Privacy Policy.

Privacy Policy

Last updated: 20 February 2026

This Privacy Policy explains how City Sporting Group LTD (“we”, “us”, or “our”) collects, uses, stores and shares personal data when you use our website citysportinggroup.co.uk, including when you submit an activity waiver form or a general contact form.

We are committed to protecting your privacy and handling your personal data in an open and transparent manner, in line with the UK GDPR, the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR) where applicable.

1. Who We Are

Data Controller: City Sporting Group LTD

Website: citysportinggroup.co.uk

Contact email: info@citysportinggroup.co.uk

2. The Personal Data We Collect

We may collect and process the following categories of personal data:

A. Information you provide via forms

  • Activity waiver form: name, contact details, emergency contact details, confirmations and declarations (including health-related information if you choose to provide it), and a digital signature.
  • Contact form: name, email address, and the content of your message.

B. Technical data

  • IP address (which may be partially anonymised), browser type/version, device type, operating system, time zone setting, referring pages, and basic usage data.

C. Cookies and similar technologies

We use cookies and similar technologies to operate and improve our website. For details, please see our Cookie Policy.

3. Special Category Data

The activity waiver may include information about your health (for example, injury or medical conditions). This type of information is classed as special category data under UK GDPR.

Where we process special category data, we do so only when:

  • you have provided it directly and it is necessary for safety/participation purposes, and
  • we have an appropriate lawful basis and condition under UK GDPR (see Section 5).

4. How We Use Your Data

We use your personal data for the following purposes:

  • To process your activity waiver and manage participation in activities or sessions.
  • To communicate with you about your enquiry, booking, participation, or updates relating to your waiver.
  • To respond to messages submitted via the contact form.
  • To maintain safety, verify identity where appropriate, and keep appropriate records.
  • To operate, secure, and improve our website (including performance monitoring and analytics, where consent is given).
  • To comply with our legal obligations and to establish, exercise, or defend legal claims if needed.

5. Lawful Bases for Processing

Under UK GDPR, we must have a lawful basis to process your personal data. Depending on the context, we rely on:

  • Consent – for optional cookies/analytics and where you choose to provide certain information.
  • Contract – where processing is necessary to provide participation in an activity or to take steps at your request.
  • Legal obligation – where we must keep records or comply with applicable laws.
  • Legitimate interests – for running our business, website security, preventing fraud, and improving our services (balanced against your rights).

Special category data (health information): where processed, we rely on an appropriate UK GDPR condition, typically because it is necessary for reasons of substantial public interest (safeguarding and safety) and/or to establish, exercise, or defend legal claims, and only where applicable and lawful. In some cases, we may also rely on your explicit consent where required.

6. Where We Get Your Data From

We collect personal data:

  • directly from you when you submit a form on our website, or contact us by email, and
  • automatically via cookies and similar technologies (see our Cookie Policy).

7. Who We Share Your Data With

We may share your personal data with trusted third parties only where necessary, such as:

  • Website and IT providers (hosting, email, form processing, security services).
  • Professional advisers (e.g., legal, accounting, insurance) where needed.
  • Authorities or regulators where required by law.

We do not sell your personal data.

8. Data Security

We take appropriate technical and organisational measures to protect your personal data, including:

  • secure systems and access controls,
  • limiting access to personal data to those who need it, and
  • secure handling of form submissions.

However, no method of transmission over the internet is completely secure. We cannot guarantee absolute security, but we work to maintain strong protections.

9. Data Retention

We keep personal data only for as long as necessary for the purposes described in this policy, including legal, accounting, or reporting requirements.

Typical retention includes:

  • Activity waiver submissions: retained for as long as necessary for legal, safety, and insurance purposes.
  • Contact enquiries: retained as long as necessary to respond and maintain reasonable records.
  • Website analytics (if used): retained according to the analytics provider’s settings and our configuration.

10. Your Data Protection Rights

Under UK GDPR, you have the right to:

  • Access – request a copy of your personal data.
  • Rectification – ask us to correct inaccurate or incomplete data.
  • Erasure – ask us to delete your data in certain circumstances.
  • Restriction – ask us to limit how we use your data in certain circumstances.
  • Objection – object to processing based on legitimate interests.
  • Data portability – request your data in a usable format in certain circumstances.
  • Withdraw consent – where we rely on consent, you can withdraw it at any time.

To exercise your rights, contact us using the details in Section 1.

11. Complaints

If you have concerns about how we handle your personal data, please contact us first and we will try to resolve the issue.

You also have the right to lodge a complaint with the UK supervisory authority:

Information Commissioner’s Office (ICO)
Website: ico.org.uk

12. Children’s Privacy

Our website is not intended for children under 13 and we do not knowingly collect personal data from children under 13. If you believe a child has provided us with personal data, please contact us and we will take appropriate steps to delete it.

13. Links to Other Websites

Our website may contain links to third-party websites. We are not responsible for the privacy practices of those websites. We encourage you to review their privacy policies before providing any personal data.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in law, technology, or our practices. The latest version will always be published on this page.