Northumbria Sport Privacy Policy

Northumbria Sport and Activity Participant and Membership Privacy Notice

 

1.Introduction and Data Controller

The University of Northumbria at Newcastle ("we", "our", "us") is registered with the Information Commissioners Office as a Data Controller - Registration Number Z7674926.We are committed to processing personal data in accordance with our obligations under the UK General Data Protection Regulation (GDPR) and related UK data protection Act 2018.

This privacy notice describes how and why we ‘Northumbria Sport’ process personal data in relation to past, current and prospective Northumbria Sport members, facilities users, volunteers and interns, and registered activity participants (“you”, “your”) for the purpose of processing your membership and/or participation with Northumbria Sport and explains how you can control the processing of your data or exercise your rights under the GDPR.

 

2.Why do we process your Personal Data?

 

We collect your personal data when you provide data to us through your enquiry and application to become a member, or user of Northumbria Sport, when you participate in our programmes or activities or when you register for and attend our events.

Data is further collected or updated through management of your membership, when you communicate with us, when you interact with our facilities and through our management and evaluation of your sports performance and development plans.

 

3.Categories of Personal Data we process

 

To carry out our activities and to deliver our obligations to you, we may collect, store, and process the following categories of personal data for the purpose of administering the relationship with you:

 

Personal data, or personal information, means any information about an individual from which that person can be identified. To carry out our activities and to manage our relationship with you, we may collect, store, and process the following categories of data:

 

Data Category

Example

 

Biographical

Name, title, staff/student number

 

Contact Details

Addresses, telephone

numbers, email address etc.

Administrative

Enquiry and correspondence records, application records etc.

 

Financial

Banking or payment card details, national insurance, salary

deduction/payroll number

Special category

(“Sensitive”) Personal Data

 

Data concerning your health fitness and sporting/athletic

performance. (e.g. relevant disability, relevant health issues,

etc)

 

Security Data

Building entry, CCTV images, security incident reports

 

Third Party

Emergency contact information

 

Photos and video

Performance images and footage, sports participation, events etc

 

 

 

4.The lawful basis for processing your data

 

The first principle of the General Data Protection Regulation (GDPR) requires that whenever an organisation processes personal data, it must be processed ‘lawfully, fairly and in a transparent manner’. This requires is to identify a lawful basis under Article 6 GDPR and Article 9 GDPR for special Category Data such as:

 

 

Article

Description

6(1)(a)

Data is required for the following activities, which have been identified as necessary “for the performance of our contract with you” or in the case of applicants, “in order to take steps prior to entering into a contract”.

 

 

• To respond to your enquiries, to receive and administer your application or registration, and to deal with any ongoing concerns or enquiries you have.

• To process payment of your membership or participation fees, and for the administration of renewals, including notification of upcoming membership expiry.

• To provide you with access to our events, facilities, services and activities.

• To provide you with operational information about the events, facilities, services and activities such as cancellation of sessions, closures or other relevant communications.

 

6(1)(b)

Data is also processed for the following activities, which have been identified as necessary “for us to comply with the law”:

 

• For monitoring compliance with and enforcement of relevant policies in relation to health and safety and security (prevention and detection of crime) - including the

use of CCTV, and safeguarding.

 

6(1)(c)

We may also process your personal data because it is necessary for our “legitimate interests or the legitimate interests of a third party”:

 

• To monitor and evaluate our performance and effectiveness

• To maintain and improve our facilities and the services available;

• To seek advice on our rights and obligations, such as where we require our own legal advice;

• To process the recovery of any money you owe to us.

• In relation the “establishment, exercise or defence of legal claims” or whenever courts are acting in their judicial capacity”.

 

 

 

6(1)(d)

Photography, video and social media

 

Photographs and video may be taken at our events and activities for use in communications, news and marketing materials including, but not limited to, our website and on social media channels, performance anaylsis and printed publicity. 

We will gain explicit written consent when:

  • You are the sole subject of the photograph, and we are going to use your image in printed materials

You are participating in an activity where you expect a higher level of privacy. E.g., a swimming pool session or sports massage

 

We may use your image or video footage without explicit written consent when:

  1. You are not the subject of the image, i.e., if it is a “group”/ “crowd” shot at an activity/event.
  2. We are publishing the image for journalistic purposes e.g., a match report of a sports fixture.
  3. You are participating in fixtures or training as part of a Northumbria Sports Club - This is outlined in the Terms & Conditions of the Club Membership and Scholarship contracts and in the Northumbria Sport Photography Policy.

Notifications will be put up in and around our facilities to inform you when such photography is taking place at events and activities. When we carry out specific photoshoot, written consent forms will be provided to all participants.

If you do not wish to be included in photography/video, you can highlight that to the photographer present or can ask for your digital image to be removed.

 

We may share fixture/competition images and video footage with partners and sponsors including organisations such as BUCS.

 

6(1)(e)

Video Analysis

Video footage may be taken of Sports Club members for performance analysis purposes as outlined in a scholarship contract or membership terms and conditions. Footage is stored securely on cloud-based software. On occasion, footage from video analysis cameras will be live streamed. In some cases, video footage will be shared on social media where applicable. Northumbria Sport will be using a variety of Spiideo and Veo cameras to capture this both have been approved by Northumbria University’s Legal Department.

 

6(1)(f)

Social media

We may use images/video on ‘live’ social media as outlined above including at events and fixtures. We will also publish post event images/videos on social media.

