Privacy Policy

Who is responsible for my data? Played Limited is responsible for your data. We are registered as a company in England and Wales and act as the data controller for the data we collect from you. We also act as the data processor for the data that you collect from attendees when using Played.

How is my personal data used? We use your personal data for various purposes, such as creating a secure login to access your account, providing support, sending essential account notifications, and for marketing purposes.

Where is my data stored? Your data is stored in Played's secure database in London, UK, hosted on the Microsoft Azure Cloud in a Microsoft data centre in the UK South.

What are my rights regarding my data? You can see, amend, correct or delete your personal data, as well as limit, restrict or object to its processing. You can also withdraw your consent for data usage, such as for marketing emails, and object to our use of your data where we rely on our legitimate interests.

How do I exercise my rights? To raise any objections or exercise any of your rights, you can send an email to support@played.co. We may ask you to verify your identity before providing any information.

How do you ensure GDPR compliance? We are committed to GDPR compliance and have implemented security protocols, data storage and transfer safeguards, and privacy policies in line with GDPR requirements. We also work with third parties that adhere to the same standards.

What if I have concerns or complaints? If you have any complaints concerning Played's processing of your personal data, please email us at support@played.co. You also have the right to lodge a complaint with the supervisory authority responsible for the protection of personal data in the country where you live or work, or where you think a breach of data protection laws might have taken place.

How we use your personal data?

Data
How is it collected?
Legal basis for processing
What we do with it
Where is it stored?
Email address
At sign up
Legitimate interest and with your consent.
  • To create a secure log-in to access your account.
  • To send essential account notifications such as a new booking alert (these can be turned on and off within your settings).
  • To provide support and answer questions via email.
  • For a regular newsletter and occasional marketing messages.
Played’s secure database in London, UK, hosted on the Microsoft Azure Cloud.
Name
In-app
Via usage
Legitimate interest
  • To provide support (it’s nice to know who we’re speaking with!)
  • To provide support via phone and in the future to send text message notifications.
  • We display it on your public booking page – a legal requirement of any business taking payments on the internet.
  • To determine whether you should be charged VAT on your subscription.
  • Tailor messaging and language for specific countries or browsers.
  • To ensure your security.
Played’s secure database in London, UK, hosted on the Microsoft Azure Cloud.
Phone number
Business address and company number
IP and browser information

Who do you share my data with? We share your data with some sub-processors like Atlas, Sendgrid, and Stripe. We ensure they adhere to the same data protection standards as we do, and your personal data is never sold to third parties.

Who
Why
We use Stripe Connect to enable you to receive payments for your activities directly to your Stripe account. This ensures a seamless and secure payment process for you and your customers. We share your email address with Stripe Connect to create an account for you, allowing you to manage payments, receive invoice and refund notifications, and for authentication purposes.
Sendgrid is our email service provider, which powers all of our emails. This includes notifications such as new booking alerts, cancellations, and other essential account updates from Played.
Stripe allow us to take subscription payments from you (if you’re a paying customer). We share your email address with them so that you receive invoice and refund notifications.

Cookies

A cookie is a string of information that a website stores on a visitor’s computer, and that the visitor’s browser provides to the website each time the visitor returns. Played uses cookies to help Played identify and track visitors, their usage of Played website, their website access preferences and to facilitate logged in sessions. Played visitors who do not wish to have cookies placed on their computers should set their browsers to refuse cookies before using Played’s websites, with the drawback that certain features of Played’s websites may not function properly without the aid of cookies.

International data transfers and security

We take security extremely seriously and have technologies, processes and security protocols to protect against the loss or theft of personal data. Our security processes include:

  • Access Controls – we have physical, system and data access control systems in place.
  • Data Backup – we conduct regular backups of the data stored in Played.
  • Testing & Improving – we regularly test and review our security to continuously strengthen our data security systems.

We will report any breach of Personal Data, and do so as fast as we can; we aim to let people know within 24 hours.

We use external servers monitored by Microsoft Azure Cloud Platform, a world-leader in data storage and security. Access to any business account is strictly limited and a register is kept of all access. Personal information can only be partially accessed for business technical support, billing or maintenance reasons. Played has strict internal data handling policies that all employees with access to data commit too.

We will only send data outside of the European Economic Area (‘EEA’) to work with third parties who we use to deliver services to you or to comply with a legal duty. If we do transfer data outside the EEA, we will make sure that it is protected in the same way as if it were being used in the EEA. We will use one of the following safeguards to ensure that it is protected:

  • Transfer the data to a non-EEA country which has privacy laws at least as protective as those within the EEA.
  • Put in place a contract with the recipient of the data which means the recipient must protect the data to the same standards as required within the EEA, or
  • Transfer it to organisations which are part of the Privacy Shield. The Privacy Shield is a framework which sets out the standards for data to be sent between the United States and European countries. The Privacy Shield ensures that data is protected to the same standards as used within the EEA.

How long we hold your data? We keep your data only for as long as we need it. How long we need data depends on what we are using it for, whether that is to provide services to you, for our own legitimate interests (described above) or so that we can comply with the law. We will actively review the information we hold and when there is no longer a customer, legal or business need for us to hold it, we will either delete it securely or in some cases anonymise it. These principles are extended to any third party services that we share your data with.

What should I do if I have concerns or complaints? If you have any concerns or complaints about Played's processing of your personal data, please email us at support@played.co. Note that you have the right to lodge a complaint with the supervisory authority responsible for the protection of personal data in the country where you live or work, or where you think a breach of data protection laws might have occurred.

Powering participation

Subscribe to learn more

Links
HomeOpenActive Blog
Product
PricingFeaturesActivity FinderContact
Social
©2022 Played Limited. All Rights Reserved.
PrivacyTerms