Privacy Notice
Last updated 26 May 2026
This notice explains what data the Chestertons Polo in the Park 2026 event app collects, why, what we do with it, how long we keep it, and the rights you have under the UK GDPR and Data Protection Act 2018.
Who is the data controller?
Sport Gate International (“SGI”) is the data controller for this app. SGI organises Chestertons Polo in the Park and is responsible for the personal data this app collects from attendees.
Contact for privacy enquiries: privacy@sportgateint.com
What data we collect
- Email address — used to send the one-time sign-in code, to email you if you win the raffle, and (only if you tick the marketing box) to send event news.
- Display name — shown back to you in the app; used to address you in the winner email.
- Optional phone number — only if you choose to provide it; used by venue staff to verify your identity if you redeem a perk in person.
- Marketing preference — your tick (or not) for receiving future event news.
- App activity — which QR codes you scanned, which quiz answers you gave, which match predictions you made, which raffles you entered, which perks you claimed. This data is linked to your account but is not itself personal information once your account is anonymised.
- Technical data — IP address (only while you’re actively using the app, never stored), browser type, and crash reports. Used for security and to fix bugs.
Why we collect it (lawful basis)
- Performance of a contract — to run the app and let you take part in the event activities (scanning, predicting, the raffle, claiming perks).
- Legitimate interest — to keep the app secure, prevent fraud, and fix bugs (error reporting).
- Consent — only for marketing emails. You can withdraw your consent at any time by replying to any marketing email, or by deleting your account in the app.
Who we share data with (processors)
We use the following processors. They act only on SGI’s instructions and are bound by contract under UK GDPR Article 28.
- Supabase (EU region) — database, authentication, file storage.
- Vercel — application hosting and content delivery.
- Upstash — rate-limiting cache.
- Resend — transactional email delivery (sign-in codes, winner notifications).
- Sentry — error and crash reporting (configured to strip personal data before transmission).
We do not sell your data and we do not share it with advertisers.
Where your data is processed
All data is processed in the European Economic Area (EEA) or the UK. Where a processor operates outside the EEA / UK, transfers are protected by the UK International Data Transfer Agreement (IDTA) or equivalent safeguards.
How long we keep it
- Personal identifiers (email, display name, phone, marketing preference) — kept until 30 days after the event, then automatically anonymised by a nightly job. If you’ve opted in to marketing, your email is kept on the marketing list until you unsubscribe.
- App activity (anonymous after 30 days) — retained indefinitely in anonymised form for event reporting and statistics. It cannot be linked back to you once your identifiers are purged.
- Audit logs (raffle draws, admin actions) — retained for 6 years for legal and accountability reasons. Only contains operational data, not personal identifiers (those are anonymised on schedule).
- Error reports (Sentry) — kept for 90 days then automatically purged by Sentry.
Your rights
Under UK GDPR, you have the right to:
- Access — get a copy of your data. You can download a JSON export at any time from your account settings.
- Rectification — correct inaccurate data. Edit your display name in the app, or email privacy@sportgateint.com for changes you can’t make yourself.
- Erasure — delete your account at any time from your account settings. Your personal identifiers will be anonymised immediately; the audit trail of any raffle entries remains in anonymised form.
- Restriction — ask us to pause processing while a dispute is resolved.
- Objection — object to processing based on legitimate interest, including marketing.
- Withdraw consent — for marketing emails, at any time.
- Complain — to the UK Information Commissioner’s Office at ico.org.uk or 0303 123 1113.
Cookies
We only set strictly-necessary cookies. See the cookie policy for the full list.
Security
We use industry-standard measures to protect your data, including TLS encryption in transit, encrypted database storage, role-based access controls, and audit logging of all administrative actions. Despite this, no method is 100% secure; if a breach affects your data we will notify the Information Commissioner within 72 hours and contact you if there is a high risk to your rights.
Changes to this notice
If we update this notice the “last updated” date at the top will change. Material changes affecting how we use your data will be highlighted in the app before they take effect.