Northumbria Sport Privacy Policy

Northumbria Sport and Activity Participant and Membership Privacy Notice


  1. Data Controller

Northumbria Sport is a department of Northumbria University, a registered Data Controller with the Information Commissioner’s Office (‘ICO’), which is the supervisory authority responsible for the oversight and enforcement of Data Protection Legislation within the United Kingdom.


Registration Number: Z7674926


2. Overview


This privacy notice is a statement that describes how and why ‘Northumbria Sport’ (“we”, “our”, “us”) processes (‘collects’, ‘uses’, ‘retains’, ‘discloses’, ‘disposes of’) the personal data of past, current and prospective Northumbria Sport members, facilities users, volunteers and interns, and registered activity participants (“you”, “your”).


3. Where do we get your personal data from?


You provide data to us through your enquiry and application to become a member, or user of Northumbria Sport, when you participate in our programmes or activities or when you register for and attend our events.


Data is further collected or updated through management of your membership, when you communicate with us, when you interact with our facilities and through our management and evaluation of your sports performance and development plans.


4. Categories of personal data are processed by us


To carry out our activities and to deliver our obligations to you, we may collect, store, and process the following categories of personal data for the purpose of administering the relationship with you:


Data Category


Contact Details


Name, title, staff/student number, addresses, telephone

numbers, email address etc.



Enquiry and correspondence records, application records etc.



Banking or payment card details, national insurance, salary

deduction/payroll number

Special category

(“Sensitive”) Personal Data




Data concerning your health fitness and sporting/athletic

performance. (e.g. relevant disability, relevant health issues,



Security Data

Building entry, CCTV images, security incident reports


Third Party

Emergency contact information


Photos and video

Performance images, sports participation, events etc





5. Activities we process your personal data for and the lawful basis


Under Article 6 GDPR we must identify a basis for the "Lawfulness of processing" of our activities involving of your data. These are broadly described as: ‘Consent’, ‘Contract’, ‘Legal Obligation’, ‘Vital Interests’, ‘Public Interest (or Public Task)’ and ‘legitimate interests’.


Data is required for the following activities, which have been identified as necessary “for the performance of our contract with you” or in the case of applicants, “in order to take steps prior to entering into a contract”.


• To respond to your enquiries, to receive and administer your application or registration, and to deal with any ongoing concerns or enquiries you have.

• To process payment of your membership or participation fees, and for the administration of renewals, including notification of upcoming membership expiry.

• To provide you with access to our events, facilities, services and activities.

• To provide you with operational information about the events, facilities, services and activities such as cancellation of sessions, closures or other relevant communications.


Data is also processed for the following activities, which have been identified as necessary “for us to comply with the law”:


• For monitoring compliance with and enforcement of relevant policies in relation to health and safety and security (prevention and detection of crime) - including the

use of CCTV, and safeguarding.


We may also process your personal data because it is necessary for our “legitimate interests or the legitimate interests of a third party”:


• To monitor and evaluate our performance and effectiveness

• To maintain and improve our facilities and the services available;

• To seek advice on our rights and obligations, such as where we require our own legal advice;

• To process the recovery of any money you owe to us.

• In relation the “establishment, exercise or defence of legal claims” or whenever courts are acting in their judicial capacity”.



Photography, video and social media


Photographs and video may be taken at our events and activities for use in communications, news and marketing materials including, but not limited to, our website and on social media channels.


We will gain explicit written consent when:

  1. You are the sole subject of the photograph, and we are going to use your image in printed materials
  2. You are participating in an activity where you expect a higher level of privacy. E.g., a swimming pool session or sports massage

We may use your image without explicit written consent when:

  1. You are not the subject of the image, i.e., if it is a “group”/ “crowd” shot at an activity/event.
  2. We are publishing the image for journalistic purposes e.g., a match report of a sports fixture.
  3. You are participating in fixtures or training as part of a Northumbria Sports Club - This is outlined in the Terms & Conditions of the Club Membership and Scholarship contract.

Notifications will be put up in and around our facilities to inform you when such photography is taking place at events and activities

If you do not wish to be included in photography/video, you can highlight that to the photographer present or can ask for your digital image to be removed.


We may share fixture/competition images with partners and sponsors including organisations such as BUCS.


Video Analysis

Video footage may be taken of Sports Club members for performance analysis purposes as outlined in a scholarship contract or membership terms and conditions. Footage is stored securely on cloud-based software. On occasion, footage from video analysis cameras will be live streamed.


Social media

We may use images/video on ‘live’ social media as outlined above including at events and fixtures.


You have the right to object or restrict your image being taken or used. If you would like to exercise this right, please contact us as set out below.



All communication with you, including in relation to updates to this privacy notice, will, where possible be made via the preferred method of communication that you have registered with us.


We will contact you in relation to events and products that we believe are relevant to you based upon their similar nature to your engagement with us including: events, benefits and opportunities offered by us, or in relation to operational information (e.g. building closures etc).


If, at any stage, you are concerned about the content (e.g. unwanted marketing), frequency (too many) or method (change preference) of these communications, you can unsubscribe or update your preferences using the link which will be provided at the bottom of the relevant correspondence.


Should you unsubscribe from our marketing messages you will miss regular communications about our services and updates.


6. Personal Data may be shared with


From time to time, we may be required to share limited personal data with third parties

for specific purposes, including:


• Player registration with national governing bodies and leagues, for example BUCS TASS etc


• With coaches, physiotherapists and other relevant sports or health care related partners where they are engaged as part of the delivery of our contract with you, for occupational health related purposes or with your explicit consent.


