Privacy Policy

Last updated: 31 January 2026

1. Introduction

Stockton Sunday Runners ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform.

We are the data controller responsible for your personal data. If you have any questions about this policy or our data practices, please contact us using the details at the end of this document.

2. Information We Collect

2.1 Personal Information

When you register for an account, we collect:

  • Identity Data: Full name, date of birth, gender
  • Contact Data: Email address, phone number (optional)
  • Account Data: Username/email, password (encrypted)
  • Parkrun Barcode: If you choose to link your parkrun account.

2.2 Performance Data

When you participate in events, we collect:

  • Finish times and race results
  • Event positions (overall and category)
  • Age grade percentages (calculated from your date of birth)
  • Distance completed (2k or 5k).

2.3 Volunteer Information

When you sign up to volunteer, we collect:

  • Volunteer role preferences
  • Event signup confirmations
  • Volunteer attendance records.

2.4 Technical Data

  • IP address (for security purposes)
  • Browser type and version
  • Time zone settings
  • Login timestamps.

3. How We Use Your Information

3.1 Legal Basis for Processing

We process your personal data under the following legal bases:

  • Legitimate Interest: Managing running club activities, event organisation, and results tracking
  • Consent: Sending marketing emails and newsletters (you can withdraw consent at any time)
  • Contractual Necessity: Fulfilling volunteer commitments and event participation.

3.2 Specific Uses

We use your information to:

  • Manage your account and authenticate your identity
  • Record and display race results and performance statistics
  • Coordinate volunteer positions for events
  • Send you event notifications and results (if opted in)
  • Calculate age-graded performance metrics
  • Generate QR codes for event check-in
  • Improve our services and user experience
  • Comply with legal obligations.

4. Data Sharing and Disclosure

We do not sell your personal data. We may share your information with:

  • Other Members: Your name and race results are publicly visible to other registered members
  • Service Providers: We use third-party services including:
    • Supabase (database hosting and authentication) - EU/UK data centers
    • Resend (email delivery service) - for transactional emails.
  • Legal Requirements: We may disclose information if required by law or to protect our rights.

All third-party service providers are contractually obligated to protect your data and use it only for the purposes we specify.

5. Your Data Protection Rights

Under GDPR, you have the following rights:

Right to Access

You can view and export your personal data from your profile page.

Right to Rectification

You can update your personal information at any time from your profile page.

Right to Erasure ("Right to be Forgotten")

You can delete your account from your profile page. Your historical race results will be anonymized but retained for record-keeping purposes.

Right to Restrict Processing

You can request that we limit how we use your data.

Right to Data Portability

You can export your data in CSV format from your profile page.

Right to Object

You can object to certain types of processing, including direct marketing.

Right to Withdraw Consent

You can withdraw consent for email communications at any time from your profile settings.

6. Data Retention

We retain your personal data for as long as necessary to fulfill the purposes outlined in this policy:

  • Active Accounts: Data is retained while your account is active
  • Race Results: Retained indefinitely for historical records (anonymised upon account deletion)
  • Volunteer Records: Retained for 7 years for safeguarding and compliance purposes
  • Inactive Accounts: Accounts inactive for 3+ years may be deleted with notice
  • Deleted Accounts: Personal identifiers are removed immediately; results are anonymised.

7. Data Security

We implement appropriate technical and organisational measures to protect your personal data:

  • Data encryption in transit (HTTPS/TLS)
  • Data encryption at rest in our databases
  • Password hashing and salting
  • Role-based access controls (RLS)
  • Regular security updates and monitoring
  • Secure authentication via Supabase Auth.

While we take reasonable steps to protect your data, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.

8. Cookies and Tracking

We use essential cookies to:

  • Keep you logged in during your session
  • Remember your preferences
  • Ensure site security.

We do not use advertising or tracking cookies. Session cookies are automatically deleted when you close your browser.

9. Children's Privacy

Our service is available to runners of all ages. We recognise that children may wish to participate in our running events and track their progress.

Parental Consent Requirements

For children under 16 years old, parental or guardian consent is required for:

  • Creating an account
  • Processing personal data
  • Storing race results and performance statistics
  • Receiving email communications (if opted in).

How We Obtain Consent

During account creation, users are required to confirm that parental or guardian consent has been obtained if they are under 16. We rely on this confirmation to process the child's data lawfully.

Parental Rights

Parents or guardians of children using our service have the right to:

  • Review the personal information we hold about their child
  • Request correction or deletion of their child's account
  • Withdraw consent for data processing at any time
  • Export their child's data in portable formats.

If you are a parent or guardian and believe we have collected information from your child without proper consent, or if you wish to exercise any of the above rights, please contact us immediately using the details at the end of this policy.

10. Event Photos

Event photos may be taken and displayed on the platform. By participating in events, you consent to being photographed. If you wish to have a photo removed, please contact us with the specific photo details.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email (if you have opted in) or by posting a notice on our platform. The "Last updated" date at the top of this policy indicates when it was last revised.

12. Contact Us

If you have questions about this Privacy Policy, wish to exercise your data protection rights, or have concerns about how we handle your data, please contact:

Stockton Sunday Runners

Email: hello@stocktonsundayrunners.co.uk

Address: 43 The Green, Norton, Stockton-on-Tees, TS20 1DX

Supervisory Authority: You have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues.

ICO Contact Details:

Website: ico.org.uk

Helpline: 0303 123 1113

Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

13. Marketing Communications

You can opt in or out of receiving marketing emails at any time from your profile settings. We will only send you marketing communications if you have explicitly consented.

We will always send essential service communications (e.g., account security alerts, event cancellations) regardless of your marketing preferences.

By using Stockton Sunday Runners, you acknowledge that you have read and understood this Privacy Policy.