Privacy Policy
Effective Date: 30 December 2025
This Privacy Policy explains how OurFooty.Club (referred to as "we", "us", or "our") collects, uses, stores, and shares personal data from users (referred to as "you" or "your") who interact with our website, OurFooty.Club, and our mobile application available on the Google Play Store.
We are committed to protecting your privacy and complying with the UK General Data Protection Regulation (GDPR) and the Data Protection Act 2018.
1. What data do we collect?
We may collect and process the following categories of personal data:
- Identity Data: Name, date of birth, gender, nationality, FA Number.
- Contact Data: Email address, telephone number, postal address.
- Usage Data: Information about how you use our website, including IP address, browser type and version, pages visited, time spent on pages, and other statistics.
- Profile Data: Username and password (if you create an account), passport-style photographs for player registration.
- Special Category Data (Medical Information): With your explicit consent (or parental/guardian consent for players under 18), we collect medical condition information for safeguarding purposes and to ensure player safety during football activities. This includes details about any medical conditions that coaches and safeguarding officers need to be aware of to provide appropriate care and emergency response.
- Technical Data: Browser type and version, time zone setting, location, browser plug-in types and versions, operating system and platform, information about how you use our website, products and services.
- Telemetry and Analytics Data: Performance metrics, error logs, crash reports, feature usage statistics, session duration, and application performance data collected through Microsoft Application Insights and Google Play Services.
- Device Data: For mobile app users, device type, operating system version, unique device identifiers, mobile network information, and app version.
2. How do we collect your data?
We collect data through:
- Direct Interactions: You may provide data directly when registering for an account, filling out player registration forms, or communicating with us.
- Automated Technologies: We use cookies and similar technologies to collect Usage Data and Technical Data.
- Player Registration Forms: Medical information is collected during the player registration process when explicitly provided by parents/guardians or adult players.
- Microsoft Application Insights: We use Application Insights to automatically collect telemetry data about website and app performance, errors, and usage patterns. This includes page views, response times, exception details, and dependency tracking.
- Mobile Application: Our Android app available on Google Play Store collects device information, app usage data, and crash reports through Google Play Services and Application Insights.
3. How and why do we use your data?
We use your data for the following purposes and with these lawful bases:
| Purpose | Lawful Basis |
|---|---|
| To provide our services and features, including account management, team organisation, tournament management, and communication tools. | Performance of a Contract (to fulfill our obligations under your membership or user agreement). |
| To communicate with you regarding your account, services, updates, or support inquiries. | Performance of a Contract; Legitimate Interest (to manage our relationship with you effectively). |
| To improve our website and services, develop new features, and analyse user trends. | Legitimate Interest (to understand how our services are used and to continuously improve them). |
| To ensure the security of our website and protect against fraud or misuse. | Legitimate Interest (to protect our services and users); Legal Obligation (if required by law). |
| To comply with legal obligations (e.g., safeguarding requirements, tax laws, FA regulations). | Legal Obligation. |
| For marketing and promotional communications (if you have opted in). | Consent (you have the right to withdraw consent at any time). |
| To process and store medical condition information for player safety, safeguarding, and emergency response during football activities. | Explicit Consent (with parental/guardian consent for players under 18); Vital Interests (to protect the life or health of the player). |
| To monitor application performance, diagnose technical issues, identify and fix bugs, and analyze crash reports. | Legitimate Interest (to maintain and improve the quality, stability, and security of our services). |
| To understand how users interact with features and optimize user experience based on usage patterns. | Legitimate Interest (to enhance our services and develop new features that meet user needs). |
4. Special Category Data: Medical Information
We recognize that medical information is particularly sensitive. We take the following specific measures to protect this data:
4.1 What Medical Data We Collect
- Information about whether a player has medical conditions
- Details of specific medical conditions that may affect participation in football activities
- Information necessary for coaches and safeguarding officers to provide appropriate care
4.2 Why We Collect Medical Data
Medical information is collected for the following purposes:
- Player Safety: To ensure coaches are aware of conditions that may require special attention during training or matches
- Emergency Response: To enable appropriate and timely medical response in case of emergencies
- Safeguarding: To fulfill our duty of care to all players
- FA Compliance: To meet Football Association requirements for player registration and welfare
4.3 How We Secure Medical Data
Medical information receives the highest level of protection:
- Encryption: All medical data is encrypted using AES-256 encryption both when stored in our database and when transmitted over the internet
