Esporting
All policies
Core

Privacy Policy

How we collect, use and protect personal data under UK GDPR.

Last updated: 19 May 2026Applies to: Everyone whose personal data Esporting processes — visitors, enquirers, event attendees, providers and learners.

This Privacy Policy explains how [Esporting Ltd] (the “controller”) collects and uses personal data in compliance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 and the Privacy and Electronic Communications Regulations (PECR). We are registered with the Information Commissioner's Office under reference [ICO reg. ZAXXXXXXX].

1.Personal data we collect

  • Contact data — name, email, phone, organisation when you enquire.
  • Booking data — event specification, venue, attendee numbers, dietary or accessibility requirements.
  • Safeguarding data — parental consent records, age verification where applicable.
  • Provider data — institution details and contact people for course listings.
  • Technical data — IP address, device type, browser, pages visited (via cookies — see Cookie Policy).
  • Media — photographs and video captured at events, subject to Media Consent.

2.Lawful bases for processing

  • Contract — to deliver booked events and services.
  • Legitimate interests — to respond to enquiries, improve the Site, and ensure security. Balanced against your rights.
  • Consent — for marketing email, optional cookies and media use where consent is required.
  • Legal obligation — for tax, safeguarding and incident records.
  • Vital interests — in genuine safeguarding emergencies.

3.Special category & children's data

Where we process special category data (e.g. health information needed for accessibility) or data relating to children under 13 (always with parental consent), we apply heightened controls and minimise data to what is strictly necessary.

4.Who we share data with

  • Venues and clients commissioning the event, only where strictly needed.
  • Sub-processors (hosting, email, analytics) under written data processing agreements.
  • Law enforcement or regulators where legally required.
  • We never sell personal data.

5.International transfers

Most data is stored in the UK or EEA. Where transfers to other countries occur (e.g. a US sub-processor), we rely on UK Addendum + EU Standard Contractual Clauses or an adequacy decision, and complete a transfer risk assessment.

6.Retention

  • Enquiries: 24 months from last contact.
  • Event records (contracts, RAMS, safeguarding logs): 6 years for legal/insurance reasons.
  • Marketing list: until you unsubscribe.
  • Server logs: 90 days.

7.Your rights

Under UK GDPR you have the right to: access, rectify, erase, restrict, port, object, and to withdraw consent at any time.

To exercise any right, email privacy@esporting.co.uk. We respond within one month.

8.Complaints to the ICO

You may complain to the Information Commissioner's Office at ico.org.uk or by calling 0303 123 1113. We'd appreciate the chance to resolve any issue first.

9.Security

We use TLS in transit, encrypted storage at rest where supported, access controls, MFA on admin accounts and routine review of sub-processors.

10.Data protection lead

Our Data Protection Lead is [Name, role], contactable at privacy@esporting.co.uk.

11.Changes

We will post any material changes to this policy on this page with an updated effective date.

Questions about this policy?

legal@esporting.co.uk