Effective Date: 01/09/2025
Business Name: Padel Park Limited
Address: 82 Duke Street, Frankton, Hamilton 3204, New Zealand
Privacy Officer: Nic Woods — comments@padelpark.nz
Padel Park respects your privacy and complies with the Privacy Act 2020 (NZ) and the 13 Information Privacy Principles (IPPs). This policy explains what we collect, how we use it, who we share it with, how long we keep it, and your rights.
1) What we collect
Identification & contact: name, date of birth, gender, email, phone, postal address.
Account & preferences: login details (passwords encrypted), marketing preferences, notification settings.
Bookings & attendance: court and event bookings, coaching sessions, check-ins, cancellations/no-shows.
Payments: transaction details (processed by Stripe and, for vending, Nayax). We do not store full card numbers.
Device & usage: IP address, browser/device type, pages/screens viewed, session diagnostics (via GA4 and platform analytics).
Community features: member profile fields you choose to enable (see §10), messages you send to other members, match-ups you join.
CCTV: video footage from in-venue cameras (see §11). No audio recording.
Incidents: incident/accident reports and related information where necessary.
Health information: We do not collect health/injury information by default. We may process limited health details only if you voluntarily provide them for safety, reasonable accommodations, or where required in an incident report. See retention in §8.
2) How we use your information (purposes)
Create and manage your account; provide bookings, events and coaching.
Process payments and wallet credits; manage outstanding balances (bookings may be suspended until debts are paid).
Operate member community features (profiles, messaging, match-ups).
Provide support and respond to enquiries.
Send operational notices and (if opted-in) marketing about offers, events, and news.
Run venue security (CCTV), prevent fraud and misuse, and enforce house rules.
Analyse usage and improve our services, website and app.
Comply with law (e.g., tax and accounting).
Legal bases: consent (e.g., marketing), contractual necessity (to deliver bookings/memberships), legitimate interests (security, analytics, service improvement), and legal obligations.
3) Who we share data with (processors & partners)
We do not sell or rent your personal data. We share it with trusted service providers who act under contracts that include privacy safeguards:
Booking platform: Match Point (Spain — hosts/operates booking & member services).
Payments: Stripe (cards, online), Nayax (vending payments).
Web & hosting/CDN: Webflow (website), 1stDomains (email hosting).
Analytics & marketing: Google Analytics 4 (GA4), Meta Pixel.
Storage & docs: Google Drive (internal documents).
Messaging: WhatsApp (member and staff communications, where applicable).
CCTV: TP-Link Tapo hardware/cloud services.
Some providers may store/process data outside New Zealand (e.g., EU/EEA including Spain; US; other regions). Where required, we use comparable safeguards under NZ law (e.g., GDPR adequacy, Standard Contractual Clauses (SCCs), or equivalent mechanisms). Government agencies may receive data if required by law.
4) Cookies & tracking (drop-in)
We use cookies and similar technologies to operate the site/app, remember preferences, and measure performance (via GA4) and marketing effectiveness (Meta Pixel).
If a consent banner is not yet implemented, by continuing to use our site/app you consent to our use of analytics and marketing cookies as described in this policy.
You can control cookies in your browser; some features may not work without them.
When a consent banner is implemented, we will respect your selections (e.g., strictly necessary vs analytics/marketing).
You can opt out of marketing at any time (see §5, §9, §13). You may also adjust browser settings, use the Google Analytics opt-out add-on, and manage ad preferences in your Meta account.
5) Marketing communications
Channels include email, SMS, and push notifications.
If you opt in, your consent applies to all three channels (you can later opt out of some or all). We send essential service messages regardless of marketing preferences (e.g., booking confirmations or policy updates).Unsubscribe any time via message footer (where available), app settings, or by emailing comments@padelpark.nz
6) App & device permissions
If you upload a profile photo or similar content, your device may request camera/photos access. We do not use location, contacts, or calendar permissions.
7) Children & young people
Services are intended for 16+.
Under-16s may hold an account only if a parent/guardian has signed our U16 Declaration or the child is added under the parent’s account.
For under-16 guests at events, we avoid collecting personal data unless required for an incident report.
8) How long we keep data (retention)
We keep personal data only as long as needed for the purpose collected or as required by law.
Default periods:
Data category & Retention Account & profile dataActive account + 24 months after last activity
Bookings & attendance 24 months
Marketing preferences & logs: While subscribed + 24 months
Support enquiries 24 months
Financial & tax records (invoices, credits) 7 years
Incident/accident reports (including any health info you provided) 7 years
CCTV footage14 days (longer if reasonably needed for an incident, investigation or legal claim)
When data expires, we delete or irreversibly anonymise it.
9) Your privacy rights
Under the Privacy Act 2020, you can:Access your personal information;
Request correction of inaccurate or outdated data;
Withdraw marketing consent at any time;
Request deletion (where lawful—some records must be kept for tax, safety or dispute reasons);
Complain to the NZ Office of the Privacy Commissioner.
How to make a request: email comments@padelpark.nz or submit via the app/website or in person (with ID). We verify identity using your email on file and booking history; in-person requests require photo ID. We aim to acknowledge within 2 days and respond as soon as practicable and within 20 working days.
GDPR note: If you are in the EU/EEA, you may have additional rights under GDPR. Where GDPR applies, we rely on SCCs/adequacy (e.g., Spain) for international transfers.
10) Community features: profiles, matching & messaging
You can opt in to community features that help members connect and schedule matches. If enabled, other members may see your first and last name, skill level, and availability.
You can also message other members and join match-ups. You can disable visibility or request changes at any time via your profile settings or by contacting us. Please use community features respectfully and do not share others’ personal data without consent.
11) CCTV & venue security
We operate 24/7 CCTV in and around the venue for safety, security, and rule enforcement.
No audio recording and no facial recognition.
Footage is retained for 14 days unless needed longer for a specific incident or legal claim.
Access is restricted to authorised staff/contractors and may be provided to law enforcement where lawful.
12) Data security
We apply reasonable technical and organisational measures appropriate to our size and risk profile, including secure platforms, access controls based on role, and staff training (H&S and appropriate privacy awareness). Sensitive operations (e.g., payments) are handled by specialist providers (Stripe, Nayax).
No security measure is perfect; we work to prevent, detect, and respond to issues promptly.
13) Photos, video & media use
We may capture photos/video at Padel Park activities and use them for marketing (website, social media, and promotional material).
If you do not wish to appear, tell a staff member or email comments@padelpark.nz and we’ll take reasonable steps to respect your preference going forward. If you post reviews or tag us on social media, we may repost under legitimate interests; you can ask us to remove a repost at any time.
14) International transfers
Some vendors process data overseas (including Spain for Match Point; other locations may include the EU/EEA and the United States).
We ensure comparable safeguards under NZ law (e.g., GDPR adequacy, SCCs, or similar mechanisms).15) Breach notification
If a privacy breach poses a risk of serious harm, we will notify you and report to the NZ Privacy Commissioner in line with the Privacy Act.
16) Terms & conditions; house rules
This policy works alongside our Terms & Conditions, venue rules, Safeguarding Policy, and Disputes Policy. Using our services means you accept those terms. Complaints will be managed according to our Complains Policy.
17) Changes to this policy
We may update this policy from time to time. We’ll post changes on our website/app. Continued use of our services means you accept the updated policy.
18) Contact
Privacy Officer: Nic Woods
Email: comments@padelpark.nz
Address: Padel Park, 82 Duke Street, Frankton, Hamilton 3204, New Zealand