Terms of Service|Privacy Policy|Data Processing Addendum|Acceptable Use|Cookie Policy

Privacy Policy

Polo HQ LTD  ·  Effective Date: March 5th 2026  ·  Last Updated: March 5th 2026

Privacy Policy

Polo HQ LTD

Effective Date: March 5th 2026

Last Updated: March 5th 2026

This Privacy Policy explains how Polo HQ LTD collects, uses, stores, and protects personal data when individuals access or use the Polo HQ platform and related services available through polohq.com.

Polo HQ LTD is committed to protecting personal data and complying with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other applicable data protection laws.

This policy describes what information we collect, how we process it, and the rights individuals have in relation to their personal data.

1. Data Controller and Data Processor Roles

Polo HQ LTD operates the Polo HQ platform as a software service used by polo organisations to manage operational activities.

Organizations using the platform act as Data Controllers because they determine what personal data is uploaded to the system and how it is used.

Polo HQ LTD acts primarily as a Data Processor that provides the technical infrastructure used to store and manage that data.

This means organisations are responsible for ensuring they have lawful authority to upload and manage personal data relating to their members, staff, contractors, or other individuals.

Polo HQ LTD processes such data only to provide and maintain the functionality of the platform.

2. Information We Collect

We may collect and process the following categories of personal information.

Account Information

When users create an account on the platform, we collect information including first name, last name, email address, login credentials, and other information required to create and manage a user account.

Profile Information

Users or organisations may store additional profile information including phone numbers, dates of birth, availability information, roles within an organisation, and other operational data.

Organization Data

Organizations may store information about players, staff, horses, events, scheduling data, or operational records required for managing polo activities.

Financial and Billing Information

When organisations subscribe to paid services, billing information may be processed through third-party payment providers. Payment card details are processed and stored by Stripe. Polo HQ LTD does not store full payment card numbers.

Documents and Files

Organizations may upload documents to the platform for administrative purposes. These may include contracts, identification documents, visa documents, expense records, or other operational files.

Polo HQ LTD does not determine the type of documents uploaded by organisations.

Organizations are responsible for ensuring they have the legal authority to upload and manage any documents or personal information stored within the platform.

System and Technical Information

We automatically collect technical information required to operate the platform, including device type, browser information, IP address, login timestamps, and usage activity within the platform.

This information helps us maintain platform security and performance.

3. Sensitive and Special Category Data

The platform allows organisations to upload documents and information that may contain personal or sensitive data.

This may include identification documents, visa records, contractual agreements, or other sensitive materials.

Polo HQ LTD does not request or require specific categories of sensitive personal data.

However, because organisations control the information they upload, such data may be stored within the platform.

Organizations are responsible for ensuring that any sensitive personal data uploaded to the platform complies with applicable data protection laws.

Users should not upload documents unless they have lawful authority to manage and share that information.

4. Information Relating to Minors

The platform may be used by members of polo organisations who are between the ages of 13 and 17.

Individuals under the age of 13 may not create accounts on the platform.

Users between the ages of 13 and 17 may only access or use the platform with authorization from their parent, guardian, or the organisation responsible for their participation.

Organizations are responsible for ensuring that they have appropriate authorization before uploading personal data relating to minors.

5. How We Use Personal Data

Polo HQ LTD processes personal data for the following purposes:

  • To create and manage user accounts
  • To provide access to the Polo HQ platform and its functionality
  • To enable organisations to manage scheduling, operational records, and workflows
  • To store and manage documents uploaded by organisations
  • To process subscriptions and billing through third-party payment providers
  • To maintain system security and prevent unauthorized access
  • To improve platform performance and reliability
  • To comply with legal obligations

6. Legal Basis for Processing

Under UK GDPR, personal data is processed on the following legal bases.

Contractual necessity

Processing is necessary to provide the platform and related services to users and organisations.

Legitimate interests

Processing may occur to ensure platform security, maintain system functionality, and improve the reliability of the service.

Legal obligations

Processing may occur when necessary to comply with legal or regulatory requirements.

Consent

Certain processing activities may occur where users or organisations have provided consent.

7. Data Hosting and Infrastructure

The Polo HQ platform is hosted using cloud infrastructure provided by third-party service providers.

Personal data may be processed or stored using the following infrastructure providers:

  • Supabase — Database hosting and application data storage (AWS infrastructure in the United States)
  • Vercel — Application hosting and delivery infrastructure
  • Resend — Transactional email delivery
  • Stripe — Payment processing and subscription billing

These service providers act as subprocessors that process personal data only for the purpose of providing infrastructure services.

8. International Data Transfers

Because certain infrastructure providers operate outside the United Kingdom and the European Economic Area, personal data may be transferred to and stored in jurisdictions including the United States.

Where such transfers occur, Polo HQ LTD takes appropriate measures to ensure personal data is protected in accordance with UK GDPR requirements.

These measures may include contractual safeguards and industry-standard security protections implemented by infrastructure providers.

9. Data Retention

Personal data is retained only for as long as necessary to provide the platform services and fulfill the purposes described in this policy.

User account data is generally retained while an account remains active.

If an account is deleted or an organisation stops using the platform, data may be retained for a limited period where required for security, legal, or operational reasons.

Organizations remain responsible for managing the data they upload and may request deletion of their data where appropriate.

10. Data Security

Polo HQ LTD implements technical and organisational measures designed to protect personal data against unauthorized access, loss, misuse, or alteration.

These measures include secure infrastructure environments, access controls, authentication mechanisms, and encrypted data transmission.

While we take reasonable steps to protect data, no system can guarantee absolute security.

Users and organisations must also take responsibility for protecting their account credentials and managing access to sensitive information appropriately.

11. Your Rights Under UK Data Protection Law

Individuals whose personal data is processed through the platform may have certain rights under UK GDPR.

These rights may include:

  • The right to access personal data held about them
  • The right to request correction of inaccurate data
  • The right to request deletion of personal data
  • The right to restrict processing
  • The right to object to processing
  • The right to request portability of personal data

Requests relating to personal data should generally be directed to the organisation responsible for uploading or managing that data.

If you believe your data is being processed improperly, you may contact Polo HQ LTD using the contact information provided below.

You also have the right to lodge a complaint with the UK Information Commissioner’s Office.

12. Third-Party Services

The platform may rely on third-party providers for infrastructure, communications, or payment processing.

These providers operate under their own privacy policies and security practices.

Polo HQ LTD does not control how third-party services process personal data beyond the services they provide to support the platform.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our services, legal obligations, or operational practices.

If material changes occur, we may notify users through the platform or by email.

Continued use of the platform after such updates indicates acceptance of the updated policy.

14. Contact Information

If you have questions about this Privacy Policy or wish to exercise your data protection rights, you may contact:

Polo HQ LTD
43 Diamond Ridge
Camberley, Surrey
GU15 4LB
United Kingdom

Email: info@polohq.com

You also have the right to contact the UK Information Commissioner’s Office if you believe your personal data has been handled in a way that does not comply with applicable data protection laws.