AWA Runner

Privacy Policy

How AWA Coaching collects, uses, and protects your personal information

Last Updated: February 2026 | Version 1.0

Data Protection Contact

Organization: AWA Coaching

Email: dataprotection@awasportscoaching.com

ICO Registration: [PENDING REGISTRATION NUMBER]

Address: AWA Coaching, Electric Works, 3 Concourse Way, Sheffield, S1 2BJ

1. Introduction

AWA Coaching is committed to protecting and respecting your privacy. This policy explains how we collect, use, store, and protect your personal information when you use our athletics coaching platform.

We are particularly mindful of our responsibilities when handling information about children and young people. As a youth athletics coaching organization, we comply with:

  • UK General Data Protection Regulation (UK GDPR)
  • Data Protection Act 2018
  • Age Appropriate Design Code (Children's Code)
  • Online Safety Bill 2023
  • Safeguarding legislation and best practices

2. Information We Collect

Account Information

  • Full name, email address, and password (securely hashed)
  • Phone number (verified for account security)
  • Role (Parent/Guardian, Athlete, Coach, Admin)
  • Date of birth (for age-appropriate services)
  • Profile photos (optional)

Medical & Emergency InformationSpecial Category Data

  • Medical conditions, allergies, and current medications
  • Injury history and dietary requirements
  • Emergency contact details (names, phone numbers, relationships)
  • GP contact information
  • EpiPen and inhaler requirements
  • This data is encrypted and stored securely to protect vital health information

Consent & Safeguarding Records

  • Parental consent forms (participation, medical, data collection, performance tracking)
  • Photography and media consent status
  • AI analysis consent (optional)
  • Digital signatures with timestamps and IP addresses
  • Code of Conduct acknowledgements (Athlete, Parent, Coach)
  • Consent renewal dates and audit trails

Attendance & Performance Data

  • Session bookings and attendance records
  • Personal best times and distances
  • Competition results and achievements
  • Training logs (session notes, effort levels, mood tracking)
  • Coach feedback and progress reviews
  • GPS check-in data (when GPS validation is enabled)

Payment & Billing Information

  • Subscription details and payment history
  • Billing and shipping addresses
  • Payment method details (last 4 digits, brand) via Stripe
  • Invoice history and refund records
  • Account credit balances
  • Shop orders and product purchases

Communication Data

  • Messages sent through our platform messaging system
  • Read receipts and message timestamps
  • File attachments (photos, documents, PDFs)
  • Voice notes and transcriptions
  • Notification preferences (email, SMS, WhatsApp, push notifications)
  • Message flagging for safeguarding purposes

Technical Information

  • IP addresses and session tokens
  • Browser type and device information
  • Login timestamps and authentication logs
  • Cookies (see our Cookie Policy for details)
  • Multi-factor authentication (MFA) settings
  • Failed login attempts for security

3. How We Use Your Information

We process your personal information for the following purposes:

Service Delivery

Legal Basis: Contract

Managing bookings, delivering coaching sessions, tracking attendance and performance

Safety & Safeguarding

Legal Basis: Legal Obligation & Vital Interests

Protecting children, emergency medical care, safeguarding investigations

Payment Processing

Legal Basis: Contract

Processing subscriptions, one-off payments, shop orders, and refunds

Communications

Legal Basis: Legitimate Interest

Session updates, booking confirmations, platform notifications, coach feedback

Legal Compliance

Legal Basis: Legal Obligation

Financial record keeping (7 years), safeguarding records (25 years)

Photography & Marketing

Legal Basis: Consent

Photos/videos for website and social media (opt-in only, default: opted out)

4. Third-Party Service Providers

We share your information with trusted third-party processors who help us deliver our services. All processors are carefully selected and contractually required to comply with UK GDPR.

Service ProviderPurposeData Location
StripePayment processing, subscriptionsEU/US (GDPR compliant)
AWS (S3, SES, Rekognition, Transcribe)File storage, email delivery, content moderation, voice transcriptioneu-west-2 (London)
TwilioSMS, WhatsApp notifications, phone verificationUS (EU routing available)
ResendEmail delivery (alternative)UK GDPR compliant
Hosting ProviderPlatform hosting[To be confirmed - UK/EU]

International Transfers: Some processors (Stripe, Twilio) may transfer data to the US under appropriate safeguards (Standard Contractual Clauses, adequacy decisions). We ensure all transfers comply with UK GDPR requirements.