- Access Control: Only authorized personnel (designated safeguarding officers, head coaches, and club administrators with explicit permission) can access medical information
- Audit Logging: Every access to medical data is logged with timestamp, user identity, and IP address for security and accountability
- Secure Infrastructure: Medical data is stored on secure servers with regular security updates and monitoring
- Data Minimization: We only collect and retain medical information that is necessary for player safety
4.4 Who Can Access Medical Data
Access to medical information is strictly limited to:
- Designated safeguarding officers at the club
- Head coaches and assistant coaches with explicit safeguarding clearance
- Club administrators with the "View Medical Data" permission
- Emergency medical personnel in case of medical emergencies
- Parents/guardians of the player (for players under 18)
- The player themselves (for players 18 and over)
4.5 Retention of Medical Data
Medical information is retained for:
- Active Players: As long as the player is registered with the club and participating in activities
- Inactive Players: Up to 7 years after the player's last active participation, in line with safeguarding best practices and insurance requirements
- Automatic Deletion: Medical data for players who have been inactive for more than 7 years is automatically anonymized or deleted
4.6 Your Rights Regarding Medical Data
In addition to your general data protection rights, you have specific rights regarding medical information:
- Right to Access: You can request a copy of all medical information we hold
- Right to Rectification: You can update or correct medical information at any time
- Right to Erasure: You can request immediate deletion of medical information (subject to our legal obligations for safeguarding records)
- Right to Restrict Processing: You can request that we limit who can access the medical information
- Right to Withdraw Consent: You can withdraw consent for processing medical data at any time, though this may affect the player's ability to participate in certain activities
- Right to Audit Trail: You can request a report showing who has accessed the medical information and when
5. Who do we share your data with?
We may share your data with:
- Other users of OurFooty.Club: Team managers may see player contact details for organization purposes, or tournament organizers may see participant information. Medical information is NEVER shared with other users except designated safeguarding personnel.
- Medical Personnel: In case of medical emergency, medical information may be shared with emergency responders, paramedics, or hospital staff.
- The Football Association: Player registration information (excluding medical details unless specifically required) may be shared with the FA for registration and governance purposes.
- Third-party service providers: We may use third-party companies for website hosting, analytics services, or email providers. These providers are bound by strict data processing agreements and cannot access medical information unless explicitly authorized and necessary.
- Microsoft Azure and Application Insights: Telemetry, performance, and diagnostic data is processed by Microsoft Application Insights, hosted on Azure servers in the UK. Microsoft acts as a data processor under our agreement and complies with GDPR requirements. Application Insights data does NOT include medical information or other special category data.
- Google Play Services: For mobile app users, certain device and usage data is shared with Google in accordance with Google's privacy policies to facilitate app distribution, crash reporting, and analytics through the Google Play Store.
- Legal or regulatory bodies: When required by law or legal process, or to protect player safety.
Important: Medical information is NEVER used for marketing purposes or shared with third parties for commercial purposes.
6. International data transfers
Our data is stored on Microsoft Azure servers located in the UK. Some of our third-party service providers may process non-medical data outside of the UK or European Economic Area (EEA):
- Microsoft Application Insights: Telemetry data is primarily processed in UK Azure regions, but may be transferred to other Microsoft data centers within the EEA for redundancy and performance purposes.
- Google Play Services: Mobile app data may be processed in various Google data centers globally, subject to Google's GDPR-compliant data processing agreements and standard contractual clauses.
Medical information is never transferred outside the UK/EEA. If other personal data is transferred internationally, we ensure appropriate safeguards are in place, such as standard contractual clauses, in compliance with GDPR requirements.
7. How do we protect your data?
We are committed to protecting the security of your data. We implement appropriate technical and organisational measures, including:
- Encryption: TLS 1.2+ for data in transit, AES-256 for data at rest (especially medical information)
- Access Controls: Role-based access control with multi-factor authentication for administrative access
- Secure Servers: Regularly updated and monitored infrastructure with intrusion detection
- Password Protection: Strong password requirements and secure password storage using industry-standard hashing
- Regular Audits: Periodic security audits and vulnerability assessments
- Staff Training: All staff with access to personal data receive GDPR and data protection training
- Incident Response: Documented procedures for responding to data breaches within 72 hours as required by GDPR
- Data Minimization in Telemetry: Application Insights is configured to exclude personal identifiers, medical information, and other sensitive data from telemetry collection
- Secure Key Management: Sensitive credentials and connection strings are stored in Azure Key Vault with restricted access
