top of page
Untitled-2.png

Privacy policy

Untitled-2.png

Privacy Policy — Blackheath Rhinos

Last updated: 25 April 2026

1.Who we are

Blackheath Rhinos is responsible for the personal data collected through our website, mobile app, registration forms, booking systems, communications and club activity.

Data controller: Blackheath Rhinos Limited
Address: 98a Hervey Road Playing Fields, SE3 8BU
Email: info@blackheathrhinos.co.uk
Phone: 07544973698

This Privacy Policy applies to:

  • our website

  • our mobile app

  • online and offline registration forms

  • bookings, enquiries and payments

  • training, matches, camps, events and club administration

  • safeguarding, welfare and incident handling connected to the club

2.What this policy covers

This policy explains:

  • what personal data we collect

  • how we use it

  • our lawful bases for using it

  • when we share it

  • how long we keep it

  • your rights under UK data protection law

  • how website cookies, app data and third-party services may be used

Under the UK GDPR, people have rights including the right to be informed, access, rectification, erasure, restriction, objection and, in some cases, portability.

3. The people whose data we collect

We may collect personal data about:

  • players

  • parents and carers

  • prospective players and families

  • volunteers, coaches, managers and club officials

  • camp and event attendees

  • people who contact us through the website, app, email, phone or forms

4. The personal data we collect

Identity and contact data

  • names

  • postal addresses

  • email addresses

  • telephone numbers

  • date of birth

  • emergency contact details

  • parent/carer details

Player and participation data

  • age group or team information

  • booking and attendance records

  • match, training and programme participation records

  • membership status

  • communication history relating to club activity

Payment and transaction data

  • booking details

  • payment confirmations

  • subscription status

  • invoice and receipt information

We do not normally store full payment card details ourselves where payments are processed by third-party payment providers.

Health, medical and welfare data

Where relevant for safe participation, we may collect:

  • medical conditions

  • allergies

  • injuries

  • medication information

  • additional needs

  • accident or incident details

  • safeguarding or welfare concerns

Medical and safeguarding information is higher-risk personal data and should only be collected where needed for safe participation, welfare, safeguarding or legal obligations. The ICO treats health data as special category data requiring an additional condition for processing, and The FA’s safeguarding framework expects clubs with youth teams to have clear safeguarding processes and a Welfare Officer.

Photo, video and media data

We may collect or receive photographs and video for legitimate club purposes, subject to our consent settings and safeguarding procedures.

The FA has specific safeguarding guidance for photographing and filming children, including the risk of misuse, resharing and identifying children.

Technical and usage data

When you use our website or app, we or our service providers may collect:

  • IP address

  • browser type

  • device type

  • operating system

  • app version

  • pages or screens viewed

  • usage events

  • diagnostic data

  • crash reports

  • cookie and consent preferences

Only include this section if it is true for your actual app and site setup. If you use analytics, crash reporting, push notifications or similar tools, your app store disclosures must match what the app really does.

5. How we collect personal data

We collect personal data:

  • directly from you when you fill in forms, make bookings or contact us

  • from parents or guardians registering children

  • from club officials, coaches or managers where relevant to club administration

  • through website forms, cookies and app events

  • from payment providers confirming payment status

  • through safeguarding, welfare, incident or disciplinary reporting where necessary

6. How we use personal data

We may use personal data to:

  • register players and manage membership

  • arrange training, matches, camps, events and club activity

  • communicate important information, updates and reminders

  • process bookings and payments

  • provide customer support

  • manage attendance and participation

  • protect the safety and welfare of players and other members

  • handle safeguarding concerns, complaints, incidents and disciplinary matters

  • meet our obligations to football authorities, leagues and regulators

  • improve our website, app and services

  • maintain security, detect misuse and troubleshoot issues

  • send marketing updates where you have chosen to receive them

The FA’s website guidance for youth clubs expects visible safeguarding information, and its safeguarding materials require clubs to have procedures and roles in place to respond to welfare concerns.

7. Our lawful bases

We rely on one or more of the following lawful bases under UK data protection law:

Contract

Where processing is necessary to provide club services, bookings, memberships, subscriptions, training, camps, app access or related administration.

Legal obligation

Where we need to keep records or share information to comply with legal, regulatory, safeguarding, insurance, tax or football-governance obligations.

Legitimate interests

Where we have a legitimate interest in running and improving the club, website and app, protecting users, preventing misuse, ensuring security and administering activity, provided those interests are not overridden by your rights.

Consent

Where consent is the appropriate basis, including:

  • optional marketing communications

  • optional photography or promotional media use where your process relies on consent

  • non-essential cookies or tracking where required

Special category data

Where we process health or similar sensitive data, we do so only where necessary and on an appropriate lawful condition, such as explicit consent or safeguarding/protective purposes where applicable.

8. Children’s data

Blackheath Rhinos provides football activity for children and families. Children’s personal data must be provided and managed by a parent or legal guardian unless a different process is clearly permitted and age-appropriate. We ask parents/carers not to let children submit personal data independently where parental involvement is required. If we learn that we have collected a child’s personal data without appropriate parental or legal authority where this was required, we will take steps to delete or correct it where appropriate.

Google Play requires developers to declare target age groups and says apps that include children in their target audience must comply with the Families Policy requirements and provide a privacy policy. Apple’s developer guidance also requires child-safe, age-appropriate experiences and stronger privacy protections in apps used by children.

9. Safeguarding, welfare and incident data

Because we work with children, we may need to collect, use and share data connected to:

  • injuries and accidents

  • medical needs affecting participation

  • safeguarding concerns

  • welfare concerns

  • conduct issues

  • incident reporting

We only use this information where reasonably necessary to keep children and participants safe, to operate the club responsibly, or where required by law or football regulation.

 

Where appropriate, we may share relevant information with:

  • The FA

  • the County FA

  • leagues or competition organisers

  • medical professionals

  • safeguarding authorities

  • police or local authorities

  • insurers or legal advisers

The FA expects youth clubs to have a Welfare Officer and safeguarding procedures, and its website guidance says safeguarding policies and reporting routes should be visible on the website.​

10. Photos and video

We may take or use photographs and video for legitimate club purposes, including:

  • celebrating participation and achievement

  • communication with members

  • coaching and development

  • website and app content

  • social media

  • promotional materials

Where our process relies on consent, parents/carers can opt out of promotional photography or filming for their child. Parents/carers and spectators must not take or share images in a way that is inappropriate, intrusive, unsafe or contrary to club rules. The FA’s guidance on photographing and filming children says clubs should think carefully about consent, identification risks, online resharing and the potential misuse of images.

Security

We use access controls, encryption in transit, least-privilege access, and monitoring. No system is 100% secure, but we work to protect your data and review controls regularly.

Contact

Questions or requests: info@blackheathrhinos.co.uk
Postal: Blackheath Rhinos Limited, 20 Reynolds Place, Blackheath, SE3 8SX, UK.

bottom of page