Last Reviewed Date: 28th October 2021
Introduction ‘Athlete Business School Ltd’; ‘we’; ‘our’; ‘us’; and ‘the company’ means Athlete Business School Ltd, a company registered in England and Wales, with a registered address of Piccadilly Business Centre, Aldow Enterprise Park, Manchester, England, M12 6AE (Company number: 12854287).
Athlete Business School specialises in the publication of books and educational content online. The safety and security of your personal data is our paramount consideration. All parties who utilise Athlete Business School products and services with the confidence that your data is safe in our hands.
In order to provide our services to you, we must process Personal Data about you, or Personally Identifiable Information (PII). We are committed to maintaining the highest standards of compliance with regulatory environments.
By using our website or products, you are presumed to have read and understood this Privacy Statement.
Types of data that we collect We always strive to be totally transparent
about our practices concerning the collection and use of personal data. When you access or use our services, we collected the following:
Contact Data: full name, email address, home/billing address (including country and postal/zip code)
Cookie Data – Session cookies for account login authentication purposes;
Marketing Data – email address, marketing preference (opt in/opt out), records of consent (opt in), list of unsubscribed clients and marketing leads;
Transaction Data – payments for bookings within the Services and past transaction history (no payment card information is shared with the company as is processed by Stripe (Stripe Payment Services UK), who are PCI DSS v3.2, SAQ A complaint;
System Data - your devices’ Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.
Information you provide to us during customer service interactions and to receive assistance from us;
Account data – Athlete Business School username and password (login credentials)
Aggregated data or other information that does not identify individuals, for example information regarding our website visits, origin URLS, email delivery, test delivery and engagement.
Where you are an affiliate performing marketing for the Company, we will collect:
Full name, email address, home address (including postal/zip code), date of birth, social media profile URLs, payment details for commission due
How we use the data we collect
We may use your different in the following means to deliver our service to you, depending on your relationship with us:-
Where you are a customer:
To provide our products and services to you upon your request;
Create and manage your Athlete Business School account for purchases;
Process your payment transactions
Provide you with technical and customer support
Provide you with service messages about our products and services, including website developments
Where you are an Affiliate:
Establish a relationship with you for the purposes of affiliate marketing;
Review your suitability as an affiliate marketer, including social media following;
Generate a ‘sales lead’ figure based on sales generated by you;
To facilitate commission payments to be paid to you for successful, completed lessons
What grounds do we process your data under?
Both the UK and the EU General Data Protection Regulations (UK/EU GDPR) forbids the processing of personal data unless we are collecting and using your in line with one of 6 lawful bases. The lawful bases we rely on are:
Consent: when an individual has given clear consent for their personal data to be processed for a specific purpose. This consent must be well-informed, freely given and can be withdrawn by you at any time by contacting firstname.lastname@example.org or by clicking ‘unsubscribe’ at the footer of any email correspondence you receive from us.
Performance of a Contract: the processing is necessary for a performance of a contract, or because they have been asked to take specific steps before entering into a contract.
Legal Obligation: the processing is necessary for us to comply with the law (not including contractual obligations)
Vital Interests: the processing is necessary to protect someone’s life.
Public Task: the processing is necessary to perform a task in the public interest or your official functions, and the task or function has a clear basis in law.
Legitimate Interests: the processing is necessary for legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests
We are committed to ensuring that no data is processed about any living individual under the age of 18 during their use of our website and our products.
Should we later discover that data relating to a child under 18 has been processed by us without our knowledge, we will securely destroy it immediately upon discovery.
How long do we keep your personal data?
We process your personal data only for as long as necessary to achieve the purposes for which it was originally collected. Once you purchase one of our course products, we create an account for you so you may review your past purchases and access your courses at your convenience. If you instruct us to, we will delete your Athlete Business School account and all of your personal data involved.
Please note that on some occasions, we may retain elements of your personal information after our relationship has ended, where we are required to keep this data for as long as necessary to comply with our legal and regulatory obligations.
Who do we share your data with? We may share your data with third parties for the purposes of fulfilling our commitment to you. The data that we collect and receive from a customer is solely processed for the purposes of product provision, within the scope of this policy. Please note that we will never share or sell your data to a third party for commercial gain. We share data with third parties only when they provide part of the service to us:
Athlete Business School platform providers (“developers”) for the purposes of managing your account preferences beyond personal configuration
Payment Service Providers who assist us in processing your payment card details and transactions on our behalf, such as Stripe (PCI-DSS Compliant). Please note that payment details are processed directly on Stripe’s payment gateway and are not visible to Athlete Business School.
Administrative, judicial and/or legal authorities in response to requirements, as long as they are required in accordance with the applicable law and regulations;
Our legal advisors in the event a claim is presented in relation to our services and products.
In the event that we sell or buy any business or assets, in which case we may need to disclose your data to the prospective seller, buyer or business partner.