8. How long do we retain your data?
We retain your personal data only for as long as necessary:
- Account Information: As long as your account is active, plus 2 years for accounting/legal purposes
- Player Registration Data: For the duration of registration plus 7 years to meet safeguarding obligations
- Medical Information: Up to 7 years after last active participation (see Section 4.5)
- Audit Logs: Security and access logs are retained for 2 years for compliance purposes
- Communications: Email correspondence retained for 2 years unless specifically requested for deletion
- Telemetry and Analytics Data: Application Insights data is retained for 90 days by default, with aggregated statistics retained for up to 2 years for trend analysis. This data is anonymized and cannot be linked back to individual users.
- Crash Reports: Error logs and crash reports from mobile apps are retained for 90 days to facilitate debugging and issue resolution
When we no longer need your data, we will securely delete or anonymize it using industry-standard data destruction methods.
9. Your data protection rights
Under GDPR, you have the following rights regarding your personal data:
- Right to Access: You can request a copy of the personal data we hold about you. We will respond within 30 days.
- Right to Rectification: You can request that we correct or complete inaccurate or incomplete data.
- Right to Erasure (Right to Be Forgotten): You can request the deletion of your personal data. Note that we may need to retain certain information to meet legal obligations (e.g., safeguarding records).
- Right to Restriction of Processing: You can request that we limit the way we use your data in certain situations.
- Right to Data Portability: You can request that we provide your data in a structured, commonly used, and machine-readable format (CSV or JSON) for transfer to another service.
- Right to Object: You can object to the processing of your data in certain situations, including for direct marketing.
- Right to Withdraw Consent: If we rely on your consent to process your data (especially medical information), you can withdraw that consent at any time.
- Right to Lodge a Complaint: You have the right to complain to the ICO if you believe your data protection rights have been violated.
To exercise any of these rights, please contact us using the details provided in Section 11. We will respond to your request within one month. For complex requests, we may extend this by an additional two months, but we will notify you within the first month if this is necessary.
10. Data Breach Notification
In the unlikely event of a data breach that affects your personal data, we will:
- Notify the Information Commissioner's Office (ICO) within 72 hours of becoming aware of the breach
- Notify affected individuals without undue delay if the breach poses a high risk to your rights and freedoms
- Provide clear information about the nature of the breach, the likely consequences, and measures taken to address it
- Take immediate action to contain and remedy the breach
11. Changes to this Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. The "Effective Date" at the top of this policy indicates when it was last revised. Significant changes will be communicated via:
- Email notification to registered users
- Prominent notice on our website homepage
- In-app notification (if applicable)
You are advised to review this Privacy Policy periodically. Continued use of our services after changes constitutes acceptance of the updated policy.
12. Contact us
If you have any questions or concerns about this Privacy Policy, wish to exercise your data protection rights, or need to report a concern about medical data handling, please contact us at:
Data Protection Officer
Email: dave@jetstreamcloudsolutions.co.uk
For urgent safeguarding concerns involving medical data, please also contact your club's designated safeguarding officer.
13. Complaints
If you are not satisfied with our response to a privacy concern, you have the right to complain to the Information Commissioner's Office (ICO). The ICO is the UK's independent authority set up to uphold information rights.
ICO Contact Details:
Website: https://ico.org.uk/
Helpline: 0303 123 1113
Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
You can find more information about making a complaint to the ICO on their website. Please note that the ICO encourages you to contact us first to try to resolve your concern before lodging a formal complaint.
