Club Membership Cloud

Data Protection & Security

This page is for clubs, governing bodies and their advisers who want to understand how Club Membership Cloud handles personal data, ahead of or during a licence agreement.

Our role

When your club or organisation uses our platform, you are the data controller for the membership and related personal data you input — you decide what’s collected, why, and how long it’s kept. We act as your data processor: we process that data only on your instructions, to provide the platform service.

This is different from the data we hold about you and your organisation directly as our own customer (such as billing contact details), which is covered in our Privacy Policy.

Our Data Processing Agreement

Every licence agreement with Club Membership Cloud includes data processing terms that meet the requirements of Article 28 UK GDPR. These cover:

  • processing personal data only on your documented instructions;
  • confidentiality obligations on everyone with access to your data;
  • the technical and organisational security measures set out below;
  • prior notice and a right to object before we engage any new sub-processor;
  • assisting you in responding to data subject requests and data protection impact assessments;
  • notifying you promptly if we become aware of a personal data breach;
  • audit rights, so you can verify our compliance;
  • returning or deleting your data when the agreement ends.

A copy of our standard data processing terms is available on request before you sign — contact matt@designunltd.co.uk.

Security measures

  • Hosting: UK-based dedicated servers via Cloud Heroes, operating from ISO 27001 accredited Ark Data Centres, with a 99.99% uptime SLA and multi-data-centre high-availability infrastructure.
  • Encryption: TLS encryption for all personal data in transit; account passwords are hashed and encrypted.
  • Access control: multi-tier admin access controls, with the principle of least privilege applied throughout.
  • Testing: sandboxed testing environments using non-live test data only.
  • Backups: encrypted nightly backups, fully encrypted before transfer.
  • Payments: all card payments are processed exclusively by Stripe (PCI-DSS Level 1 certified). Raw card data never passes through our servers.
  • Data location: all live personal data is hosted and processed within the UK.

Sub-processors

We use a small number of third parties to help deliver the platform. The current list, including what each one does and where they’re based, is published on our Sub-processors page.

Breach response

If we become aware of a personal data breach affecting your data, we’ll notify you without undue delay so you can meet your own regulatory obligations, including any reporting duty to the Information Commissioner’s Office.

Special category and sensitive data

Some clubs use the platform to record information such as medical conditions or safeguarding records. Where this applies, your club remains responsible for identifying the appropriate basis under Article 9 UK GDPR for processing this kind of data — we process it only as instructed, with the same security and confidentiality protections as any other data on the platform.

Questions?

If you’d like more detail, a copy of our data processing terms, or want to discuss your club’s specific requirements before signing, contact Matt Sanwell at matt@designunltd.co.uk or 07515 355960.

Club Membership Cloud

A Simple, Powerful, Scaleable Club Membership System

What is the Club Membership Cloud?   |   Help! - Getting Started   |   Privacy   |   Data & Security   |   Cookies   |   Sub Processors   |   Report a problem / Technical Support