Legal

Privacy Policy

Last updated: April 2026

radcliffe.run (“we”, “us”, “our”) is a free community running group based in Radcliffe, Greater Manchester. This policy explains what personal data we collect, why we collect it, and your rights under UK data protection law (UK GDPR and the Data Protection Act 2018).

If you have any questions, contact us at runtogetherradcliffe@gmail.com.

1. Who we are

radcliffe.run is a free community running group based in Radcliffe, Greater Manchester. We are the data controller for the personal data collected through this website.

2. What data we collect and why

We collect the following categories of data when you register, sign in, or use the site:

Data	Purpose	Lawful basis
Name, email address	Identify you as a member, send you your sign-in link	Legitimate interests
Mobile number	Contact you about runs if needed	Legitimate interests
Emergency contact name, phone, relationship	Contact someone on your behalf if you are injured on a run	Legitimate interests
Health / medical notes	Help run leaders support you safely during runs	Explicit consent (Article 9)
Email preferences	Determine whether to send you club emails	Consent
Photo consent	Determine whether to include you in group photos shared online	Consent

Health information is classed as special category data under Article 9 of the UK GDPR. We only store it if you explicitly consent during registration, and it is used solely for runner safety. You can leave this field blank.

3. Emergency contact data

When you register, you provide the name and phone number of an emergency contact. This person’s details are held in our database and are only accessible to verified run leaders — never used for marketing, and never shared with third parties.

We hold this data on the basis of legitimate interests: the safety benefit of being able to contact a next of kin in an emergency clearly outweighs any privacy impact given the limited access and protective purpose. We recommend you let your emergency contact know their details are held.

4. Who we share your data with

We do not sell or share your data with third parties for marketing. We use the following services to operate the site:

Service	Purpose
Supabase	Database and authentication — stores all member data on servers in the EU
Resend	Email delivery — your email address is passed to Resend when we send you club emails
Vercel	Website hosting — processes requests to serve the site

Emergency contact and health data is also accessible to verified run leaders within the club.

5. How long we keep your data

Data	Retention
Name, email, mobile	Kept while you are an active member. Deleted 1 year after deactivation.
Emergency contact details	Deleted immediately when you leave the group or request erasure.
Health / medical notes	Deleted immediately when you leave the group or withdraw consent.
Email send logs	Retained for up to 1 year for troubleshooting purposes.

6. Cookies

We use only strictly necessary cookies to keep you signed in. We do not use advertising, tracking, or analytics cookies. No cookie consent banner is required.

7. Your rights

Under UK GDPR you have the following rights:

Right to access

Request a copy of the data we hold about you.

Right to rectification

Ask us to correct inaccurate data. You can update most details yourself on your profile page.

Right to erasure

Ask us to delete your data. We will action this within 30 days.

Right to restriction

Ask us to limit how we use your data while a dispute is resolved.

Right to object

Object to processing based on legitimate interests.

Right to withdraw consent

Where we rely on consent (emails, photos, health data), you can withdraw it at any time — this does not affect the lawfulness of prior processing.

To exercise any of these rights, email us at runtogetherradcliffe@gmail.com. We will respond within 30 days.

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk or by calling 0303 123 1113.

8. Age

Radcliffe.run is open to runners aged 18 and over. Young people aged 12–17 may register with parental or guardian consent, with a parent or guardian completing the registration form on their behalf. We do not knowingly collect data from children under 12.

9. Changes to this policy

We may update this policy from time to time. The date at the top of this page shows when it was last revised. Significant changes will be communicated by email to registered members.