5. How We Protect Your Information

Security Measures:

AES-256 encryption for sensitive medical data
TLS 1.3 encryption for all data in transit
Bcrypt password hashing (passwords never stored in plain text)
Multi-factor authentication (MFA) available
Database encryption at provider level
Access logging for medical information
Regular security audits and updates
Account lockout after failed login attempts
Secure session management with HTTP-only cookies
Virus scanning for all file uploads
Content moderation for images (AWS Rekognition)
Role-based access controls

6. How Long We Keep Your Information

We only retain your personal information for as long as necessary to fulfill the purposes outlined in this policy and to meet our legal obligations.

Active membership records:Duration of membership + 7 years
Medical records:Duration of membership + 7 years
Safeguarding records:25 years from last entry (legal requirement)
Financial records (invoices, payments):7 years (UK legal requirement)
Consent records:7 years from consent expiry
Performance data:3 years after membership ends (or upon request)
Communication logs:Duration of membership + 1 year
Session cookies:Until browser is closed
Persistent cookies:Up to 2 years (with consent)

Important: Safeguarding records may be retained beyond your request for deletion if required by law or for the protection of children. We will explain if this applies to your data.

7. Your Data Protection Rights

Under UK GDPR, you have the following rights:

Right to Access

Request a copy of the personal information we hold about you (Subject Access Request)

Right to Rectification

Ask us to correct inaccurate or incomplete information

Right to Erasure (Right to be Forgotten)

Request deletion of your personal data (subject to legal retention requirements)

Right to Restrict Processing

Ask us to limit how we use your data while a dispute is resolved

Right to Data Portability

Receive your data in a machine-readable format to transfer to another service

Right to Object

Object to processing based on legitimate interests or for marketing purposes

Right to Withdraw Consent

Withdraw consent for photography, AI analysis, or marketing at any time

Right to Complain

Lodge a complaint with the Information Commissioner's Office (ICO)

How to Exercise Your Rights: Email us at dataprotection@awasportscoaching.com with details of your request. We will respond within 30 days. For more information, see our GDPR Rights & Data Requests page.

8. Children's Privacy

As a youth athletics coaching platform, we take children's privacy extremely seriously and comply with the UK Age Appropriate Design Code (Children's Code).

Our Commitments to Children's Privacy:

Parental consent required for all athletes under 18
Default privacy settings (e.g., photography consent is opted-out by default)
Minimal data collection - only what's necessary for coaching and safety
No profiling or targeted marketing to children
No geolocation tracking of minors
Parental oversight controls for messaging and social features
Age-appropriate language in consent forms and communications
Annual consent renewal to keep parents informed
Separate parent and athlete accounts for transparency
No direct marketing to children under 18

Age-Based Processing

  • Under 13: Parental consent mandatory for all processing. No self-management.
  • Ages 13-15: Parental consent required. Limited self-management with oversight.
  • Ages 16-17: Can consent for themselves, but parents retain oversight capabilities.
  • 18+: Full self-management, optional parental oversight.

9. Cookies and Tracking

We use cookies to provide essential functionality and improve your experience. For full details, please see our Cookie Policy.

Essential Cookies

Required for platform functionality

✓ No consent required

Functional Cookies

Remember your preferences

Consent recommended

Analytics Cookies

Help us improve the platform

⚠ Consent required

10. Data Breach Notification

In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will:

1

Notify the ICO

Within 72 hours of becoming aware of the breach

2

Notify Affected Users

Without undue delay if high risk to your rights

3

Take Action

Implement measures to mitigate impact and prevent recurrence

4

Keep You Informed

Provide regular updates on investigation and remediation

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal requirements. When we make significant changes:

  • We will update the "Last Updated" date at the top of this page
  • We will increment the version number
  • We will notify you via email and/or platform notification for material changes
  • For changes affecting children's data, we will obtain renewed parental consent where required

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

12. Contact Us

If you have any questions about this Privacy Policy, how we handle your data, or wish to exercise your rights, please contact us:

Data Protection Enquiries:

Email: dataprotection@awasportscoaching.com

Response time: Within 30 days

Supervisory Authority:

Information Commissioner's Office (ICO)

Website: ico.org.uk

Helpline: 0303 123 1113

Related Policies

Terms & ConditionsCookie PolicyGDPR RightsSafeguarding Policy

This policy is reviewed annually and is available to all parents, athletes, coaches, and staff.

Version 1.0 | Last Updated: February 2026 | Next Review: February 2027

← Back to Dashboard