Privacy Policy

Your privacy is important to us

Last Updated

This Privacy Policy was last updated on January 1, 2024.

1. Introduction

Clubmate ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our volleyball club management platform, including our website, mobile applications, and services (collectively, the "Service").

This Privacy Policy complies with:

  • The Personal Data Protection Act of Uganda (PDPA) and regulations issued by the Personal Data Protection Office (PDPO) of Uganda
  • The General Data Protection Regulation (GDPR) of the European Union
  • Other applicable data protection laws

By using our Service, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Personal Information

We collect information that you provide directly to us, including:

  • Account Information: Name, email address, phone number, username, password
  • Member Information: Date of birth, gender, address, emergency contacts, medical information (if provided), photographs
  • Club Information: Club name, location, contact details, logo, colors
  • Payment Information: Payment method details, transaction history (we do not store full credit card numbers)
  • Communication Data: Messages, emails, and other communications sent through our Service

2.2 Automatically Collected Information

When you use our Service, we automatically collect certain information, including:

  • Device Information: Device type, operating system, browser type, IP address
  • Usage Information: Pages visited, features used, time spent on the Service, click patterns
  • Location Information: General location data (if you enable location services)
  • Log Data: Server logs, error logs, access times

2.3 Cookies and Tracking Technologies

We use cookies and similar tracking technologies to track activity on our Service. For more information, please see our Cookie Policy.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Service Provision: To provide, maintain, and improve our Service
  • Account Management: To create and manage your account, process registrations, and authenticate users
  • Communication: To send you notifications, updates, announcements, and respond to your inquiries
  • Payment Processing: To process payments, manage subscriptions, and generate invoices
  • Club Management: To manage club operations, teams, matches, training sessions, and member relationships
  • Analytics: To analyze usage patterns, improve our Service, and develop new features
  • Legal Compliance: To comply with legal obligations, enforce our terms, and protect our rights
  • Security: To detect, prevent, and address security issues and fraudulent activity

4. Legal Basis for Processing (GDPR)

Under GDPR, we process your personal data based on the following legal grounds:

  • Consent: When you have given clear consent for us to process your personal data
  • Contract: When processing is necessary for the performance of a contract with you
  • Legal Obligation: When processing is necessary to comply with a legal obligation
  • Legitimate Interests: When processing is necessary for our legitimate interests (e.g., improving our Service, security)

5. Data Sharing and Disclosure

Platform Owner Access Restriction

Important: The platform owner (Clubmate/AdinConsult Ltd) and platform administrators cannot access, view, or retrieve sensitive club-specific data, including:

  • Player Information: Personal details, contact information, medical records, photographs, or any member-specific data
  • Team Data: Team rosters, lineups, team-specific information, or team strategies
  • Coach Information: Coach profiles, assignments, or coach-specific data
  • Human Resources Data: Staff information, employment records, payroll data, or HR-related information
  • Financial Information: Payment records, invoices, financial transactions, revenue data, or any club financial information

Our multi-tenant architecture ensures complete data isolation between clubs. The platform owner only has access to:

  • Aggregate, anonymized usage statistics (e.g., total number of clubs, total number of users across all clubs)
  • System-level technical data necessary for platform operation and maintenance
  • Club registration information (club name, contact email for account management purposes only)

All sensitive club data remains accessible only to authorized users within each individual club, as determined by the club's own administrators.

We do not sell your personal information. We may share your information in the following circumstances:

  • Within Your Club: Information may be visible to authorized club administrators, coaches, and managers within your club
  • Service Providers: We may share information with third-party service providers who perform services on our behalf (e.g., hosting, payment processing, email delivery). These providers are contractually bound to maintain strict confidentiality and data isolation.
  • Legal Requirements: We may disclose information if required by law, court order, or government regulation. In such cases, we will notify affected clubs to the extent legally permitted.
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred. Any such transfer will maintain the same data isolation and privacy protections.
  • With Your Consent: We may share information with your explicit consent

All third parties with whom we share data are required to maintain appropriate security measures and use your information only for the purposes specified.

6. Data Retention

We retain your personal information for as long as necessary to:

  • Provide our Service to you
  • Comply with legal obligations
  • Resolve disputes and enforce our agreements
  • Maintain business records as required by law

When we no longer need your information, we will securely delete or anonymize it, unless we are required to retain it for legal purposes.

7. Your Rights (Data Subject Rights)

Under the PDPA and GDPR, you have the following rights regarding your personal data:

7.1 Right of Access

You have the right to request access to your personal data and receive a copy of the data we hold about you.

7.2 Right to Rectification

You have the right to request correction of inaccurate or incomplete personal data.

7.3 Right to Erasure ("Right to be Forgotten")

You have the right to request deletion of your personal data in certain circumstances.

7.4 Right to Restrict Processing

You have the right to request restriction of processing of your personal data in certain circumstances.

7.5 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format.

7.6 Right to Object

You have the right to object to processing of your personal data for certain purposes, including direct marketing.

7.7 Right to Withdraw Consent

Where processing is based on consent, you have the right to withdraw consent at any time.

7.8 Right to Lodge a Complaint

You have the right to lodge a complaint with the relevant data protection authority:

  • Uganda: Personal Data Protection Office (PDPO)
  • EU: Your local data protection authority

How to Exercise Your Rights

To exercise any of these rights, please contact us at:

We will respond to your request within 30 days (or as required by applicable law).

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

  • Encryption of data in transit (SSL/TLS) and at rest
  • Regular security assessments and updates
  • Access controls and authentication mechanisms
  • Secure data centers and infrastructure
  • Employee training on data protection
  • Incident response procedures

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

9. Data Breach Notification

In the event of a data breach that may affect your personal data, we will:

  • Notify the relevant data protection authority within 72 hours (as required by GDPR)
  • Notify affected individuals without undue delay if the breach poses a high risk to their rights and freedoms
  • Provide information about the nature of the breach, likely consequences, and measures taken to address it

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure that appropriate safeguards are in place for such transfers, including:

  • Standard contractual clauses approved by data protection authorities
  • Adequacy decisions by relevant authorities
  • Other legally recognized transfer mechanisms

11. Children's Privacy

Our Service is not intended for children under the age of 13 (or the applicable age of consent in your jurisdiction). We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

12. Third-Party Links

Our Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to read their privacy policies.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by:

  • Posting the new Privacy Policy on this page
  • Updating the "Last Updated" date
  • Sending you an email notification (for material changes)
  • Displaying a notice on our Service (for significant changes)

You are advised to review this Privacy Policy periodically for any changes.

14. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Compliance

Clubmate is a product of AdinConsult Ltd, registered and licensed by the Personal Data Protection Office (PDPO) of Uganda.

Last Updated: January 1, 2024