of client credit card information. We require these details for us to complete the supply of the services you purchase from us and process this data with your consent.
- Payment details when you make a purchase from us. – Financial information such as partial card numbers and card expiry dates (we do not collect or hold full card numbers, which are held by the payment gateway and your repayment and default (if any) history.
- We will send you marketing information and newsletters when you consent for us to do so. You have the right to unsubscribe to marketing at any time. If you do choose to unsubscribe, we will keep your name and email address on a suppression list so that we don’t email you again by accident.
- IP Address/ MAC address when you use the website
As part of our assessment of fraud and credit suitability, we also utilise third parties and may collect information from third parties such as credit agencies and identity verification providers and other commercial information service providers. We may also access information that is available publicly, such as on public and subscribed registers.
We may also collect transaction information, which may include personal information, from any hotel where you are seeking to use our services.
We may also collect information from your computer or device in relation to your use of our website such as IP address, activity logs, cookie and browser identifiers, operating system identifiers and location identifiers.
We do not collect any “special category data” about you, such as your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, criminal convictions or offences, information about your health and genetic and biometric data, or any other personal data revealing or concerning such types of data.
We use the following cookies:
Strictly necessary cookies. These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website, use a shopping cart or make use of e-billing services.
Analytical/performance cookies. They allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.
Functionality cookies. These are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
Using your personal information
We will process your personal information to the extent necessary to:
Make decisions to provide you with our services, including evaluating your creditworthiness or verifying your identity;
• Enter into, or perform, a contract with you
• Provide you with our services, we will send your booking information to hotels outside of the UK as part of the booking process.
• Communicate with you via phone, text message, notifications, email or post and otherwise to manage our relationship with you (for example, sending you payment reminders);
• Provide you with marketing materials and other news updates and promotions with respect to our products and services, where you have consented to receiving such information.
• Comply with any relevant law or regulatory obligation;
• Contribute to statistical and analytical data relating to your buying habits; and
• Build a profile of you to predict your preferences and to customise our marketing material and information to those preferences.
Under data protection laws, we have to have a legal justification to process your personal information, called ‘lawful bases’. The lawful bases we rely on for processing your information are:
Legal obligation – for personal information that is necessary for the credit, legal, regulatory, financial or accounting aspect of a contract;
Contract – for personal information that is necessary to enter into and perform a contract;
Consent – for personal information used for marketing, news, updates and promotions, and for collecting and using personal information via certain types of cookies for analytics purposes;
Legitimate interest – for assessing and managing credit and other risk, combatting fraud and criminal activity, marketing, profiling to enable us to tailor our marketing and information we provide to you, completing commercial lending transactions, clearing and collecting payments, contacting you about your account, soliciting feedback, market research, prevention of data breaches, remediation, business analysis and modelling, service testing and improvement, training, quality assurance, and asserting or protecting ourselves from legal claims
We will only keep your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any credit, legal, regulatory, financial or accounting requirements. Depending on the applicable legislation, your personal data may be processed up to seven years after the end of the customer relationship.
Protection and storage of your personal information
Your personal information will predominantly be stored in electronic form in secure cloud based data centres located in the United Kingdom that may be owned by third parties. Your personal information may also be stored in paper form. All such information whether electronically or physically stored is kept secure using generally accepted standards of security (e.g. encryption).
Access to your personal information and your rights
You can request access to your personal information by contacting us using the details in section 1. We do not charge for such access, unless you make excessive or unfounded requests.
We want you to remain in control of your personal information. Part of this is making sure you understand your legal rights, which are summarised as follows:
- The right to be informed about the use of your personal information – this is what this Privacy notice does.
- Where your personal information is processed on the basis of consent, the right to withdraw that consent.
- The right to confirmation as to whether or not we are holding any of your personal information and, if we are, to obtain a copy of it;
- The right to have certain information provided to you in a portable electronic format.
- The right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or has a significant effect on you.
- The right to have inaccurate information rectified.
- The right to object to your information being used for marketing or profiling, or on the basis of our or a third party’s legitimate interests.
- The right to restrict how your information is used; and
- The right to be forgotten, which allows you to have your information erased in certain circumstances.
If you want to exercise any of these rights, please contact us using the details given in section 1. There are exceptions to the rights above and, though we will always try to respond to your satisfaction, there may be situations where we are unable to do so. We encourage you to look at the UK Information Commissioner’s Office website for detailed information about your privacy rights and our obligations as a controller of your personal information.
If you are not happy with our response, or you believe that your data protection or privacy rights have been infringed, you should contact the UK Information Commissioner’s Office, which oversees data protection compliance in the UK. Details of how to do this can be found at www.ico.org.uk.
Sharing your Information
We do not sell, trade or rent your information, and will never disclose information about you (including information obtained from our dealings with you) to third parties, except:
- where we have a legal interest in a company;
- to fulfil your specific orders for a product or service or information in the event that third parties deliver the relevant product or service or information. For example, if you go on a holiday with us, the hotel needs to know who you are.
- where third parties administer part or all of the product or service;
- for testing purposes, and to maintain management information for business analysis.
We may of course be obliged at law to pass on your information to the police or any other statutory or regulatory authority and in some cases, exemptions may apply under relevant data protection legislation, whereby we can legitimately release personal data e.g. to prevent or detect crime or in connection with legal proceedings.
Subsequent to your purchase of a product or service, we may enter into an arrangement for that service to be provided by a new third party. If this happens, the terms and conditions of your contract with us will provide that you consent to the transfer and processing of personal and/or special category personal data to the new provider, subject to the requirements of the GDPR and associated legislation.
If we provide information to a third party (either a provider of a product or service, or an external data processing agency such as a mailing house) or a company Sportsrooms has a legal interest in, we will exercise the strictest control over them contractually, requiring it and any of its agents and/or suppliers to:
• maintain the security and confidentiality of the information and restrict access to those of its own employees
• use the data for the agreed purpose only and prevent it being used for any other purpose by any other party
• refrain from communicating with you other than concerning the product in question
• return the data to us at the conclusion of any contract term, and destroy or delete any copies made of all or any part of the information unless copies are needed to be kept to comply with regulations
• In addition, we will restrict the information disclosed to the absolute minimum necessary, for example, to provide the product or service
Information sent outside the EEA/UK
We provide products and services including holidays outside the EEA. Therefore, if you travel on such holidays the information you provide may occasionally be transferred outside the EEA.
It is worth noting, however, that some non-EEA countries do not afford the same level of data security as the UK. We will always use every reasonable effort to ensure sufficient protections are in place to safeguard your personal information such as encryption and standard contractual clauses.
PCI DSS Policy
For security purposes, Sportsrooms does not keep or hold your full debit or credit card data. We use established payment gateway providers to process payments. Our payment gateway providers adhere to a comprehensive set of requirements created by the Payment Card Industry Security Standards Council for ensuring the safe handling of sensitive customer debit and credit card data. Our payment gateway providers are Level 1 Service Providers and are compliant to PCI DSS Version 3.2 standard.
Changes to this policy