Your data, your control

We believe your family's football journey belongs to you—here's how we protect it.

Privacy Policy

Last updated: May 23, 2025

This Privacy Policy describes how Grassroots Manager is operated by Simon Reed Development Limited ("GrassrootsManager," "we," "us," or "our") collects, uses, and protects your personal information when you use our GrassrootsManager service.

Quick Summary

Here's what you need to know about how we handle your personal data:

  • What we do: We provide a platform for football clubs to manage their teams and players
  • Your control: You decide what personal data to share with clubs
  • Your data: We protect your information and only use it for legitimate purposes
  • Your rights: You can access, correct, or delete your data anytime through your account
  • Children: Special protections apply for users under 16
  • Contact: [email protected] for any privacy questions

Who We Are

Grassroots Manager is operated by Simon Reed Development Limited

W8a Knoll Business Centre
325-327 Old Shoreham Road
Hove, England, BN3 7GS

We are the data controller for personal information processed through GrassrootsManager, except where specified below. We process your data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Throughout this policy, we refer to these collectively as "GDPR".

Our Role: Controller and Processor

We have different roles depending on the type of data:

We are a DATA CONTROLLER for:

  • Your user account and login information
  • Your personal profile data (name, address, medical info, etc.)
  • How you use our platform
  • Our communications with you

We are a DATA PROCESSOR for:

  • Player registration data shared with clubs
  • Club-specific data where clubs decide what to collect and how to use it

This means clubs are responsible for their own data protection policies regarding player registrations, while we're responsible for protecting your underlying personal information.

Age Requirements and Parental Controls

We have different rules based on age to protect young users:

Under 16 years:

  • Must have parent/guardian create and fully manage their account
  • Parent/guardian makes all decisions about data sharing
  • Cannot create independent accounts

16+ years:

  • Full control over their account and data
  • Can make all decisions about data sharing independently

Information We Collect

Personal Information You Provide (Person Data)

When you create a profile, we collect:

  • Basic information: Name, date of birth, address, phone number, email address
  • Football-specific: FA Number for league registration
  • Photos: Profile pictures and identity verification images
  • Medical information: Medical conditions, medications, and health details needed for safe participation in football activities
  • Practical information: Clothing and shoe sizes for kit purchases

User Account Information

  • Username, email address, password, and passkeys
  • Parent/guardian contact details (for users under 16)
  • Account preferences and settings

Information We Collect Automatically

  • Technical data: IP address, browser type, device information
  • Usage data: How you use our platform, pages visited, time spent
  • Cookies: Essential cookies for platform functionality (see Cookies section)

How We Use Your Information

Our Legal Basis for Processing

We process your personal data based on these legal grounds:

Contract (Article 6(1)(b) GDPR):

  • Providing the GrassrootsManager service you signed up for
  • Managing your account and user authentication
  • Facilitating player registrations with clubs

Legitimate Interests (Article 6(1)(f) GDPR):

  • Improving our platform and user experience
  • Platform security and fraud prevention
  • Analytics and usage monitoring (anonymized)
  • Clothing/shoe size collection for kit management
  • Communications about service updates

Explicit Consent (Article 9(2)(a) GDPR):

  • Processing medical information for health and safety during football activities

Vital Interests (Article 9(2)(c) GDPR):

  • Using medical information to protect health and safety during sports activities

How We Use Your Data

To provide our service:

  • Create and manage your account
  • Enable player registrations with football clubs
  • Facilitate communication between users and clubs
  • Provide identity verification for league requirements

For safety and compliance:

  • Share relevant medical information with authorized coaches for safe participation
  • Verify identity and age for league and association registrations
  • Maintain safeguarding standards in youth football

To improve our service:

  • Analyze platform usage to improve functionality
  • Develop new features based on user needs
  • Ensure platform security and prevent abuse

To communicate with you:

  • Send service-related notifications
  • Provide updates about new features
  • Share relevant information about grassroots football (you can opt out)

How We Share Your Information

Data Sharing Overview

You control what gets shared. Clubs can request player registration data, but you decide what information to authorize from your profile.

Who We Share Data With

Football Clubs:

  • Only player registration data you explicitly authorize
  • Clubs cannot access your underlying personal data without permission
  • You can revoke access at any time

Other Clubs (Limited):

  • Name only for service functionality (fixtures, leagues)
  • This is enabled by default but you can disable it
  • No other personal data is shared

Leagues and Associations:

  • Registration data as required for official player registration
  • Identity verification information (name, DOB, photo)

Service Providers:

  • Hosting: Heroku (EU servers only)
  • Email: Mailtrap.io (GDPR compliant)
  • Analytics: Google Analytics (if implemented - EU region)

Kit Suppliers:

  • Size information only when you explicitly make a purchase
  • No sharing without your direct authorization

When We're Required to Share

We may disclose your information when required by law, court orders, or to protect the safety of users.

