Engagesport is a sports marketing agency specialising in sponsorship acquisition and activation, event management and the management of professional rugby players. For more information see about us here.

 

This document (our “privacy notice”) sets out information relating to how we use personal information relating to individuals we have dealings with, including clients, contacts, website users and other 3rd parties. It also sets out information about what rights individuals have in relation to their personal information and various other matters required under data protection law.

 

In particular, this privacy notice provides information to individuals about how they can object to our use of their personal information (see “What rights do you have under data protection law?” section below), how they can withdraw any permissions they have given to us to enable us to process their personal information (see “When and how can you withdraw your consent” section below) and how they can make a complaint (see “Right to complain to the information commissioner’s officer” section below).

This privacy notice applies to:

  • our clients;
  • individuals who attend and host our events;
  • individuals who use our website;
  • individuals who contact us with enquiries;
  • individuals who engage with us on social media;
  • individuals who access our premises or the surrounding areas and who may be recorded on our CCTV system;

In the sections below, when referring to the individuals listed above, we use the terms “you” or “your”.

We take your privacy extremely seriously and want you to feel confident that your personal information is safe in our hands.

 

We will only use your personal information in accordance with data protection law applicable to England and Wales from time to time.

 

Under data protection law, when we use your personal information, we will be acting as a data controller. This means that we will be making decisions about how we want to use your personal information and why.

 

Below, we summarise the main rules that apply to us under data protection law when we use your personal information:

 

1. We must be upfront about how we intend to use your personal information and must use your personal information fairly. Providing privacy information to individuals (such as in this privacy notice) is one aspect of using personal information fairly.
2. We must only use your personal information if we have a legal basis to do so under data protection law. These legal bases include:

  • That you have consented to our use of your personal information;
  • That we need to use your personal information to perform a contract between us (or to take steps at your request prior to entering into a contract);
  • That we (or someone else) has a legitimate reason for needing to use your personal information and those legitimate interests are not outweighed by your rights or interests. We must balance our respective rights and interests before we can rely upon this legal basis;
  • We need to use your personal information to comply with laws we are subject to.

 

3. We are only permitted to share your personal information with others in certain circumstances and if we take steps to ensure that your personal information will be secure.
4. Generally speaking, we must only use your personal information for the specific purposes we have told you about. If we want to use your personal information for other purposes, we need to contact you again to tell you about this.
5. We must not hold more personal information than we need for the purposes we have told you about and must not retain your personal information for longer than is necessary for those purposes (this is known as the “retention period”). We must also dispose of any information that we no longer need securely.
6. We must ensure that we have appropriate security measures in place to protect your personal information.
7. We must act in accordance with your rights under data protection law.
8. We must not transfer your personal information outside the European Economic Area (“EEA”) unless certain safeguards are in place for example that the personal data is being transferred to a country that has been approved by the European Commission as having an acceptable level of data protection law, or that we have obtained your explicit consent to the transfer of your personal data.

 

How we will use your personal information, the legal bases we will rely upon, how long we will keep your personal information and other details will depend upon who you are and why we need your personal information in the first place.

 

In this section, we provide specific privacy information relating to the different categories of individuals that this privacy notice applies to.

 

OUR CLIENTS (ATHLETES)

What personal information we will use
  • Your name;
  • Your address;
  • Your email address;
  • Your telephone number;
  • Your date of birth;
  • Record of your education and work history;
  • Personal statistics (e.g. height, weight etc.)
  • Financial information
How we will obtain the personal information
  • Provided by you to us when you engage us to act as your agent.
  • Obtained from another source for example internet research or 3rd parties.
What purposes we will use the personal information for
  • We will use personal information to supply agency services to you and to communicate with you.
  • In addition, we will use your contact information to send you marketing material and news about our events. Further details of when and how we will do this, our legal basis for doing so and the marketing material we will send to you are set out here.
  • We will also use your personal information for a variety of internal purposes (such as those listed below)
  • To operate and maintain our internal IT systems, such as our document management system;
  • For the purposes of internal record keeping;
  • For the purposes of complying with our internal policies and procedures;
  • For the purposes of training and quality control;
  • To ensure confidentiality and the security of personal data;
  • To create and update client records; and
The legal bases for processing we rely upon
  • Our use of your personal information in connection with the supply of agency services to you, is necessary for the performance of the contract between us;
  • Our use of your personal information for our internal administrative purposes is based on our legitimate interests in ensuring that our business is run properly and efficiently.
How long we retain the personal information and why
  • We usually keep records relating to any engagement for 7 years from the end of our contract with you, in case any contractual disputes.
Consequences of not providing/permitting us to obtain personal information
  • Without your name, contact details and payment information we will be unable to supply agency services to you.

