RunClub HQ Privacy Policy
Last updated: December 2025
RunClub HQ is a trading name of SymNex Consulting Ltd (registered in England and Wales). This policy explains how we handle personal data when you use our club management platform.
The basics
RunClub HQ provides software that helps running clubs manage their members, events and communications. In data protection terms:
- Your running club is the data controller – they decide what data to collect and why
- RunClub HQ is the data processor – we process data on behalf of your club according to their instructions
If you have questions about how your data is used, your first point of contact should be your running club. They control your membership and can tell you exactly what they collect and why.
What data we process
When your club uses RunClub HQ, we may process the following on their behalf:
Member information
- Name and contact details (email, phone, address)
- Date of birth, gender and emergency contact details
- Profile picture (may be visible to other members of your club and club officials)
- Membership status and history
- England Athletics registration numbers (where applicable)
Emergency and health information
- Emergency contact names and phone numbers
- Medical conditions, allergies or health information relevant to your participation in club activities
Performance and results
- Event entries and race results (including times and positions)
- Club records and best performances
- Personal bests and running history
Payment information
- Payment history and transaction records
- Partial bank account references (e.g. bank name and last two digits of account number)
- Direct Debit mandate status and subscription details
Junior members (under 18s)
- The information above may also be collected for junior members
- Parent/guardian contact details and consent records
Activity data
- Event registrations and attendance
- Communication preferences
- Login and authentication details
Technical data
- Device and browser information
- IP addresses and access logs
- Error reports (to fix problems)
How we use data
We only process personal data to provide the RunClub HQ service to your club. This includes:
- Running the platform and keeping it secure
- Sending emails and notifications on behalf of your club
- Generating reports and insights for club administrators
- Fixing bugs and improving the service
- Complying with legal obligations
We never sell personal data or use it for our own marketing purposes.
Health and medical information
Your club may ask you to provide medical information (such as health conditions, allergies or medications) that could be relevant to your safety during club activities. This is "special category" data under UK GDPR and receives extra protection.
- We only process health information with your explicit consent, which you provide when entering or updating this information
- This data is only accessible to authorised club officials who need it (e.g. run leaders, welfare officers)
- You can withdraw consent and request deletion of health information at any time through your club
- Health information is never used for any purpose other than member safety during club activities
Junior members (under 18s)
Running clubs welcome junior members, and we take extra care with children's data:
- Membership for under-18s requires parent or guardian consent
- Parent/guardian contact details are collected alongside the junior member's information
- Access to junior member data is restricted to authorised club officials
- We don't knowingly collect data directly from children – registration is managed through parents/guardians or the club
- Parents/guardians can request access to, correction of, or deletion of their child's data through the club
Clubs are responsible for ensuring appropriate safeguarding policies are in place. RunClub HQ provides the tools to manage junior memberships securely, but safeguarding decisions remain with the club.
Performance data and club records
Running clubs naturally track results and celebrate achievements. We process performance data to help clubs:
- Record event results and race times
- Maintain club records and best performances
- Track members' personal bests and running history
Public display: Some performance data (such as club records, race results and league tables) may be displayed publicly on your club's pages or shared with third parties like leagues and England Athletics. Your club determines what is made public. If you have concerns about your results being published, please speak to your club directly.
Gender data: We collect gender to enable accurate record-keeping (e.g. male/female club records) and for reporting to governing bodies. We recognise this can be sensitive information and handle it with care.
Payments and Direct Debits
Many clubs use RunClub HQ to collect membership fees via Direct Debit, powered by GoCardless.
How this works:
- When you set up a Direct Debit, you provide your bank details directly to GoCardless through their secure payment pages
- GoCardless processes your payments as a separate data processor, with a direct relationship with your club
- RunClub HQ receives and stores limited payment information: partial bank references (e.g. "Barclays Bank, account ending 23"), mandate status and payment history
We do not have access to your full bank account or sort code numbers. These are held securely by GoCardless.
GoCardless is authorised by the Financial Conduct Authority (FCA) and operates under their own privacy policy. For questions about how GoCardless handles your bank details, see gocardless.com/privacy.
Our sub-processors
We use trusted third-party services to deliver RunClub HQ. Your data may be processed by:
| Provider | Purpose | Location |
|---|---|---|
| Hetzner | Server hosting | Germany (EU) |
| Cloudflare | DNS, security, caching and backup | Global (EU data processing) |
| Mailgun | Sending emails | EU |
| Google Firebase | In-app messaging | EU/US |
| Sentry | Error tracking and monitoring | US |
All sub-processors are bound by data processing agreements and maintain appropriate security measures. We regularly review our sub-processors and will update this policy if they change.
Data security
We take security seriously. Our measures include:
- Encryption of data in transit (TLS/HTTPS) and at rest
- Secure authentication including passwordless login options
- Regular security updates and monitoring
- Access controls limiting who can see what data
- Automated backups with secure storage
Data retention
We retain data for as long as your club needs it to manage your membership. When a club closes their account or asks us to delete data, we remove it within 30 days (except where we're legally required to keep it longer).
Individual members should contact their club directly to request data deletion or correction.
Your rights
Under UK GDPR, you have rights including:
- Access – request a copy of your data
- Correction – ask for inaccurate data to be fixed
- Deletion – request your data be removed
- Portability – receive your data in a standard format
- Objection – object to certain types of processing
To exercise these rights, contact your running club first. They control your data and can action most requests directly. If you believe we've mishandled your data, you can also contact us or lodge a complaint with the Information Commissioner's Office (ICO).
International transfers
Some of our sub-processors operate outside the UK/EU. Where this happens, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or equivalent protections recognised under UK data protection law.
Cookies and tracking
RunClub HQ uses essential cookies to keep you logged in and remember your preferences. We don't use advertising or tracking cookies.
Changes to this policy
We may update this policy from time to time. Significant changes will be communicated through the platform. The "last updated" date at the top shows when changes were last made.
Contact us
RunClub HQ (a trading name of SymNex Consulting Ltd)
For data protection queries about RunClub HQ:
- Email: [email protected]
For queries about your membership data, please contact your running club directly.
This policy is designed to be clear and readable. If anything is unclear, please get in touch and we'll explain.