This policy explains how PaceLab collects, uses, stores, and shares personal data when you use our Services.

1. Controller details

Data controller: PaceLab Ltd
Address: 9 high street, Wellington, Somerset, United Kingdom, TA21 8QT
Email: [email protected]
If you have a Data Protection Officer: Philip Steffan Jones (CEO and Founder)

2. What data we collect

Depending on how you use our Services, we may collect:

Identity and contact data
Name, email, phone number, age group, role (player/parent/coach/decision maker), location.

Coaching and performance data (where provided)
Training history, goals, injury history (if disclosed), session adherence, workload inputs, video submissions, test results/metrics, notes and feedback.

Payment and transaction data
Billing address, purchase history, subscription status. (Card payments are processed by third-party payment providers; we do not store full card details.)

Technical and usage data
IP address, device/browser information, pages visited, clicks, referral source, and analytics events.

Marketing preferences
Email/SMS opt-ins, communication preferences, and interaction with marketing messages.

3. Special category data (health/injury)

If you voluntarily provide health-related information (e.g., injury history), it may be treated as special category dataunder UK GDPR. We only process it where necessary for delivering coaching safely and appropriately, and on an appropriate lawful basis (typically explicit consent or substantial public interest where applicable).

4. How we use your data

We use your data to:

4.1. Provide and administer Services (coaching delivery, programme updates, course access, community access).

4.2. Personalise training recommendations and feedback.

4.3. Process payments and manage subscriptions.

4.4. Communicate with you (service messages, updates, support).

4.5. Improve our Services (analytics, troubleshooting, product development).

4.6. Send marketing communications where you have consented or where permitted by law (you can opt out at any time).

4.7. Comply with legal obligations and protect our rights.

5. Lawful bases for processing (UK GDPR)

5.1We process personal data under one or more of:

5.2Contract (to deliver what you purchased/registered for)

5.3Legitimate interests (to operate, improve, and secure the Services)

5.4Consent (marketing, cookies, special category data where required)

5.5Legal obligation (tax, accounting, regulatory compliance)

6. Who we share data with

We may share data with:

6.1Service providers who help us operate (e.g., website hosting, CRM, email/SMS, analytics, payment processors, video/athlete management platforms).

6.2Professional advisers (accountants, lawyers) where necessary.

6.3Authorities if required by law.

We do not sell your personal data.

7. International transfers

7.1. If we transfer data outside the UK, we ensure appropriate safeguards (such as UK Addendum to EU SCCs or other lawful transfer mechanisms) are in place.

8. Data retention

8.1We keep data only as long as necessary for the purposes described, including legal, accounting, and operational requirements. Typical retention periods:

8.2Transaction records: up to 6 years (UK tax/accounting).

8.3Coaching records: for as long as the coaching relationship continues and a reasonable period thereafter for continuity and safeguarding, unless you request deletion (subject to legal obligations).

9. Your rights

You may have rights to:

9.1Access your data

9.2Correct inaccurate data

9.3Delete data (where applicable)

9.4Restrict or object to processing

9.5Data portability

9.6 Withdraw consent (where processing is based on consent)

To exercise rights, contact: [email protected]

10. Marketing

You can opt out of marketing at any time via the unsubscribe link or by contacting us.

11. Children

Where Services involve under-18s, a parent/guardian may be required to provide consent and handle purchases. We take safeguarding seriously and minimise data collection where possible.

12. Security

We use reasonable technical and organisational measures to protect data, but no system is 100% secure.

13. Complaints

You can complain to the UK Information Commissioner’s Office (ICO) at any time. We encourage you to contact us first to resolve issues.