 

OUR CLIENTS (CORPORATES)

What personal information we will use
  • Your name;
  • Your address;
  • Your email address;
  • Your telephone number;

 

How we will obtain the personal information
  • Provided by you to us when you engage us to act as agent on behalf of your organisation.
  • Obtained from another source for example internet research or 3rd parties.
What purposes we will use the personal information for
  • We will use your name, address and other contact details to supply agency services to your organisation and to communicate with you.
  • In addition, we will use your personal information to send you marketing material and news about our events. Further details of when and how we will do this, our legal basis for doing so and the marketing material we will send to you are set out here.
  • We will also use your personal information for a variety of internal purposes (such as those listed below)
  • To operate and maintain our internal IT systems, such as our document management system;
  • For the purposes of internal record keeping;
  • For the purposes of complying with our internal policies and procedures;
  • For the purposes of training and quality control;
  • To ensure confidentiality and the security of personal data;
  • To create and update client records; and
  • To carrying out statistical analysis

 

The legal bases for processing we rely upon
  • Our use of your personal information in connection with the supply of agency services to your organisation, is necessary for the performance of the contract between us and your organisation;
  • Our use of your personal information for our internal administrative purposes is based on our legitimate interests in ensuring that our business is run properly and efficiently.
How long we retain the personal information and why
  • We usually keep records relating to any engagement for 7 years from the end of our contract with you, in case any contractual disputes.
Consequences of not providing/permitting us to obtain personal information
  • Without your name, contact details and payment information we will be unable to supply agency services to your organisation.

 

INDIVIDUALS WHO CONTACT US WITH ENQUIRIES

What personal information we will use
  • Your name;
  • Your contact details (such as your telephone number or email address);
  • Details of your enquiry.
How we will obtain the personal information
  • Provided by you when you contact us (e.g. by making a phone call or emailing us) or make an enquiry at our premises.
What purposes we will use the personal information for
  • We will use the personal information to deal with your enquiry;
  • We will also make a record of your enquiry for internal administrative purposes.
The legal bases we rely upon
  • Our use of your personal information in dealing with your enquiry is based on your implied consent and our legitimate interests in ensuring our business is run efficiently and effectively;
  • Our use of your personal information for record keeping purposes is based on our legitimate interests in ensuring our business is run efficiently and effectively.
How long we retain the personal information and why
  • Records of emails are kept as long as is necessary to deal with your enquiry. Emails are deleted periodically in accordance with our IT systems.

 

 

INDIVIDUALS WHO USE OUR WEBSITE

What personal information will we use?
  • Technical information about the devices you use to access our website including your internet protocol address, browser type and version, time zone setting and location, browser plug in type and version, operating system and platform;

 

  • Usage data about how you use our website, including the full Uniform Resource Locators (“URL”), clickstream to, through and from our website (including date and time, services you viewed or searched for, page response times, download errors, length of visit to certain pages, page interaction information (such as scrolling clicks and mouse-overs), form submissions, accessing other content (e.g. video content) and methods used to navigate away from the page.
How will we obtain it?
  • The above information will be obtained by us automatically using cookies, server logs and other similar technologies whenever you use our website. Further information about the cookies we use and the purposes for which we use them can be found in our Cookie Policy.
What purposes will we use it for and what legal bases will we rely upon to do so? The above information is used by us to:

  • enable us to run our website;
  • help us to improve our website;
  • track usage of our website;
  • ensure that our website meets our customers’ needs
  • and in the other ways described in our Cookie Policy.

