GSM Tennis Academy

Privacy & Data Protection Policy

GSM Tennis Academy

Last updated:

1. Who We Are

GSM Tennis Academy ("we", "us", "our") operates as an online platform that connects independent tennis coaches with players across the United Kingdom. We are the data controller for personal information collected through our website and booking system.

2. The Information We Collect

We collect only the information necessary to provide our service, including:

  • Player details – name, email address, phone number, location, booking history, and payment information.
  • Coach details – name, contact information, qualifications, experience, pricing, and payout details.
  • Technical information – IP address, browser type, and device data (security & analytics).
  • Communication data – emails, chat messages, or feedback exchanged through the platform.

3. How We Use Your Information

We use your information to:

  1. Facilitate bookings between players and coaches.
  2. Process payments and refunds securely.
  3. Manage user accounts and provide customer support.
  4. Send booking confirmations, reminders, and service updates.
  5. Improve and maintain our website performance.
  6. Comply with legal and tax obligations.

We never sell your personal data to third parties.

We process personal data under one or more lawful bases:

  • Contract: to perform booking and payment services.
  • Legitimate Interests: for secure and efficient platform operation.
  • Legal Obligation: for financial and tax reporting.
  • Consent: for optional marketing communications (withdrawable anytime).

5. How We Share Your Information

We only share the minimum data necessary:

  • With coaches, so they can deliver booked lessons.
  • With payment processors for secure transactions.
  • With IT/hosting providers maintaining our website.
  • With legal authorities when required by law.

All third-party providers operate under contracts ensuring your data is protected in compliance with UK GDPR.

6. Data Retention

We retain your information only as long as necessary:

  • Booking and payment records – 6 years (HMRC compliance).
  • Account details – until you request deletion.
  • Marketing data – until you opt out or unsubscribe.

7. Your Rights

Under UK GDPR, you have the right to:

  • Access the personal data we hold about you.
  • Request correction or deletion of your data.
  • Object to or restrict certain processing.
  • Withdraw consent for marketing.
  • Request data portability.

To exercise your rights, please contact us at [insert contact email address].

8. Data Security

We use industry‑standard measures—encryption, secure servers, and restricted access—to protect your information from unauthorised access, alteration, or loss.

9. International Transfers

Your data is normally stored within the United Kingdom. If any service provider transfers data outside the UK, we ensure appropriate safeguards are in place, such as UK International Data Transfer Agreements.

10. Contact Us

If you have questions about this policy or wish to exercise your rights, please contact us using the details provided above.

If you remain dissatisfied, you may complain to the Information Commissioner’s Office (ICO) at www.ico.org.uk.