14. Children's Privacy
Most of our users are children participating in football activities. We take extra care to protect children's data:
- Parental/guardian consent is required for players under 18
- Parents/guardians can access, review, and request deletion of their child's data at any time
- Medical information for children receives the highest level of protection and access control
- We comply with additional safeguarding requirements for children's data under UK law
- Children cannot create accounts or provide medical information without parental/guardian involvement
- Our mobile app complies with the Children's Online Privacy Protection Act (COPPA) and UK Age Appropriate Design Code
- Telemetry data collected from children's devices is anonymized and does not include identifiable information
15. Application Insights and Analytics
We use Microsoft Application Insights to monitor and improve our services. Here's what you need to know:
15.1 What Data Application Insights Collects
- Performance Data: Page load times, API response times, server performance metrics
- Usage Data: Page views, feature usage, user flows (anonymized)
- Error Data: Exception messages, stack traces, failed requests (sanitized to remove personal information)
- Dependency Data: Database query performance, external API calls, service dependencies
- Browser and Device Information: Browser type, operating system, screen resolution, device type
15.2 What Application Insights Does NOT Collect
- Personal identifiers (names, email addresses, phone numbers)
- Medical information or special category data
- Passwords or authentication credentials
- Payment information
- User-generated content (except in error logs, which are sanitized)
15.3 How We Protect Telemetry Data
- Application Insights is configured with data filtering to exclude sensitive information
- Telemetry data is transmitted over encrypted connections (TLS 1.3)
- Access to Application Insights dashboards is restricted to authorized personnel only
- IP addresses are anonymized before storage
- Data is stored in Azure UK regions to comply with UK data residency requirements
15.4 Your Rights Regarding Analytics Data
You can opt out of analytics tracking by:
- Enabling "Do Not Track" in your browser settings (we honor DNT signals)
- Disabling analytics in your account settings (if available)
- Contacting us to request exclusion from analytics collection
Note that disabling analytics may limit our ability to diagnose issues you experience and may affect the quality of support we can provide.
16. Mobile Application (Google Play Store)
Our mobile application for Android is available on the Google Play Store. When you use the mobile app:
16.1 Additional Data Collected by Mobile App
- Device Information: Device model, manufacturer, Android version, unique device identifiers (Android ID)
- App Information: App version, installation ID, app preferences and settings
- Network Information: Network type (Wi-Fi, mobile data), carrier information
- Location Data: Approximate location (city/country level) for regional content and compliance purposes (we do NOT collect precise GPS coordinates without explicit permission)
- Crash and Diagnostic Data: Stack traces, device state at time of crash, app logs (sanitized)
16.2 Google Play Services
The mobile app uses Google Play Services, which means:
- Google collects certain data as described in Google's Privacy Policy
- App installation and update information is processed by Google
- Crash reports may be sent to Google Play Console for developers
- Google Play Services data is subject to Google's GDPR-compliant data processing terms
16.3 Permissions Required by Mobile App
The app may request the following permissions:
- Internet Access: Required to access OurFooty.Club services
- Network State: To detect connectivity and provide offline features
- Camera (Optional): For uploading player photos (only with explicit permission)
- Storage (Optional): For caching data and offline access (only with explicit permission)
- Notifications: For match reminders and team updates (can be disabled in device settings)
16.4 Mobile App Data Retention
- Cached data is cleared when you uninstall the app
- Server-side data follows the retention periods outlined in Section 8
- You can clear app cache and data at any time through Android settings
16.5 Children and Mobile Apps
In compliance with Google Play's Families Policy and UK Age Appropriate Design Code:
- The app is rated for appropriate age groups
- Parental consent mechanisms are implemented for users under 18
- Advertising and third-party SDKs are compliant with children's privacy requirements
- Default settings are privacy-protective for children
17. Third-Party Links and Services
Our website and mobile app may contain links to third-party websites, services, or integrations:
- Football Association (FA): Links to FA websites and services
- Payment Processors: For membership fees and event registrations
- Social Media: Integration with social media platforms for sharing
We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal data.
18. Changes to this Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. The "Effective Date" at the top of this policy indicates when it was last revised. Significant changes will be communicated via:
- Email notification to registered users
- Prominent notice on our website homepage
- In-app notification (if applicable)
You are advised to review this Privacy Policy periodically. Continued use of our services after changes constitutes acceptance of the updated policy.
19. Contact us
If you have any questions or concerns about this Privacy Policy, wish to exercise your data protection rights, or need to report a concern about medical data handling, please contact us at:
Data Protection Officer
Email: dave@jetstreamcloudsolutions.co.uk
For urgent safeguarding concerns involving medical data, please also contact your club's designated safeguarding officer.
20. Complaints
If you are not satisfied with our response to a privacy concern, you have the right to complain to the Information Commissioner's Office (ICO). The ICO is the UK's independent authority set up to uphold information rights.
ICO Contact Details:
Website: https://ico.org.uk/
Helpline: 0303 123 1113
Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
You can find more information about making a complaint to the ICO on their website. Please note that the ICO encourages you to contact us first to try to resolve your concern before lodging a formal complaint.