1. Introduction
Sportyweb Ltd is committed to protecting your privacy. Our website is designed to provide customised plans and programmes based on the information you choose to provide. We follow privacy-by-design principles, including data minimisation and purpose limitation.
2. Data Controller
For the purposes of the EU/UK General Data Protection Regulation (“GDPR”), the Data Controller is:
- Controller: Sportyweb Ltd
- Email: [email protected]
- Address: 8 Omar St, Wellington, New Zealand
3. Personal Data We Collect
We only collect personal data that you voluntarily provide to receive personalised plans or programmes. Depending on how you use the service, this may include:
- Identification details you provide (e.g., name or username)
- Contact information (e.g., email) if you submit it
- Information relevant to generating your customised plan/programme (e.g., preferences, goals, constraints)
- Any additional information you choose to enter
Please do not provide sensitive personal data (e.g., health information) unless it is necessary for the plan/programme you request. If you voluntarily provide special category data, we will treat it with additional care and only use it to provide the requested service.
4. How We Use Your Data (Purpose Limitation)
We use your personal data only to:
- Generate and deliver customised plans and programmes tailored to the information you provide
- Provide customer support if you contact us
- Maintain essential website functionality and security
We do not use your personal data for:
- Advertising or marketing
- Behavioural tracking or profiling
- Data brokerage or selling information
5. Legal Bases for Processing (GDPR)
Under Article 6 GDPR, we rely on the following legal bases, as applicable:
- Consent (Article 6(1)(a)): you choose to provide information to receive personalised plans/programmes. You may withdraw consent at any time.
- Contract / Service Delivery (Article 6(1)(b)): processing is necessary to provide the service you request.
- Legitimate Interests (Article 6(1)(f)) (limited): essential security, fraud prevention, and maintaining the website, where such interests are not overridden by your rights.
6. Data Sharing
We do not sell, rent, trade, or share personal data with third parties.
We may disclose personal data only where required to comply with a legal obligation, enforce our rights, or protect users, in accordance with applicable law.
7. Processors and Service Providers
If we use service providers (for example, hosting or email delivery) that process personal data on our behalf, they act as data processors under GDPR and are bound by contractual obligations to:
- process data only on our documented instructions
- implement appropriate security measures
- maintain confidentiality
If you want a list of current processors, contact us at [email protected].
8. Data Retention
We retain personal data only for as long as necessary to provide the customised plans/programmes you request, operate the service, and meet legal obligations.
- Default: we aim to delete or anonymise data when it is no longer needed for the purpose above.
- Legal obligations: some data may be retained longer where required by law.
9. Security
We implement reasonable technical and organisational measures to protect personal data from unauthorised access, loss, misuse, alteration, or disclosure. However, no system can be guaranteed 100% secure.
10. Your Rights (GDPR)
If you are in the EEA/UK (and in many other jurisdictions), you may have the right to:
- Access your personal data
- Rectify inaccurate or incomplete data
- Erase your data (“right to be forgotten”), in certain circumstances
- Restrict processing, in certain circumstances
- Object to processing, in certain circumstances
- Data portability for data you provided to us, where applicable
- Withdraw consent at any time (where processing is based on consent)
To exercise your rights, contact us at [email protected]. We may need to verify your identity before responding.
You also have the right to lodge a complaint with a supervisory authority. In the EU/EEA, this is typically the authority in your country of residence or where the alleged infringement occurred. In the UK, this is the Information Commissioner’s Office (ICO).
11. International Transfers
If personal data is transferred outside the UK/EEA, we will ensure an appropriate safeguard is in place, such as:
- an adequacy decision, where applicable
- Standard Contractual Clauses (SCCs) / UK International Data Transfer Agreement (IDTA), where applicable
- other lawful transfer mechanisms permitted by GDPR
12. Cookies and Tracking
We do not use advertising cookies or third-party tracking for behavioural profiling. We may use strictly necessary cookies or similar technologies required for essential site functionality and security.
13. Children’s Privacy
Our services are not intended for children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us personal data, contact us so we can delete it.
14. Changes to This Policy
We may update this policy from time to time. We will post the updated version on this page and revise the “Last Updated” date above.
15. Contact
If you have questions about this policy or your privacy rights, contact:
- Sportyweb Ltd
- Email: [email protected]
- Address: 8 Omar St, Wellington, New Zealand