 

You have the right to object or restrict your image being taken or used. If you would like to exercise this right, please contact us as set out below.

 

9(2)(a)

Communications

All communication with you, including in relation to updates to this privacy notice, will, where possible be made via the preferred method of communication that you have registered with us.

 

We will contact you in relation to events and products that we believe are relevant to you based upon their similar nature to your engagement with us including: events, benefits and opportunities offered by us, or in relation to operational information (e.g. building closures etc).

 

If, at any stage, you are concerned about the content (e.g. unwanted marketing), frequency (too many) or method (change preference) of these communications, you can unsubscribe or update your preferences using the link which will be provided at the bottom of the relevant correspondence.

 

Should you unsubscribe from our marketing messages you will miss regular communications about our services and updates.

 

9(2)(c)

Personal Data may be shared with

From time to time, we may be required to share limited personal data with third parties

for specific purposes, including:

 

• Player registration with national governing bodies and leagues, for example BUCS, TASS etc

 

• With coaches, physiotherapists and other relevant sports or health care related partners where they are engaged as part of the delivery of our contract with you, for occupational health related purposes or with your explicit consent.

 

• With emergency services or your emergency contact where there is a vital interest.

 

• With the police or law enforcement agency if requested for the prevention or detection of crime.

 

• With your parent/guardian if you are between the ages of 5 – 11 (Kids Camps).

 

• The Health and Safety Executive.

 

• External auditors, insurance providers or appointed legal representation.

 

Any other disclosures that may be required but not listed above will be in accordance with your rights and the requirements of the GDPR.

 

9(2)(f)

Transfers to third party countries

Some of our IT services are hosted by organisations who may back up their data to locations based in third party countries. Where data is shared with third party countries, we ensure that these countries are either approved by the European Commission as having ‘adequate protection’ or we put in place ‘appropriate safeguards’ and contracts with these organisations, so as to maintain the security of the data and your rights under relevant Data Protection legislation.

 

There may also be limited sharing with organisation in third countries under specific events, for example Zambia Project.

 

9(2)(g)

How personal data is stored securely by Northumbria University

We have implemented appropriate physical, technical, and organisational security measures designed to secure your personal data against accidental loss and unauthorised access, use, alteration, or disclosure. In addition, we limit access to personal data to those employees, agents, contractors, and other third parties that have a legitimate business need for such access.

 

All of our employees, contractors and volunteers with access to personal data receive mandatory data protection training and have a contractual responsibility to maintain confidentiality and access to your data is restricted to those members of staff who have a requirement to access it.

 

We utilise many different storage solutions and IT systems, some of which are outsourced to third party providers. For example, email accounts are provided by the Microsoft Live@Edu service.

 

Where processing takes place with an external third party, processing takes place under an appropriate agreement outlining their responsibilities to ensure that processing is compliant with the Data Protection legislation and verified to be secure.

 

9(2)(h)

Automated individual decision making, including profiling

We may use ‘Profiling’ (where information about you is used to tailor goods or services based on your interests, movement or records of your activities) to identity and inform our marketing campaigns on social media and via email.

 

 

5.How do we keep your Personal Data Secure? 

 

We have implemented appropriate physical, technical, and organisational security measures designed to secure your personal data against accidental loss and unauthorised access, use, alteration, or disclosure. We limit access to personal data to those employees, agents, contractors, and other third parties that have a legitimate business need for such access.

 

6.How Long will your Personal Data Held?

 

We will retain your personal data for as long as it is required to fulfil the purpose for which is it held and then to fulfil any legal requirements.

Your data is held in compliance with Northumbria University’s retention schedule, which is published on our website.

We will keep your personal information for as long as you are a customer of Northumbria Sport. After you stop being a customer, we may keep your data for up to 6 years, or for 6 years after your 18th birthday where data is collected below that age) for one of these reasons:

 

• To respond to any questions or complaints.

• To show that we treated you fairly.

• To maintain records according to rules that apply to us.

 

We may keep your data for longer than if required to do so for legal reasons, or for limited research or statistical purposes for which it will be anonymised. If we do, we will make sure that your privacy is protected and only use it for those purposes.

 

7.What Are Your Rights Under GDPR

 

GDPR provides individuals a number of rights in relation to the processing of personal data, each of which may apply to differing degrees’ dependent upon the nature of the processing and the legal basis for it. You have the right to:

  1. Be informed as to how we use your data (via this privacy notice)
  2. Request access (a copy) of the personal information that we hold about you. 
  3. Correct inaccurate or incomplete data  
  4. Request that we stop sending you direct marketing communications.   

 

  

8.Data Protection Officer (DPO) Contact Details

 

Our Data Protection officer is Duncan James. To exercise your rights, or if you wish to raise a concern about our processing of your data, please contact the DPO on +44 (0)191 243 7357 or via email at dp.officer@northumbria.ac.uk.

 

9.Lodging a Complaint with the Information Commissioners Office (ICO)

 

If you are dissatisfied with our processing of your data, or a response to a complaint you have made to us, you have the right to complain to the ICO via Telephone: 0303 123 1113 (local rate) or 01625 545 745, via email: casework@ico.org.uk or for more information see Information Commissioner’s web site.

 

In certain circumstances, you may also have the right to: 

10. Changes to this privacy notice

We keep this privacy notice under regular review and will communicate any significant updates to you. This privacy notice was last updated in September 2025 and will be reviewed annually.