Notts Sport Privacy and Data Protection Policy

What is the purpose of this document?

Notts Sport Limited acts as a “data controller,” meaning we are responsible for determining how personal information is collected, stored, and used. In accordance with data protection legislation, this privacy notice explains how and why we process personal data.

This notice applies to individual customers, suppliers, customer and supplier contacts, and any other individuals whose personal information we process during the course of business. It outlines how personal data is handled and protected and may be updated periodically.

Data protection principles

Notts Sport is committed to complying with all applicable data protection laws and principles. This means personal data will be:

  • Processed lawfully, fairly, and transparently

  • Collected only for specified and legitimate purposes

  • Relevant, accurate, and kept up to date

  • Retained only for as long as necessary

  • Stored and managed securely to protect against unauthorized access or misuse

The kind of information we hold about you

We may collect, store, and use personal information including names, job titles, postal addresses, telephone numbers, and email addresses. Where you are an individual customer or supplier, we may also hold payment or bank details for the purpose of processing payments.

How is your personal information collected?

Personal information is collected during the course of our business activities, either directly from you, through your employer or colleagues, or via other business contacts and associates.

How we will use information about you

We use personal information to communicate with you and to support our business relationship with you or your employer. Processing this information is considered a legitimate business interest necessary for the operation of our services and relationships.

Where you are an individual customer or supplier, your information may also be used to fulfil contractual obligations and, where appropriate, for marketing communications.

Data sharing

We may share personal information with trusted third parties, including service providers and affiliated business entities, where necessary to support our operations and services. All third parties are required to handle personal data securely and in compliance with applicable data protection laws.

In some cases, personal information may be transferred outside the UK or European Economic Area (EEA). Where this occurs, appropriate safeguards are implemented to ensure your data receives an equivalent level of protection.

Why might you share my personal information with third parties?

Personal information may be shared with third parties where required by law, where necessary to manage our business relationship with you, or where we have a legitimate business interest in doing so.

Examples of this may include:

  • Sharing supplier information with HM Revenue & Customs where legally required

  • Using credit reference agencies to carry out customer credit checks

  • Providing delivery details to courier and logistics providers

  • Using marketing platforms such as MailChimp or similar services to manage communications and marketing activity

We may also share information with third parties in connection with a potential business sale, merger, or restructuring. Wherever possible, anonymized information will be used before any transaction is completed, with personal data only shared where necessary and legally permitted.

Transferring information outside the EU

Some of our third-party service providers may be located outside the UK or European Economic Area (EEA), which means your personal information may be transferred and processed internationally.

Whenever personal data is transferred outside the EEA, we take appropriate steps to ensure it remains protected and handled securely in accordance with applicable data protection laws. This may include the use of approved contractual safeguards or working with providers that maintain recognized data protection standards for international data transfers.

If you would like further information about the measures we use to protect personal data transferred outside the EEA, please contact us directly.

Data security

We have implemented appropriate technical and organizational security measures to protect personal information from unauthorized access, loss, misuse, alteration, or disclosure. Access to personal data is restricted to employees, contractors, agents, and trusted third parties who have a legitimate business need to access it and who are required to handle the information confidentially and in accordance with our instructions.

We also maintain procedures for identifying and responding to suspected data breaches and will notify affected individuals and relevant regulatory authorities where legally required.

Data retention

How long will you use my information for?

We will retain personal information only for as long as necessary to fulfil the purposes for which it was collected, including after our business relationship with you or your employer has ended, and in accordance with applicable legal, regulatory, and operational requirements.

Rights of access, correction, erasure, and restriction

Informing us of changes

It is important that the personal information we hold about you remains accurate and up to date. Please notify us of any changes to your personal details during the course of your relationship with us.

Your rights in connection with personal information

Under applicable data protection laws, you may have the right to:

  • Request access to the personal information we hold about you

  • Request correction of inaccurate or incomplete personal information

  • Request the deletion of your personal information where there is no lawful reason for continued processing

  • Object to the processing of your personal information where processing is based on legitimate interests or for direct marketing purposes

  • Request the restriction of processing of your personal information in certain circumstances

  • Request the transfer of your personal information to another organization or directly to you

If you would like to access, review, update, correct, erase, object to the processing of, or request the transfer of your personal information, please contact us at info@nottssport.com.

While we will carefully consider all requests, there may be circumstances where we are legally entitled to refuse a request, in which case we will explain the reasons for our decision.No fee usually required

You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

What we may need from you

To help protect your personal information, we may request specific information from you to confirm your identity before processing any request relating to your personal data or the exercise of your legal rights. This helps ensure that personal information is not disclosed to anyone who is not authorized to receive it.

Right to withdraw consent

Where we rely on your consent to collect, process, or transfer your personal information for a specific purpose, you have the right to withdraw that consent at any time. To withdraw your consent, please contact us at info@nottssport.com.

Once we have received notification of your withdrawal, we will stop processing your information for the relevant purpose unless we have another lawful basis for continuing to do so.

Questions about this Privacy Notice

If you have any questions about this Privacy Notice or how we handle your personal information, please contact us at info@nottssport.com.

You also have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority responsible for data protection matters.

Changes to this privacy notice

We may update this Privacy Notice from time to time to reflect changes in legal requirements, business practices, or the way we process personal information. Where significant changes are made, we will provide an updated version of the notice and may notify you directly where appropriate.