 

  • The legal basis we rely upon to collect and use your personal information in this way are our legitimate interests in ensuring that our website functions effectively and, in relation to certain cookies used by us or third parties, our legitimate interests in promoting our business services.

 

  • Information relating to your ability to accept or reject/disable certain cookies is set out in our Cookie Policy.
Important consequences if you do not provide the personal information we ask for
  • If you reject/disable any of our cookies, you will be unable to use certain parts of/functions on our website.

 

  • Further information about this can be found in our Cookie Policy.

 

INDIVIDUALS WHO ENGAGE WITH US ON SOCIAL MEDIA

What personal information we will use
  • Your name/user name;
  • Your location data;
  • Personal information contained in your posts.

 

How we will obtain the personal information
  • From the relevant social media site/your posts
What purposes we will use the personal information for
  • To interact with you on the relevant social media site;
  • We won’t use the above information for any other purpose.

 

The legal bases we rely upon
  • The legal basis that we will rely upon to do so will be the consent provided by you when you agreed to the terms and conditions of use relating to the relevant social media site
How long we retain the personal information and why
  • Your personal data will be retained in accordance with the retention policy of the relevant social media site.

INDIVIDUALS WHO ATTEND EVENTS 

What personal information will we use?
  • Your name;
  • Your address;
  • Your email address;
  • Your telephone number;
  • Dietary preferences;
  • Financial information.
How we will obtain it?
  • Provided by you to us; or
  • Obtained from another source for example a 3rd party.
What purposes we will use it for and what legal bases will we rely upon to do so?
  • We will use your personal information in connection with the administration of the event.
  • In addition, we will use your personal information to send you marketing material and news about our events. Further details of when and how we will do this, our legal basis for doing so and the marketing material we will send to you are set out here.
  • Our use of your personal information is based on our legitimate interests in ensuring the proper and effective organisation of the event.
How long we retain the personal information and why
  • We will only retain your information for the duration of the event in question (save for your contact details for marketing purposes).

 

INDIVIDUALS WHO HOST EVENTS

What personal information will we use?
  • Your name;
  • Your address;
  • Your email address;
  • Your telephone number;
  • Dietary preferences;
  • Financial information
How we will obtain it?
  • Provided by you to us; or
  • Obtained from another source for example a 3rd party.
What purposes we will use it for and what legal bases will we rely upon to do so?
  • We will use your personal information in connection with administration of the event.
  • Our legal basis for using your personal information is that is it necessary for the performance of a contract to which you are a party.

 

INDIVIDUALS WHO WORK FOR SPONSORS OR PROSPECTIVE SPONSORS

What personal information will we use?
  • Your name;
  • Your address;
  • Your email address;
  • Your telephone number;

 

How we will obtain it?
  • Provided by you to us;
  • Obtained from a third-party source such as Business Development platforms.
What purposes we will use it for and what legal bases will we rely upon to do so?
  • We will use your personal data to contact you in relation to business development opportunities for you or your organisation.
  • Our use of your personal information is based on our legitimate interests in providing agency services to our clients and business development.
How long we retain the personal information and why
  • We will retain your personal information unless and until you inform us that you no longer wish to be contacted by us.

 

INDIVIDUALS CAPTURED ON OUR CCTV SYSTEM

What personal information will we use?
  • Your image;
  • Dates and times you access our premises.
How we will obtain it?
  • Automated CCTV recordings.
What purposes we will use it for and what legal bases will we rely upon to do so?
  • We will use the above information for security purposes. Our legal basis for doing so is our legitimate interest in ensuring that our premises are secure.
How long we retain the personal information and why
  • CCTV images are stored on a hard drive for 30 days for reference purposes.
  • In the event that any CCTV imagery is required in connection with a security incident, it is copied on to a disk and retained until the relevant incident has been dealt with (whether internally or externally by law enforcement agencies).

In addition to data protection law, if we use your personal information for direct marketing purposes, we may also be subject to additional rules that regulate direct marketing. The term “direct marketing” essentially means directing marketing material or advertising at a particular individual.

