clubzap.com (the “Site”), iOS and Android Applications
Clubzap Ltd. is a private company limited by shares incorporated in Ireland with company number 588710 and having a registered office at Cloughoolia, Sixmilebridge, Co. Clare, Ireland ("we" / "us" / "our" / "ClubZap" / "Clubify"). We provide a mobile communications & payments platform for sports clubs to engage their community, grow membership and increase fundraising.
Under this Policy, and unless the circumstances otherwise require, we will be what’s known under the General Data Protection Regulation (EU) 2016/679 (the “GDPR”) as the “controller” of the personal data you provide to us.
We will collect and process the following data about you for the following purposes:
Your Data. This is information about you that you give us by filling in forms on our Site or by corresponding with us by phone, e-mail or otherwise. It includes information you provide when you use our Site, register for, subscribe to or use the Services, search for a product, place an order on our Site, participate in discussion boards or other social media functions on our Site and/or when you participate in and respond to our sign-up or other surveys or report a problem with our Site and/or the Services.
The information you give us may include:
Automatically Collected Information. With regard to each of your visits to our Site we will automatically collect the following information:
No special categories of personal data: We do not require or collect any personal data that is your sensitive personal data or any special category of personal data under the GDPR, unless you decide to provide this information to us.
We will only use your personal information when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us at firstname.lastname@example.org. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note that we may process your personal data without your knowledge or consent, in compliance with this Policy, where this is required or permitted by law.
We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. This means that the period of time for which we store your personal data may depend on the type of data we hold. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. For example, we may hold personal data as needed for our accounting or tax compliance purposes for a period of 6 years or for 5 years where needed for our compliance with anti-money laundering regulations. For more information about our data retention policies please contact us at email@example.com
We do not sell your personal information (or Your End Customer Data) to third parties for marketing purposes. We may disclose information to third parties if you consent to us doing so as well as in the following circumstances:
You agree that we have the right to share your personal information with the following recipients or categories of recipients.
We will disclose your personal information to third-party recipients.
You may request access at any time to a copy of the personal data we hold about you. Any such request should be submitted to us in writing and sent to firstname.lastname@example.org
We will need to verify your identity in such circumstances and may request more information or clarifications from you if needed to help us locate and provide you with the personal data requested. There is usually no charge applied to access your personal data (or to exercise any of the other rights). However, if your request is clearly unfounded, repetitive or excessive, we may charge a reasonable fee. Alternatively, we may refuse to comply with your request in these circumstances.
You may restrict us from processing your personal data in any of the following circumstances:
If we hold personal data concerning you which are no longer necessary for the purposes for which they were collected or if you withdraw consent for us to process your personal data, you can request the deletion of this personal data. This right, however, will not apply where we are required to process personal data in order to comply with a legal obligation or where the processing of this information is carried out for reasons of public interest in the area of public health. If the personal information we hold about you is inaccurate, you may request to have your personal information updated and corrected. To do so at any time, please contact us by email at email@example.com
You have the right to object to the processing of your personal data at any time:
To exercise your right to object at any time, please email firstname.lastname@example.org. Should this occur, we will no longer process your personal data for these purposes unless doing so is justified by a compelling legitimate ground as described above. For more information about our marketing practices, please see the Marketing Communications section below.
Where we process your personal data by automated means (i.e., not on paper) and this processing is based on your consent or required for the performance of a contract between us, you have the right to request from us a copy of your personal data in a structured, commonly used machine-readable format and, where technically feasible, to request that we transmit your personal data in this format to another controller.
The rights described in this section are personal rights and are exercisable only by the individual person (or data subject) concerned. If we receive any such request or communication directly from your customers and/or in relation to Your End Customer Data, we will refer the matter to you and cooperate in providing such reasonable assistance as may be required to enable you, as a controller, to respond to the matter. This will be described in more detailed in the Terms of Service or the other relevant contract between us.
We will not use your data to send marketing communications to you about promotions, competitions, updates and new products or services that may be of interest to you, unless we have your permission to do so.
You have the right to object to the processing of your personal data for our marketing purposes. To object or if you change your mind at any later time, you can withdraw your consent to the processing of your personal data for such marketing purposes by contacting us at email@example.com
You may also opt out of receiving marketing communications at any time by selecting the unsubscribe option when you receive an electronic marketing communication from us. The withdrawal of your consent will not impact upon the lawfulness of processing based on your consent prior to the withdrawal.
We take our security responsibilities seriously, using the most appropriate physical and technical measures and require our hosting partner to use the same standard of care. Unfortunately, the transmission of information via the internet is not completely secure. Although we will always do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our Site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorized access. These are described in more detail below.
The Services are a SaaS based CRM (Customer Relationship Management) system and, as such, your personal data is not stored locally but on a secure server. No installs are required on your PC or laptop. Our web application is only accessible via HTTPS, which helps ensure your interactions with our app are secure and private.
Your personal data is stored on secure servers hosted on Amazon Web Services, a service provided by Amazon.com. These servers are located in the Ireland. Amazon Web Services participates in and has certified its compliance with the EU-US Privacy Shield Framework. You can read more about Amazon’s security policy on AWS Cloud Security.
Your personal data is backed up on a nightly basis. The Amazon server data centres are protected by physical barriers and guarded 24/7.
Data is encrypted using SSL Certification when transmitted from our servers to your browser. In the "security test" page we are graded A+. In addition to this, the connection from us to the server is secured using a 256 BIT ENCRYPTION key.
Our servers in Amazon's data centre are run in an isolated private network (Amazon Virtual Private Cloud Service). Access to the production environment where your personal data is stored is limited and is held by us. Only our authorized staff from the have access to our servers and this is on a 'need to access' basis. Access to personal data is limited to specific IP address.
New features and updates are developed and released on development servers prior to being pushed live to the main production environment. Extensive testing is undertaken by our Quality Team to ensure all new features are working correctly and the performance of the Site and Services is maintained.
The overall performance of the Site and Services is very important. NewRelic is a performance management solution used for tracking and monitoring the Site and Services. We also use Fabric and Sentry to analyze the Site’s and Services’ performance. To help avoid or minimize service interruptions, our servers are constantly monitored and a dedicated team are alerted immediately in case of any service disruptions.
Connection to the Services environment is via TLS cryptographic protocols, using global step-up certificates, ensuring that our users have a secure connection from their browsers to our service. Individual user sessions are identified verified using a unique token created at login. Email address is the unique identifier in the Services
Any changes made to this Policy from time to time will be published at the Site.
Any material or other change to the data processing operations described in this Policy which is relevant to or impacts on you or your personal data will be notified to you in advance by email. In this way, you will have an opportunity to consider the nature and impact of the change and exercise your rights under the GDPR in relation to that change (e.g., to withdraw consent or to object to the processing) as you see fit.