• With emergency services or your emergency contact where there is a vital interest.


• With the police or law enforcement agency if requested for the prevention or detection of crime.


• With your parent/guardian if you are between the ages of 5 - 13.


• The Health and Safety Executive.


• External auditors, insurance providers or appointed legal representation.


Any other disclosures that may be required but not listed above will be in accordance with your rights and the requirements of the GDPR.


7. Transfers to third party countries


Some of our IT services are hosted by organisations who may back up their data to locations based in third party countries. Where data is shared with third party countries, we ensure that these countries are either approved by the European Commission as having ‘adequate protection’ or we put in place ‘appropriate safeguards’ and contracts with these organisations, so as to maintain the security of the data and your rights under relevant Data Protection legislation.


There may also be limited sharing with organisation in third countries under specific events, for example Zambia Project.


8. How personal data is stored securely by Northumbria University


We have implemented appropriate physical, technical, and organisational security measures designed to secure your personal data against accidental loss and unauthorised access, use, alteration, or disclosure. In addition, we limit access to personal data to those employees, agents, contractors, and other third parties that have a legitimate business need for such access.


All of our employees, contractors and volunteers with access to personal data receive mandatory data protection training and have a contractual responsibility to maintain confidentiality and access to your data is restricted to those members of staff who have a requirement to access it.


We utilise many different storage solutions and IT systems, some of which are outsourced to third party providers. For example, email accounts are provided by the Microsoft Live@Edu service.


Where processing takes place with an external third party, processing takes place under an appropriate agreement outlining their responsibilities to ensure that processing is compliant with the Data Protection legislation and verified to be secure.


9. Automated individual decision making, including profiling


We may use ‘Profiling’ (where information about you is used to tailor goods or services based on your interests, movement or records of your activities) to identity and inform our marketing campaigns on social media and via email.


10. Cookies on our Website


Our website uses ’cookies’, when you visit a site which help us understand how you use our websites. Some of our cookies remain on your computer after you leave the website, others are deleted automatically when you close your browser and others expire after a given period. The following table provides a list of the cookies used on our website along with information about how long they will remain active for, and or how you can disable them manually. Please note Northumbria University does not control dissemination of 3rd party cookies you should check the relevant third party website for more information about these.

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.

Cookie Name



This cookie is native to PHP applications. The cookie is used to store and identify a users' unique session ID for the purpose of managing user session on the website. The cookie is a session cookie and is deleted when all the browser windows are closed.


Performance Cookies

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.

Cookie Name



The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.


Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.


This cookie is installed by Google Universal Analytics to restrain request rate and thus limit the collection of data on high traffic sites.


As with most web servers, our web servers automatically collect the following information:

  • Requested URL (Uniform Resource Locator)
  • IP (Internet Protocol) address (this may or may not identify a specific computer)
  • Domain name from which you access the internet
  • Referring URL
  • Software (browser/operating system) used to access the page


11 How long personal data held by Northumbria University


Your data is held in compliance with Northumbria University’s retention schedule, which is published on our website.


We will keep your personal information for as long as you are a customer of Northumbria Sport. After you stop being a customer, we may keep your data for up to 6 years, or for 6 years after your 18th birthday where data is collected below that age) for one of these reasons:


• To respond to any questions or complaints.

• To show that we treated you fairly.

• To maintain records according to rules that apply to us.


We may keep your data for longer than if required to do so for legal reasons, or for limited research or statistical purposes for which it will be anonymised. If we do, we will make sure that your privacy is protected and only use it for those purposes.


11.Your Rights under GDPR


Under the GDPR, you have a number of rights in relation to the processing of your

personal information, each of which may apply to differing degrees’ dependent upon

the nature of the processing and the legal basis for it. You have the right to:


Be informed as to how we use your data (via this privacy notice)

Request access (a copy) of the personal information that we hold about you.

Correct inaccurate or incomplete data

• Request that we stop sending you direct marketing communications.


In certain circumstances, you may also have the right to:


Ask to have certain data ‘erased by us.

Request that we restrict certain processing of your personal data.

Request that we provide any data you submitted to us electronically be returned

    to you or passed to a third party as a data file.

Object to certain processing of your personal data by us


In some cases, there may be specific exemptions as to why we aren’t able to comply with some of the above. Where this is the case, we will explain the reasons why.


• For more information about any of the above please see the GDPR pages of our website.

• In order to exercise any of the above rights, please contact the Data Protection Officer (details below).


12. Data Protection Officer


The Data Protection Officer (DPO) for Northumbria University is Duncan James.

Contact the DPO if you would like to:


• Receive a copy of your data.

• Have any questions you feel have not been covered by this Privacy Notice

• Have any concerns about the processing of your data

• Wish to make a complaint about the processing of your data


You can email at or call +44 (0)191 243 7357


13. Lodging a Complaint with the Information Commissioners Office (ICO)


If you are dissatisfied with our processing of your data, or a response to a complaint

you have made to us about it, you have the right to complain to the ICO.


Information Commissioner's Office

Wycliffe House

Water Lane




Telephone: 0303 123 1113 (local rate) or 01625 545 745

For more information see Information Commissioner’s web site.


14. Changes to this privacy notice

We keep this privacy notice under regular review and will communicate any significant updates to you. This privacy notice was last updated in July 2022 and will be reviewed annually.