 

To ensure compliance with both data protection laws and the specific rules relating to direct marketing, we will only use your personal information to tell you events, activities and services which we think may be of interest to you in the circumstances outlined below:

Direct marketing by telephone or post

 

We will only contact you in this way if you have given us your express consent to do so.
Direct marketing by email, text or other forms of electronic communication

 

We will only contact you in this way if:

  • you have given us your express consent to do so; or
  • you are an existing client or have attended our events and we want to tell you about similar products or services that may be of interest to you and you have not opted out of receiving such communications.

 

 

Our legal bases for such processing under data protection law will either be your consent or reliance upon our legitimate interests in developing our business.

 

We will retain your personal information unless and until you inform us that you no longer wish to receive direct marketing information from us. You can ask us to stop sending direct marketing to you at any time by contacting us using the details set out here or emailing liz.williams@engagesport.com.

Sometimes, we will need to share your personal information with others. This section sets out details of who we will share your personal information with and why. It also tells you about our legal basis for doing so under data protection law and steps we will take to protect your personal information.

 

We will never sell your personal information on to third parties.

PROVIDERS OF INFORMATION TECHNOLOGY SERVICES

Who will we be sharing your personal information with?
  • Suppliers of information technology products and services. We haven’t included the names of our IT providers in this privacy notice because their identity will change from time to time. However, if you would like further information about any of our current IT providers, please contact us using the details set out here.
Why we need to share your personal information with such providers
  • We use suppliers of information technology products and services in connection with the supply, maintenance and/or improvement of our IT network and the creation, development hosting and maintenance of our website.
The legal bases we rely upon when sharing your personal information
  • We rely upon our legitimate interests in ensuring that our business can function properly and efficiently and that our IT network is secure.
What precautions do we take?
  • We enter into contracts with our IT providers which require them to put appropriate security measures in place and which restrict their use of your personal information.

 

OTHER THIRD PARTIES

We may also need to share your personal information with others in the following circumstances:

If we sell, transfer or merge parts of our business or our assets As we continue to develop our business we may choose to sell, transfer or merge parts of our business or our assets.  Alternatively, we may seek to acquire other businesses or merge with them. During any such process, we may need to disclose your personal information to other parties (such as potential purchasers or investors). Where we do so, we will be relying upon our legitimate business interests.

 

However, we will only share your personal information in this way if the third parties in question agree to keep your personal information safe and private.

 

Also, if, for example, a merger happens, the purchaser will only be able to use your personal information in the ways set out in this privacy notice.

Legal or regulatory requirements On occasion, we may be required to disclose your personal information to organisations such as the courts or the police to comply with legal obligations we are subject to and/or to prevent fraud or crime.
Protecting our business From time to time we may need to disclose your personal information in connection with steps we need to take to protect our business interests or property.
Professional advice and legal action We may need to disclose your personal information to our professional advisers (for example, our lawyers and accountants) in connection with the provision by them of professional advice and/or the establishment or defence of legal claims.

 

We will only send your personal data outside the EEA in the following situations:

  • To comply with a legal obligation;

 

  • It is necessary for the performance of a contract between us or the performance of a contract concluded in your interest.

If we do transfer your personal data outside the EEA, we will use one of these safeguards to make sure it is protected:

 

  • We will put a written contract in place between us and the recipient that incorporates EC model clauses relating to the transfer of personal data outside the EEA. You can find out more about such clauses here ICO/international transfers; or

 

  • We will only transfer it to businesses that have signed up to a special agreement between the EU and the USA known as the Privacy Shield;

 

  • We have obtained your explicit consented to the transfer, having informed you of the possible risks of such transfers due to the absence of an adequacy decision and appropriate safeguards.

We take various steps to protect your personal information while it is in our possession, including:

  • Implementation of appropriate security measures to protect our IT infrastructure;
  • Encryption of moveable data (e.g. laptops, mobile phones);
  • Next generation anti-virus software is implemented across all devices;
  • Access to our IT network is username and password protected;
  • Implementation of internal data security policies and training for members of staff in relation to such policies;
  • Regular reviews of data security measures implemented by service providers who may handle your personal data;
  • Regular crisis management exercises to ensure that we can respond to a cyber attack or data security incident quickly and effectively;
  • Penetration testing of systems;

Under data protection law, you have a number of different rights relating to the use of your personal information. The table below contains a summary of those rights and our obligations. More information about your rights and our obligations can be found on the ICO website https://ico.org.uk/.