Where we use a third party or service provider to provide our Service to you, we enter into written agreements with them as sub-processors, including specific data processing terms with the same level of protection as afforded by us.
As part of our business model, we work with trusted, professional affiliate marketers who promote our products on our behalf. If you purchase one of our products through an affiliate link, the affiliate will receive a commission payment for sharing your details with us as our customer.
International Transfers of Data
Our data is hosted in the United Kingdom (London) and Amsterdam, Netherlands, both of which are subject to GDPR. For those users who are in a country or region outside of the United Kingdom, please be advised the laws governing your private information may differ significantly from those laws in the United Kingdom that govern the collection and securing of personal information.
Where we use certain service providers outside the UK/EEA, we may use specific contracts approved by the European Commission which give personal data the same protection as it has in Europe called Standard Contractual Clauses (SCCs).
We ensure that all ex-EEA third party providers and Data Processors that we rely on have embedded Standard Contractual Clauses into their business model before we engage with them.
Security of your data
Athlete Business School takes their obligation to protect data very seriously. We appreciate the trust you place in us when you engage in our products and we have incorporated technical and organisational security measures to protect that data. Access to your Athlete Business School account is only available through authentication of one’s username and password, which should remain confidential to you and never shared with others. If a discover that a password breach has occurred, you should notify Athlete Business School without undue delay by contacting email@example.com
Your information is protected on a server that is behind a firewall; while utilising security software so as to maintain the confidentiality of the personal information we have accumulated. In the unlikely event of a security breach of a user’s personal information, we shall notify all users whose information may have been compromised to both the data subject, in accordance with all applicable laws and regulations and in our capacity as data controller. All Athlete Business School personnel are bound by a duty of confidentiality within their employment terms and only strictly necessary personnel will have access to personal data.
Links to other sites
Any personal information you supply will be treated in accordance with applicable data protection laws including the GDPR (UK and EU) and any other applicable or superseding laws. We are committed to delivering the rights that individuals are entitled to and upholding a transparent approach in processing data. These are:
The right to access (data subject access request) You are entitled to request an electronic copy of the personal information we hold about you, stemming from the beginning of our relationship, within 30 days. To do this, please contact us at firstname.lastname@example.org to request a copy including full details of what you require. You may also be required to submit or demonstrate proof of your identity.
The right to object (right to be forgotten) to your personal information being used for certain purposes. Where required, we ensure we will obtain your consent before undertaking marketing or data selling and you will always have the ability to opt out at any time.
The right to rectification: You may request that we correct any inaccurate and/or complete any incomplete personal information. You may review, update, correct and add or delete your personal information in your account.
The right to withdraw consent: Where we are processing your personal information on the basis that you have given us your consent to do so, you may withdraw your consent at any time.
The right of erasure: You may request that we erase your personal information and we will comply, unless there is a lawful reason for not doing so. For example, there may be an overriding legitimate ground for retaining your personal information, such as a legal requirement to retain transaction data for a period of 6 years or to protect Athlete Business School in any legal disputes.
The right to data portability: Under GDPR, in certain circumstances, you may request that we provide your personal information to you in a structured, commonly used and machine readable format and have it transferred to another provider of the same or similar services to us. Where this right is applicable, we will comply with such transfer as far as it is technically feasible.
Other Rights and Responsibilities
Athlete Business School agree to fulfil their data privacy obligations, including the fulfilment of data subject right requests within the statutory deadline;
In the event that you submit to us a data subject access request, or require copies of your Data held by us, we will provide you with copies of requested data within a thirty (30) day period, starting on date of receipt;
We commit to ensuring that you will be notified in accordance with all applicable laws and regulations if a breach or unauthorised release of personal data occurs. We will notify you by email as permitted by law if it is determined that a data security incident occurred;
Athlete Business School will never require you, to disclose more information than is reasonably necessary to participate in an activity;
Any such newsletter, marketing, or promotional email will only be sent after you confirm your consent to receive communications from us via clicking a confirmation link sent to your email address. (This process is typically referred to as “double opt-in,” and is used for all email marketing activities conducted by Athlete Business School Ltd.)
If you have opted in to receive direct marketing from us and you have changed your mind (which you can do at any time), you may unsubscribe by just clicking on the unsubscribe link in the footer of any Athlete Business School email which was sent to you. Another option is to contact us at email@example.com and make this request. We will honor your request and respond to you within a reasonable timeframe.
The right to lodge a complaint with the supervisory authority We suggest that you contact us about any questions or if you have a complaint in relation to how we process your personal information. You can reach us at firstname.lastname@example.org. However, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of your Personal Data does not comply with legal requirements. For UK citizens, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you are unsatisfied with our processing of your data (www.ico.org.uk). Athlete Business School’s ICO registration number is ZB205354.
A list of Data Protection Authorities within the European Union is available here: https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm.