Skip to main content

Privacy Policy

Written on . Posted in Legal.

Privacy Policy (UK GDPR) — SprintCoach.run

Version: v2.0
Updated: 21 September 2025
Controller: Paul Franklin trading as SprintCoach.run (“we”, “us”).
Website: https://sprintcoach.run/
Contact:  This email address is being protected from spambots. You need JavaScript enabled to view it. 
Address: Room 2, Metloc Business Hub, 37 Victoria Road, Romford, Essex, RM1 2LH
Applies to: the Site, our apps, and all products/services offered by us.

Summary: We collect the minimum personal data needed to deliver coaching and run our services. We do not sell data. We protect children’s data with extra care. See the Athlete Confidentiality & No-Benchmarking addendum below for sport-specific commitments.

1) Personal data we collect

We may collect data in these categories:

  • Identity & contact: name, email, phone, parent/guardian details (for under-18s), club and event information.
  • Account & usage: log-in credentials, device/browser data, IP address, cookies, pages visited, referral sources.
  • Coaching/athlete data (“progress data”): times, tests, training notes, attendance, wellness logs, goal setting, coach feedback; photos/video captured for technical review.
  • Health/injury data (special category): information you choose to provide so coaching can be safe and appropriate.
  • Payments & admin: transaction details (handled by payment processors), consents, communications.

We collect data when you: visit the Site, create an account, sign up to services, subscribe to communications, interact in apps/forms, or correspond with us. You may choose to browse the Site without identifying yourself; some features may not work without certain data.

2) Non-personal data

We may collect aggregated, de-identified analytics such as browser type, operating system, and Site interaction patterns. This information does not identify you on its own.

3) Cookies & similar technologies

We use cookies and similar technologies to operate the Site, remember preferences, measure performance, and improve content. You can manage cookies via your browser and our cookie banner (where provided). Blocking some cookies may affect Site functionality.
See our Cookie Notice for details of specific cookies and retention periods.

4) Why we use your data (purposes) & lawful bases

  • Deliver coaching/services (create accounts, schedule sessions, provide training content, analyse performance, support users) — Contract.
  • Safety & safeguarding (contact in emergencies; suitability to train) — Vital interests; Substantial public interest; Consent (health).
  • Programme administration & communications (service emails, updates about your plan, billing) — Contract; Legitimate interests.
  • Analytics & improvement (usage metrics, troubleshooting) — Legitimate interests.
  • Marketing communications (newsletters, offers) — Consent (you can withdraw at any time).
  • Legal/regulatory compliance (records, incident reporting) — Legal obligation.
  • For health/injury data, we rely on your explicit consent; you can withdraw consent at any time (this may limit how we coach safely).

5) Athlete Confidentiality & No-Benchmarking (addendum)

  • We will not disclose an athlete’s progress data, performance notes, or technical media visually, verbally, or electronically outside the coaching team without prior consent.
  • We will not use a named athlete’s data to benchmark or teach other athletes. Where examples are helpful, we will use anonymised/de-identified material or the athlete’s own data with consent.
  • Limited exceptions: safeguarding or medical emergencies; legal obligations; or strictly anonymised insights that cannot identify an individual.
  • (These commitments apply in addition to the rest of this Privacy Policy and form part of our coaching terms.)

6) How we protect your data

  • Role-based access for the coaching team only.
  • Encrypted transmission and, where supported, encryption at rest.
  • Secure devices (password/biometric), least-privilege access, regular updates.
  • Vendor due diligence and data processing agreements with all service providers.

Our providers & perimeter security: Our website is delivered via Webx Solutions Ltd and protected by the Sucuri CDN & Web Application Firewall (WAF). Webx Solutions Ltd is Cyber Essentials certified. Sucuri’s CDN/WAF provides network-level protections (e.g., DDoS mitigation, bot filtering, and virtual patching) that reduce exposure to common web threats. These provider safeguards sit alongside our own GDPR controls.

Important: While we rely on the security controls and certifications of our providers, those certifications belong to the providers. They do not, by themselves, certify SprintCoach.run. We remain responsible as the data controller under UK GDPR.

7) Sharing your data

We do not sell, trade, or rent your personal data. We may share data with:

  • Assistant coaches/staff (to deliver services);
  • Service providers (hosting, email, analytics, payment, coaching platforms) acting on our instructions — including Webx Solutions Ltd (site delivery/hosting) and Sucuri (CDN/WAF security);
  • Medical/safeguarding professionals when necessary and proportionate;
  • Authorities when required by law.

Where data is transferred outside the UK/EEA, we use appropriate safeguards (e.g., UK Addendum to SCCs) and limit access to what is necessary.

8) Retention

We keep data only as long as needed for the purposes above:

  • Coaching records: while you have an active relationship and up to 3 years thereafter.
  • Media (photos/video): retained only with consent and deleted on request unless required for safeguarding/legal reasons.

  • Transactional/records required by law: retained per statutory limits.
    When data is no longer needed, we securely delete or anonymise it.

9) Children & young people

For athletes under 18, we require a parent/guardian’s details and relevant consents. We take additional steps to minimise collection, restrict access to the coaching team, and avoid publishing identifiable images or data without explicit consent.

10) Your rights (UK GDPR)

You have the right to access, rectify, erase, restrict, and object to processing, and to data portability where applicable. You can withdraw consent at any time.
To exercise rights: contact This email address is being protected from spambots. You need JavaScript enabled to view it..
You can complain to the Information Commissioner’s Office (ICO): ico.org.uk or 0303 123 1113.

11) Emails & subscriptions

We send service/transactional emails as part of delivering your plan. For marketing emails, we rely on your consent. You can unsubscribe using the link in the email or by contacting us.

12) Third-party websites

Our Site may link to third-party sites. Their content and practices are outside our control, and their privacy notices apply to your use of those sites.

13) Changes to this notice

We may update this Privacy Policy. We’ll post the new date above and, for material changes, we’ll provide reasonable notice.

14) Contact

Data Controller: Paul Franklin, SprintCoach.run
Email: This email address is being protected from spambots. You need JavaScript enabled to view it. · Phone: 07870204697 · Address: Room 2, Metloc Business Hub, 37 Victoria Road, Romford, Essex, RM1 2LH

Cookie Notice (summary)

We use:

  • Essential cookies: to run core site features.
  • Performance/analytics: to understand usage.
  • Preference cookies: to remember settings.
  • (Optional) Marketing: only with your consent.

Manage preferences via our cookie banner and your browser settings. See full cookie details in the banner list.

Coaching Confidentiality Terms (Contractual Add-On)

The following terms complement our Privacy Policy and apply to all coaching clients/parents:

  1. Non-disclosure: We will not disclose an athlete’s identifiable progress data or technical media outside the coaching team without prior written consent, except where required for safeguarding/medical or legal obligations.
  2. No benchmarking: We will not use an athlete’s data to benchmark, compare, or teach other athletes. Teaching examples will be anonymised or will use the subject athlete’s own materials with consent.
  3. Trackside conduct: We avoid discussing identifiable details about other athletes in public settings. Group education is delivered with anonymised references only.
  4. Assistant coaches & processors: All assistants and service providers operate under confidentiality and GDPR-compliant processing terms.
  5. Requests & withdrawals: Parents/athletes can request access or deletion of coaching media and may withdraw consent for future use at any time, subject to safeguarding/legal requirements.

Acceptance of service indicates acceptance of these terms.

Appendix C — Provider assurances & industry standards (summary)

The services we use state alignment with widely recognised frameworks and standards, including (as applicable to their services):

  • Cyber Essentials (Webx Solutions Ltd)
  • CDN/WAF security controls (Sucuri)
  • ISO/IEC 27001 (information security)
  • ISO 9001 (quality management)
  • ISO 14001 (environmental management)
  • ISO 50001 (energy management)
  • PCI DSS (payment card data security, where payment processors apply)
  • SSAE SOC reports (independent assurance on controls)
  • Occupational health & safety standard (provider-declared)

These certifications/attestations are owned by the providers and apply to their respective platforms/services. They do not automatically certify SprintCoach.run; rather, we leverage their controls as part of our overall security posture and supplier due diligence. Up-to-date details are available from each provider on request.