Privacy Policy for We Make Footballers® (Global Baseline)

Protecting Your Data

Last updated: 8th December 2025

We Make Footballers® Ltd, Registration number 07752847, trades at Willoughby House, 439 Richmond Road, Twickenham, TW1 2AG.

Your privacy is important to us. This Privacy Policy outlines how we collect, use, store, and protect your personal data when you use our website, booking software, and services.

By using our services, you consent to the practices described in this policy. These Privacy Terms apply globally, with additional protections based on local law. In the event of conflict, the jurisdiction-specific law prevails.

Local Law Compliance

• United States: WMF complies with the California Consumer Privacy Act (CCPA) and equivalent state privacy laws.
• United Kingdom: WMF complies with the Data Protection Act 2018 and UK GDPR.
• United Arab Emirates: WMF complies with Federal Data Protection Law No. 45 of 2021 (PDPL).
• Australia: WMF complies with the Privacy Act 1988 (Cth) and Australian Privacy Principles (APPs).

1. What This Policy Covers

• What data we collect about you.
• How we collect your personal data.
• What we do with your data.
• Where we store your data.
• How we keep your data secure.
• Whether we share your data with third parties.
• The cookies and pixels we use.
• Your rights in relation to your data.

This Privacy Policy forms part of our Website Terms. By accepting our Website Terms, registering for our services, or signing up for newsletters, you consent to the practices described herein. You may withdraw consent at any time by contacting us at [email protected].

2. Information We Collect

2.1 Information You Provide

We collect the following types of personal data directly from you:

• Player Information: Name, date of birth, medical details, performance data.
• Parent/Guardian Information: Name, email, phone number, payment details.
• Other Details: Feedback forms, correspondence, registration details.

2.2 Automatically Collected Information

We use tools such as Google Analytics, MoEngage, and cookies to collect:

• IP address and device information (browser, operating system).
• Website and email engagement (pages visited, newsletter clicks).
• Timezone and approximate geolocation data.

2.3 Publicly Available Information

We may collect data from public records (for example, the electoral register) for verification purposes, where lawful.

3. How We Use Your Information

We process data for the following purposes:

• Service Delivery: Managing bookings, communications, and training sessions.
• Marketing: Sending promotional emails, offers, and tailored content (where permitted by law and your preferences).
• Session Analysis: Improving training, coaching quality, and player development.
• Recording and Sharing: VeoCam and similar footage may be shared with parents, scouts, or used for marketing in line with this policy.
• Fraud Prevention: Verifying identities and preventing misuse of our services.

3.1 Payment Data & Automatic Retry Processing

We Make Footballers® uses trusted, PCI-DSS compliant payment processors (including Stripe, GoCardless, or any future approved provider) to securely store payment credentials such as card tokens or bank mandate details. WMF does not store raw card or bank details.

Where the Parent provides payment information for a subscription or recurring booking, WMF may process this stored payment method to automatically reattempt failed payments in accordance with our Terms & Conditions. This processing includes:

• securely storing payment tokens through third-party payment processors;
• sending instructions to the payment processor to retry failed charges;
• notifying the Parent of failed payments and upcoming retry attempts;
• reconciling payment results for customer account management.

All retry processing is carried out under the legal basis of contractual necessity and explicit customer consent, as provided through the checkout process and our Terms & Conditions.

The Parent may withdraw consent for future retry attempts at any time through the Parent Area (subject to the cancellation terms applicable to their subscription). Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal.

Payment data is processed in accordance with applicable privacy laws in the Parent’s jurisdiction, including UK GDPR, the Data Protection Act 2018, CCPA or equivalent U.S. state laws, UAE PDPL, and the Australian Privacy Principles.

We Make Footballers’ Customer Service team may contact Parents regarding failed, pending, or overdue payments for the purpose of assisting with account resolution. Support may include sending payment links, explaining how to update payment methods, and providing general guidance to help ensure the Parent’s account remains up to date. All payments must be completed directly by the Parent. WMF staff will not collect, input, or process payment information on behalf of any Parent.

3.2 Legal Basis for Processing (GDPR Jurisdictions)

In jurisdictions where GDPR or equivalent laws apply, we process personal data under one or more of the following lawful bases:

• Contractual necessity: Managing bookings, payments, and service delivery.
• Legitimate interests: Improving training quality, analytics, service optimisation, and fraud prevention (balanced against your rights and freedoms).
• Consent: Marketing communications, optional recordings, optional cookies, and certain types of data sharing.
• Legal obligations: Safeguarding, incident reporting, financial and regulatory compliance.

