Privacy Policy
Sunshine Sports - Privacy Policy
Last updated: [CONFIRM date]
Sunshine Sports ("we", "us", "our") runs junior sports programs in Western Sydney. We take your family's privacy seriously and handle personal information in line with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). This policy explains what we collect, why, and your rights.
1. Who we are
Sunshine Sports [CONFIRM: registered entity name], ABN [CONFIRM]. Contact: info@sunshinesports.au.
2. What we collect
- Parent/guardian details: name, email, phone, suburb/address.
- Child details: name, date of birth, school year, and any medical conditions, allergies or emergency-contact information you choose to provide so we can keep your child safe.
- Enrolment and attendance history.
- Payment records. Card numbers are entered directly with our payment processor (Stripe) and are never stored on our systems.
- Communications you send us (messages, enquiries, feedback).
- Basic technical data needed to run the portal (see our Cookie Notice).
3. Why we collect it
- To enrol children and run our programs safely (including responding to medical/emergency situations).
- To take payment and keep financial records.
- To contact you about sessions, cancellations, reminders and account matters.
- With your consent, to send you news and marketing. You can opt out at any time.
- To meet our legal obligations (e.g. child-safety and tax record-keeping).
4. Consent for children's information
Because our participants are children, a parent or guardian provides their information and consents on their behalf. Photography/marketing consent is always optional and can be withdrawn at any time by contacting us.
5. Who we share it with
We do not sell your personal information. We share it only with service providers who help us run the business, under contract and only as needed:
- Stripe (payments), our email and SMS providers (notifications), our hosting provider, and accounting software (invoicing).
- Coaches, limited to the roster and safety information for the sessions they run.
- Authorities where we are required to by law or to protect a child's safety.
6. Storage, security & overseas transfer
Information is stored in secured, access-controlled systems. Access is role-based (staff cannot see financial or full-account data). Some providers may process data outside Australia; where they do, we take reasonable steps to ensure comparable protection.
7. How long we keep it
We keep personal information only as long as needed for the purposes above and to meet legal obligations - for example, financial records are kept for 7 years as required by the ATO [CONFIRM retention periods]. When no longer needed, information is deleted or de-identified.
8. Your rights (APPs)
You can ask to access or correct your information, opt out of marketing, or request deletion where we are not required to keep it. Email info@sunshinesports.au and we will respond within a reasonable time (usually 30 days).
9. Complaints
If you're concerned about how we've handled your information, contact us first at info@sunshinesports.au. If unresolved, you can contact the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.
10. Overseas / EU visitors (GDPR)
If you are located in the EU/UK, the GDPR may also apply. In that case our lawful bases are: performance of a contract (enrolment), your consent (marketing), and our legitimate interests (running the business safely). You have additional rights to portability and erasure - contact info@sunshinesports.au.
11. Changes
We may update this policy; the "last updated" date shows the current version. Material changes will be notified through the portal or by email.
(Edit this policy in Admin → Policies → Privacy policy.)