International Data Transfers

We keep your data in the UK/EU:

  • Our servers are hosted by Heroku in EU regions
  • Our email provider (Mailtrap.io) is GDPR compliant
  • We do not transfer personal data outside the UK/EU
  • Any future international transfers will include appropriate safeguards

Data Retention

We keep your personal data only as long as necessary:

Active accounts: Indefinitely while you continue using the service

Inactive accounts: Automatically deleted after 3 years of non-use

After account deletion:

  • User and person records are permanently deleted
  • Player registrations with sensitive data are deleted
  • Non-sensitive historical records (names only) may be retained for administrative purposes

Specific retention periods:

  • Detailed analytics data: Maximum 3 years
  • Aggregated usage data: Indefinitely (anonymized)
  • Email logs: 3 years
  • System logs: 1 year maximum

Your Rights

You have the following rights regarding your personal data:

Right to Access

Download a copy of all personal data we hold about you through your account settings.

Right to Rectification

Update and correct your personal information directly in your account.

Right to Erasure

Delete your account and all associated personal data through your account settings.

Right to Restrict Processing

Control how we use your data by adjusting your privacy settings.

Right to Data Portability

Export your data in a machine-readable format through your account (JSON format).

Right to Object

Object to processing based on legitimate interests by contacting us or adjusting settings.

Right to Withdraw Consent

Withdraw consent for medical data processing or marketing communications at any time.

How to Exercise Your Rights

Self-Service (Recommended): Most rights can be exercised directly through your logged-in account for security and convenience.

Contact Us: For questions about your rights or technical issues: [email protected]

Response Time: We respond to requests within 1 month. Complex requests may require up to 2 additional months.

For Children:

  • Under 16: Parents/guardians exercise all rights and control all account activities
  • 16+: Full control over their own rights

Medical Information - Special Protections

Medical information receives extra protection under data protection law:

Why we collect it: To ensure safe participation in football activities and enable coaches to respond appropriately to medical situations.

Legal basis: Your explicit consent plus vital interests for health and safety.

Who accesses it: Only authorized coaches and officials during training sessions and matches.

Your control: You can withdraw consent or update medical information at any time.

Security: Medical data is encrypted and access is strictly controlled.

Cookies and Tracking

We use essential cookies only:

Essential Cookies:

  • User authentication and login sessions
  • Platform functionality and security
  • User preferences and settings

No consent required for essential cookies as they're necessary for the service to work.

No tracking cookies: We don't currently use analytics, advertising, or marketing cookies.

Future changes: If we add non-essential cookies, we'll update this policy and implement appropriate consent mechanisms.

Security

We protect your personal data using:

  • Encryption: Data is encrypted in transit and at rest
  • Access controls: Strict authentication and authorization
  • Regular monitoring: Security monitoring and threat detection
  • Staff training: Regular data protection training for our team
  • Incident response: Procedures for handling any security issues

While we implement strong security measures, no system is 100% secure. We cannot guarantee absolute security but commit to following industry best practices.

Data Breaches

In the unlikely event of a data breach:

  • We'll assess the risk to your rights and freedoms
  • We'll notify the ICO within 72 hours if required
  • We'll notify affected users if there's a high risk to their rights
  • We'll take immediate steps to contain and remedy the breach

Children's Privacy

We take extra care with children's data:

Enhanced protections:

  • Parental oversight for users under 16
  • No behavioral advertising to under-18s
  • Special consent requirements for sensitive data
  • Clear age verification processes

Safeguarding:

  • Medical information helps ensure safe participation
  • Emergency contact details for all minors
  • Compliance with football safeguarding requirements

Parental rights:

  • Parents can access and manage their child's data
  • Parents receive notifications about data processing
  • Parents can withdraw consent at any time

Marketing Communications

Service communications:

  • Account notifications and security alerts (legitimate interests)
  • Service updates and important changes (legitimate interests)

Marketing communications:

  • Updates about new features (legitimate interests - easy opt-out)
  • Grassroots football news and tips (legitimate interests - easy opt-out)

Your choices:

  • Opt out of marketing emails anytime
  • Separate preferences for different communication types
  • Service emails cannot be disabled (essential for account security)

To non-users:

  • We only send marketing to non-users with explicit consent

Links to Other Websites

Our service may contain links to other websites. We're not responsible for the privacy practices of other sites. We encourage you to review the privacy policies of any third-party websites you visit.

Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements:

  • Notification: We'll notify you of significant changes via email and platform notifications
  • Effective date: Changes become effective when posted with a new "last updated" date
  • Your options: Continued use indicates acceptance of the updated policy

Contact Us

For privacy questions or concerns: Email: [email protected]

For data protection requests: Use your account settings for self-service, or email us for technical issues.

Data Protection Officer: Not currently required due to our scale of operations. We regularly review our obligations regarding the appointment of a DPO in line with ICO guidance.

Supervisory Authority: You have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you're concerned about how we handle your personal data: https://ico.org.uk/

This Privacy Policy is designed to be transparent about our data practices while providing strong protection for your personal information, especially for young footballers and their families.