4. Sharing Your Information

4.1 Service Providers

We use trusted third parties for secure processing and service delivery, including:

• Typeform – sign-up forms.
• Active Campaign – email communications.
• MoEngage – booking-related emails and engagement tracking.
• Google Analytics – website and app analytics.
• AWS – secure hosting and storage.
• Make – data transfer and automation workflows.
• GetVero – promotional communications and notifications.
• Postmark – transactional emails.
• Twilio – SMS communications.
• ManyChat – WhatsApp messaging.
• Veo – recording storage and controlled sharing.

These providers process data on our behalf and are bound by contractual and security obligations.

4.2 International Transfers

Data may be transferred outside the UK/EU (for example, to the USA, UAE, Australia, India, or Argentina) where our teams, academies, or service providers are based. Standard safeguards (such as Standard Contractual Clauses and encryption) are applied.

Where required, international transfers are governed by Standard Contractual Clauses (SCCs) and the UK International Data Transfer Addendum (IDTA), along with encryption and strict access controls.

4.3 Advertising

Our website may feature third-party advertisements. While we do not share identifiable customer data with advertisers, they may use cookies or pixels to personalise ads and measure performance. You can manage such technologies via your browser settings and any consent tools we provide.

5. Recording and Photographing Sessions

WMF may record or photograph sessions for the following purposes:

• Marketing & promotion – showcasing coaching activities and achievements.
• Security & safeguarding – supporting participant safety and incident review.
• Performance analysis – helping players and coaches assess and improve performance.
• Scouting with partner clubs – sharing footage with partner clubs (with parental consent before external sharing).
• Coach training – supporting internal training and quality assurance for coaches.

Consent: By attending our sessions, you consent to such recording and photography. Parents who do not wish their child to be recorded must notify WMF in writing at [email protected]. WMF will make reasonable efforts to respect such requests, although incidental inclusion in group footage or wide-angle recordings may still occur.

6. Data Retention

• Personal Data: Retained for 5 years after your last interaction with WMF, unless a longer period is required by law or necessary for safeguarding.
• Session Recordings: Retained for 3 years unless renewed consent is given or a longer retention period is required for safeguarding or legal reasons.
• Marketing Data: Retained until you opt out or we determine that you are no longer actively engaging with our communications.

Retention periods reflect safeguarding requirements, legal obligations, and our legitimate interests in maintaining accurate training and service records.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you.
• Correct or update inaccurate data.
• Delete your data in certain circumstances.
• Withdraw consent for marketing or recordings.
• Request portability of your data (where legally applicable).
• Lodge complaints with your local data authority (see jurisdiction-specific supplements below).

To exercise your rights, please contact us at [email protected].

8. Cookies and Pixels

We use cookies and similar technologies (such as pixels) to:

• Analyse site performance and usage.
• Personalise user experiences.
• Track engagement with marketing campaigns and emails.

You can manage cookies through your browser settings and any cookie consent tools we provide. Disabling some cookies may affect how our website functions.

9. Data Security

We use strict measures to protect your data, including:

• Encryption in transit and, where appropriate, in storage.
• Secure hosting on reputable cloud platforms (such as AWS).
• Limited, role-based access for authorised personnel only.
• Regular monitoring and review of security practices.

10. Complaints

If you have a concern about how we handle your data, please contact us at [email protected]. We aim to respond within 30 working days where reasonably practicable.

Jurisdiction-Specific Supplements

United States 🇺🇸

• Law: California Consumer Privacy Act (CCPA) and applicable state privacy laws.
• Children’s Data: The Children’s Online Privacy Protection Act (COPPA) applies for under-13s; parental consent is required.
• Rights: Access, deletion, correction, and the right to opt out of the sale or sharing of personal information, where applicable.
• Complaints: May be raised with the Federal Trade Commission (FTC) or relevant state Attorney General.

United Kingdom 🇬🇧

• Law: UK GDPR and the Data Protection Act 2018.
• Children’s Data: Parental consent is required for under-13s for certain processing (such as online services and marketing).
• Rights: Access, rectification, restriction, deletion, portability, and objection to certain processing.
• Complaints: May be raised with the Information Commissioner’s Office (ICO).

United Arab Emirates 🇦🇪

• Law: Federal Data Protection Law No. 45 of 2021 (PDPL) and Wadeema’s Law for child protection.
• Children’s Data: Additional protection applies; parental consent is mandatory.
• Safeguarding: Staff must escalate child protection concerns to the relevant UAE authorities.
• Rights: Correction or deletion of data in accordance with PDPL.
• Complaints: May be raised with the UAE Data Office or equivalent supervisory authority.

Australia 🇦🇺

• Law: Privacy Act 1988 (Cth) and Australian Privacy Principles (APPs).
• Children’s Data: Treated as sensitive; parental consent is required for most