Privacy Policy
Last updated: 3 June 2026
Draft — pending legal review. This template follows the EU GDPR (Regulation 2016/679) and Spain’s LOPDGDD. Fields marked [TODO] must be completed with the company’s real data and the whole document reviewed by a qualified lawyer before publication.
This Privacy Policy explains how Total Sports Group S.L. (“TSG”, “we”, “us”) processes the personal data of visitors, athletes, parents/guardians, clubs and partners in connection with this website and our football experiences.
1. Data Controller
- Entity: Total Sports Group S.L.
- Tax ID (NIF/CIF): [TODO]
- Registered address: [TODO], Madrid, Spain
- Contact: [email protected]
- Privacy contact: [email protected]
2. What data we collect
- Identification & contact data: name, email, phone, country, club/organisation.
- Enquiry data: the information you submit through our contact, proposal or newsletter forms (group size, dates, programme interest, message).
- Athlete data (where applicable): age/date of birth, sporting level and, for confirmed bookings, data needed to deliver the programme.
- Technical data: IP address and basic device/browser data, strictly to serve and secure the site (see our Cookies Policy).
We only collect what is necessary for the purposes below.
3. Purposes and legal bases
| Purpose | Legal basis (GDPR Art. 6) |
|---|---|
| Respond to enquiries and prepare proposals | Pre-contractual steps at your request (6.1.b) |
| Manage bookings and deliver programmes | Performance of a contract (6.1.b) |
| Send the newsletter (if subscribed) | Consent (6.1.a) — withdrawable any time |
| Site security and abuse prevention | Legitimate interest (6.1.f) |
| Comply with legal/tax obligations | Legal obligation (6.1.c) |
4. Minors
Many of our programmes involve athletes under 18. Where we process the data of a minor, we require it to be provided and authorised by a parent or legal guardian, and we limit processing to what is necessary to deliver the programme safely. [TODO: confirm the consent/authorisation workflow with counsel — e.g. signed guardian consent forms for confirmed bookings.]
5. Who we share data with
We do not sell your data. We share it only with:
- Service providers (processors) acting on our instructions — e.g. website hosting ([TODO: provider]), email/newsletter platform ([TODO: provider]) — all bound by data-processing agreements.
- Programme partners (facilities, tournament organisers, travel partners) strictly as needed to deliver a confirmed experience.
- Public authorities where legally required.
6. International transfers
Our providers may process data outside the European Economic Area. Where they do, transfers are protected by adequacy decisions or the EU Standard Contractual Clauses. [TODO: list providers and the safeguard that applies to each.]
7. Retention
We keep personal data only as long as necessary: enquiry data for up to 24 months from the last contact; contractual and tax records for the periods required by Spanish law (generally up to 6 years); newsletter data until you unsubscribe.
8. Your rights
You may exercise your rights of access, rectification, erasure, restriction, objection, and portability, and withdraw consent at any time, by emailing [email protected] (proof of identity may be requested). You also have the right to lodge a complaint with the Spanish supervisory authority, the Agencia Española de Protección de Datos (AEPD) — www.aepd.es.
9. Security
We apply appropriate technical and organisational measures to protect your data against loss, misuse and unauthorised access.
10. Changes
We may update this policy. The current version and its date appear at the top of this page. Material changes will be highlighted on the site.