Platform Privacy Notice

This Privacy Notice explains how Hivelink Ltd (“Hivelink”, “we”, “us”) processes personal data relating to administrators, team owners and other authorised users (“Administrators”) who create or manage an account on the Hivelink platform.

It also explains Hivelink’s role when processing personal data on behalf of organisations using the platform.

1. Who we are and our role

Hivelink Ltd is a UK company providing an online booking and activity management platform for schools, clubs and activity providers.

For the purposes of UK GDPR:

• Hivelink acts as a data controller in respect of personal data relating to Administrators and its own business operations.
• Hivelink acts as a data processor in respect of personal data processed on behalf of organisations relating to parents, guardians and participants.

Personal data processed via the platform may be processed by Hivelink or its authorised service providers outside the UK, subject to appropriate safeguards in accordance with UK GDPR.

2. Personal data we process about Administrators

We may process the following categories of personal data about Administrators:

• name and contact details (such as email address and telephone number);
• organisation details and role information;
• account credentials and access permissions;
• communications with Hivelink (including support requests);
• usage data relating to interaction with the platform.

3. How and why we use Administrator data

We process Administrator personal data for the following purposes:

• creating and managing administrator accounts;
• providing access to the platform and its features;
• providing customer support and responding to enquiries;
• communicating important service information and product updates;
• maintaining platform security and preventing misuse;
• analysing platform usage on an aggregated, non-identifiable basis.

4. Lawful bases for processing

Hivelink relies on the following lawful bases under UK GDPR:

• contractual necessity – to provide the platform and related services;
• legitimate interests – to operate, maintain and improve the platform, communicate service updates and ensure security;
• legal obligation – where required to comply with applicable law.

Product updates and service communications are sent on the basis of legitimate interests and are not marketing communications.

5. Processing personal data on behalf of organisations

When Administrators use the platform to manage bookings, profiles or payments on behalf of parents or participants, Hivelink processes that personal data solely on the instructions of the organisation.

In these circumstances:

• the organisation is the data controller;
• Hivelink is the data processor;
• Hivelink does not determine what personal data is collected or how it is used beyond providing the platform.

Processing of such data is governed by the Data Processing Agreement included in the Platform Terms & Conditions.

6. Administrator access to End User accounts

Administrators may be granted access to parent or participant accounts in order to assist with bookings, profile updates or account management.

Any access to, or actions taken within, End User accounts by Administrators are the responsibility of the organisation. Hivelink does not monitor or control how Administrators exercise such access.

7. Custom data fields and data collection

The Hivelink platform allows organisations to configure custom profile fields and request information from parents or participants as part of account setup or booking processes.

The organisation is solely responsible for determining what information is collected, ensuring that it is lawful, relevant and proportionate, and for providing appropriate privacy information to parents or participants.

Hivelink does not determine the content of custom fields or assess the lawfulness of data collected through them.

8. Sharing personal data

We may share Administrator personal data with trusted third-party service providers (sub-processors) where necessary to operate the platform, such as hosting, object storage, communications and support providers.

All such providers are subject to appropriate contractual data protection safeguards.

A current list of authorised sub-processors is available on request via support@hivelink.co.uk.

9. Data retention

Administrator personal data is retained only for as long as necessary to provide the platform services and to meet legal, accounting or operational requirements.

Where an organisation ceases to use the platform, Administrator data will no longer be accessible and will be retained by Hivelink in a restricted archival state before being deleted or anonymised once no longer required.

10. Your data protection rights

Administrators have rights under UK GDPR, including the right to:

• access their personal data;
• request correction or deletion;
• object to or restrict processing in certain circumstances.

Requests relating to Administrator data may be made by contacting support@hivelink.co.uk.

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO).

11. Contact us

If you have questions about this Privacy Notice or how Hivelink processes personal data, please contact:

Hivelink Ltd
Email: support@hivelink.co.uk