top of page

Privacy Policy

ClubSign Privacy Policy - Last Updated: 08/11/2025

This Privacy Policy explains how Andrew Throup T/A JPO Photography, operating the "ClubSign" service (referred to as "We," "Us," or the "Processor"), processes personal data on behalf of our client running clubs (the "Customer" or "Controller").

1. Our Relationship with Your Data

  • The Customer (The Club) is the Data Controller: The running club determines the purposes and means of processing their members' personal data.

  • ClubSign (JPO Photography) is the Data Processor: We process the data strictly on the documented instructions of the Customer, solely to provide the ClubSign service.

  • Lawful Basis: We do not determine the lawful basis for processing the members' data (e.g., consent, legitimate interest); this is the sole responsibility of the Customer.

2. Data We Process (As a Processor)

We only process the personal data that the Customer (the Club) uploads to the ClubSign application. This data typically includes:

​

Data Type Examples:

Member Identity Data - Name, Member ID, Date of Birth, Gender at Birth.

Contact Data - Email Address, Phone Number, ICE details (if uploaded by the Club).

Usage Data - Time-stamped records of members signing in/out of club sessions.

Club Administrator Data - The names and business contact details of the club's key contacts who manage the service.

3. How We Use the Data (Purpose of Processing)

We only use the Customer Data to provide the contracted ClubSign service to the Customer and as instructed by the Customer. Our purposes are limited to:

  1. Providing the Service: Operating the sign-in/out functionality, managing member lists, and providing club administrators access to data logs.

  2. Maintenance and Support: Diagnosing and fixing technical issues within the App.

  3. Security: Monitoring the App for unauthorised access or malicious activity.

We will not use any Customer Data for our own purposes, such as marketing, profiling, or sharing with third parties, unless explicitly instructed by the Customer or required by law.

4. Security and Data Location

4.1. Technical and Organisational Measures

 

We are committed to maintaining the security and confidentiality of the data we process. Our security measures include:

  • Encryption: All Customer Data is transmitted using SSL/TLS encryption (HTTPS).

  • Access Control: Access to the data is restricted to necessary personnel and protected by unique, complex passwords and [Two-Factor Authentication / other measure].

  • Infrastructure: The ClubSign application is hosted on secure servers provided by [Base44/Wix.com].

 

4.2. Data Location

 

The data processed by ClubSign is stored within the European Economic Area (EEA) by our Platform Provider, [Base44/Wix.com].

5. Sub-Processors and Data Transfers

5.1. Sub-Processors
 

 

We use the following third-party service providers ("Sub-Processors") to help provide our Service. The Customer accepts the use of these Sub-Processors:

Sub-Processor - Service Provided - Data Location

[Wix.com / Base44] - Hosting and Infrastructure - EEA/Israel

​

We conduct due diligence to ensure all Sub-Processors are compliant with UK GDPR.

6. Data Subject Rights (Role of the Customer)

Members of the running club (Data Subjects) have rights under the UK GDPR (e.g., right to access, right to rectification, right to erasure).

We are unable to directly handle requests from members. Any requests regarding their personal data must be directed to their respective running club (the Customer/Controller), who has the sole responsibility for responding to the request. We will assist the Customer in fulfilling their obligations as required by law.

​

​If the Customer (Club) or any Data Subject believes that we have not processed their personal data in accordance with the law, they have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues. The ICO’s full contact details, including their address and dedicated helpline, can be found on their official website: www.ico.org.uk.

7. Our Processing of Customer Contact Data (As a Controller)

We act as the Data Controller only for the professional contact information of our Customer's key contacts (e.g., the club treasurer or administrator who signs up for the service).

  • Data Processed: Name, business email, telephone number, billing details.

  • Lawful Basis: Contractual necessity (to manage the Subscription) and Legitimate Interest (to send service updates, maintenance notices, and invoices).

8. Changes to this Policy

We may update this Privacy Policy from time to time. The latest version will always be available on our website at www.clubsign.run

bottom of page