 

Your rights What this involves What our obligations are
A right of access

 

This is a right to obtain access to your personal data and various supplementary information.
  • We must provide you with a copy or your personal information and the other supplementary information without undue delay and in any event within 1 month of receipt of your request;
  • We cannot charge you for doing so save in specific circumstances (such as where you request further copies of your personal information).
A right to have personal data rectified

 

  • This is a right to have your personal information rectified if it is inaccurate or incomplete.

 

  • We must rectify any inaccurate or incomplete information without undue delay and in any event within 1 month of receipt of your request;
  • If we have disclosed your personal information to others, we must (subject to certain exceptions) contact the recipients to inform them, that your personal information requires rectification.
A right to erasure

 

  • This is a right to have your personal information deleted or removed.
  • This right only applies in certain circumstances (such as where we no longer need the personal information for the purposes for which it was collected).
  • We have the right to refuse to delete or remove your personal data in certain circumstances.

 

  • If this right applies, we must delete or remove your personal information without undue delay and in any event within 1 month of receipt of your request;
  • If we have disclosed your personal information to others, we must (subject to certain exceptions) contact then recipients to inform them that your personal information must be erased.
A right to data portability

 

  • This is a right to obtain and re-use your personal information for your own purposes;
  • It includes a right to ask that your personal information is transferred to another organisation (where technically feasible).
  • This right only applies in certain limited circumstances.

 

  • If this right applies we must provide your personal information to you in a structured, commonly used and machine reasonable form
  • Again, we must act without undue delay and in any event within 1 month of receipt of your request;
  • We cannot charge you for this service.

 

A right to object

 

  • This is a right to object to the use of your personal information.
  • The right applies in certain specific circumstances only.
  • You can use this right to challenge our use of your personal information based on our legitimate interests;
  • You can also use this right to object to use of your personal information for direct marketing

 

  • If you object to us using your personal information for direct marketing, we must stop using your personal information in this way as soon as we receive your request.
  • If you object to other uses of your personal information, whether we have to stop using your personal information will depend on the particular circumstances.

 

A right to object to automated decision making

 

  • This is a right not to be subject to a decision which is made solely on the basis of automated processing of your personal information where the decision in question will have a legal impact on you or a similarly significant effect.

 

  • Where such a decision is made, you must be informed of that fact as soon as reasonably practicable;
  • You then have 21 days from receipt of the notification to request that the decision is reconsidered or that a decision is made that is not based solely on automated processing;
  • Your request must  be complied with within 21 days.
A right to restrict processing

 

  • This is a right to ‘block’ or suppress processing of your personal information.
  • This right applies in various circumstances, including where you contest the accuracy of your information).

 

  • If we are required to restrict our processing of your personal information we will be able to store it but not otherwise use it.
  • We may only retain enough information about you to ensure that the restriction is respected in future.
  • If we have disclosed your personal information to others, we must (subject to certain exceptions) contact them to tell them about the restriction on use.

 

 

If you wish to exercise any of your rights, can make a request by contacting us using the details set out here or email liz.williams@engagesport.com.

 

If you request the exercise of any of your rights we are entitled to ask you to provide us with any information that may be necessary to confirm your identity.

If you have given us your consent to use any of your personal information, you can withdraw your consent at any time. To do so, please contact us using the details set out here or email liz.williams@engagesport.com.

You can get in touch with us in the following ways:

Postal address Dumfires House, Dumfries Place, Cardiff CF10 3ZF.
Email address Liz.williams@engagesport.com
Phone number 0044 (0)29 2039 1725

If we are unable to deal with a complaint to your satisfaction or if you are unhappy with the way we are using your personal data, you also have the right to make a complaint at any time to the UK’s supervisory authority for data protection issues, the Information Commissioner’s Office.

We may update this privacy notice from time to time. If we make any substantial updates, we will provide you with a new privacy notice. We may also notify you in other ways from time to time about the processing of your personal information.