Privacy Policy
Last updated: 05-06-2026
This policy explains how Design UNLTD Limited, trading as Club Membership Cloud (“we”, “us”), handles personal data when you visit our website, get in touch with us, or act as an administrator or billing contact for a club or organisation using our platform.
If you’re an individual member of a club that uses Club Membership Cloud, please see the “How we handle club member data” section below — different rules apply, because in that case we are not the organisation responsible for your data.
Who we are
Design UNLTD Limited, trading as Club Membership Cloud, is a company registered in England and Wales (company number 08929009), registered office 39A St Pirans Road, Perranporth, Cornwall, TR6 0BJ.
Data protection contact: Matt Sanwell, matt@designunltd.co.uk, 07515 355960.
The personal data we collect directly
- Enquiries: if you register your interest or contact us through the website, we collect your name, email address, phone number and the name of your club or organisation.
- Account and billing contacts: if your club or governing body enters into a licence agreement with us, we collect the name, work email, phone number and role of the individuals designated as platform administrators or billing contacts.
- Website usage: we don’t currently use cookies or analytics tools to track visitors to this website. See our Cookie Policy for full details.
- Marketing communications: if you opt in to receive updates from us, we hold your email address and your communication preferences.
Why we use it, and our legal basis
- Responding to your enquiry — our legitimate interest in dealing with prospective customers, or your consent where you’ve given it.
- Setting up and administering your organisation’s licence agreement — performance of a contract, or steps needed before entering into one.
- Invoicing and accounting — a legal obligation (tax and accounting records) and contractual necessity.
- Sending marketing communications — your consent, which you can withdraw at any time.
Who we share it with
- Google LLC (Google Workspace) — we use Google Workspace for business email. Enquiries submitted through the website, and correspondence with account and billing contacts, are handled and stored in our Google Workspace mailboxes.
- Dropbox, Inc. — account and billing contact data entered into the platform itself is backed up to Dropbox as part of our standard encrypted backup process (see International transfers below).
We don’t use a third-party CRM or marketing tool to manage enquiries — submissions are handled directly through our team’s email.
We don’t sell personal data, and we don’t share it with third parties for their own marketing purposes. Stripe doesn’t process any data covered by this policy — it only handles payments made by individual club members through the platform, which falls under our role as data processor rather than controller. See our Data Protection & Security page for that.
International transfers
We use Google Workspace for business email, operated by Google LLC, a US company. Enquiry and correspondence data may be processed outside the UK as a result. Google relies on the UK Extension to the EU-US Data Privacy Framework, with standard contractual clauses as a backstop, as its transfer safeguard for UK personal data.
Account and billing contact data held within the platform itself is hosted in the UK but backed up to Dropbox, Inc. in the United States as part of our standard encrypted backup process. All data is fully encrypted before transfer.
How long we keep it
- Enquiry data: held for 24 months if no agreement is signed, after which it is deleted.
- Account and billing contact data: held for the duration of the licence agreement, plus 6 years afterwards for accounting and legal purposes.
We don’t keep personal data indefinitely — retention periods are reviewed and data is deleted once it’s no longer needed for the purpose it was collected for.
How we handle club member data
If you’re a member of a club, association or governing body that uses our platform, your personal data is collected and controlled by that organisation, not by us. We process it only on their instructions, under a written data processing agreement, in order to provide the membership management service.
This means:
- Your club decides what data is collected about you, why, and how long it’s kept.
- If you want to exercise any of your data protection rights — access, correction, deletion, and so on — you should contact your club directly in the first instance. We assist clubs in responding to these requests, but we don’t hold the authority to act on them ourselves.
- You can find more detail about our role as a data processor, including the security measures we maintain, on our Data Protection & Security page.
If you’re a junior member of a club, your data is looked after under your club’s own privacy notice and any applicable safeguarding policies.
Your rights
Where we are the controller of your data (see above), you have the right to:
- ask what data we hold about you (right of access);
- ask for inaccurate data to be corrected;
- ask us to delete data we hold about you (right to erasure);
- ask us to restrict how we use your data;
- receive a copy of your data in a portable format (right to data portability);
- object to how we use your data, including for direct marketing;
- withdraw your consent at any time, where we rely on consent;
- complain to the Information Commissioner’s Office (ICO) — ico.org.uk, 0303 123 1113 — if you’re unhappy with how we’ve handled your data.
To exercise any of these rights, contact us using the details above.
Security
We take reasonable technical and organisational measures to protect personal data against unauthorised access, loss or destruction. Details of the security measures used to protect platform data are set out on our Data Protection & Security page.
Changes to this policy
We may update this policy from time to time. The “last updated” date at the top shows when it was last revised.
