GDPR Privacy Policy
Last updated: 2026-04-17
Effective date: 2026-04-17
1. Data Controller
The data controller responsible for your personal data is:
Tenpin Ireland (the National Governing Body for Tenpin Bowling in Ireland)
Sports Ireland Campus
Blanchardstown
Dublin 15, D15 PN0N
Ireland
Email: info@tenpinireland.ie
This policy is issued in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and the Irish Data Protection Act 2018. It describes how we collect, process, store, and protect the personal data of our members, website visitors, and event participants.
2. Categories of Personal Data We Collect
2.1 Data Provided by You
When you register for membership, enter events, or use our services, we may collect:
- Identity data: first name, last name
- Contact data: email address, phone number
- Membership data: club affiliation, home bowling centre, bowling average, bowling hand (left/right)
- Arsenal data: bowling ball collection details (ball names, weights, layouts, surface preparation notes)
- Event data: tournament registrations, entry details, results
- Payment data: processed securely by Stripe (we do not store card numbers)
- Communications: messages submitted via our contact form (name, email, subject, message content)
2.2 Data Collected Automatically
When you visit our website, the following may be collected automatically:
- Browser type and version
- Pages visited and time of visit
- Referring URL
We use Cloudflare Web Analytics, a privacy-first analytics service that does not use cookies, does not track users across websites, and does not collect personally identifiable information.
2.3 Data from Third Parties
We may receive results data from tournament organisers, affiliated clubs, or the European Tenpin Bowling Federation (ETBF) / World Bowling in connection with international competitions.
3. Purposes and Legal Basis for Processing
Under Article 6 of the GDPR, we process your personal data on the following legal bases:
| Purpose | Legal Basis |
|---|---|
| Member registration and account management | Performance of a contract (Art. 6(1)(b)) |
| Processing membership payments | Performance of a contract (Art. 6(1)(b)) |
| Tournament and event administration | Performance of a contract (Art. 6(1)(b)) |
| Responding to contact form inquiries | Legitimate interest (Art. 6(1)(f)) |
| Publishing results and rankings | Legitimate interest (Art. 6(1)(f)) |
| Safeguarding and child protection compliance | Legal obligation (Art. 6(1)(c)) |
| Anti-doping compliance (Sport Ireland / WADA) | Legal obligation (Art. 6(1)(c)) |
| Website analytics and improvement | Legitimate interest (Art. 6(1)(f)) |
| Sending membership communications and updates | Consent (Art. 6(1)(a)) or legitimate interest |
Where processing is based on consent, you may withdraw that consent at any time by contacting us at info@tenpinireland.ie. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.
4. Children's Data and Safeguarding
As the National Governing Body for Tenpin Bowling in Ireland, we operate youth and cadet development programmes. We take the protection of children's personal data extremely seriously.
- For members under the age of 18, we require parental or guardian consent before collecting and processing personal data, in accordance with Article 8 of the GDPR and the Irish Data Protection Act 2018, Section 31.
- We collect only the minimum data necessary for youth membership and event participation.
- All personnel with access to children's data are subject to Garda vetting and Tenpin Ireland's Safeguarding Policy, which is available at /policies/safeguarding.
- We comply with Sport Ireland's Code of Ethics and Good Practice for Children's Sport.
5. Cookies and Session Data
Our website uses the following cookies:
| Cookie | Type | Purpose | Duration |
|---|---|---|---|
tpi_session | Strictly necessary | Maintains your login session after authenticating via magic link | 30 days |
We do not use advertising cookies, tracking pixels, or any third-party marketing cookies. Cloudflare Web Analytics operates entirely without cookies.
The tpi_session cookie is classified as strictly necessary under
Article 5(3) of the ePrivacy Directive (2002/58/EC) as it is essential for providing the
member login service you have requested. No consent is required for strictly necessary cookies.
6. Third-Party Data Processors
We share your personal data only with trusted third-party processors who act on our instructions and are bound by data processing agreements in accordance with Article 28 of the GDPR:
| Processor | Purpose | Location |
|---|---|---|
| Cloudflare, Inc. | Website hosting, CDN, security, and analytics | Global (EU data region available) |
| MailerSend (Mailgun Technologies) | Transactional emails (magic link authentication) | EU |
| Stripe, Inc. | Membership payment processing | Ireland / EU |
We do not sell, rent, or trade your personal data to any third party. Data is shared only as described above or when required by law.
7. International Data Transfers
Some of our processors (notably Cloudflare) may process data outside the European Economic Area (EEA). Where this occurs, appropriate safeguards are in place, including:
- EU Standard Contractual Clauses (SCCs) approved by the European Commission
- The processor's certification under relevant data protection frameworks
- Data processing agreements compliant with Article 46 of the GDPR
8. Data Retention
We retain personal data only for as long as necessary for the purposes outlined in this policy. The following retention schedule is based on the ITBA/Tenpin Ireland data retention policy:
| Data Category | Retention Period |
|---|---|
| Membership records (name, contact details, membership type) | Duration of membership plus 7 years after expiry |
| Competition results and rankings | Retained indefinitely for historical records |
| Financial records (membership fees, event entry fees, payments) | 7 years (Irish Revenue Commissioners requirement) |
| Child safeguarding records (vetting, incident reports) | As required by Sport Ireland and applicable child protection legislation |
| Correspondence (emails, contact form submissions) | 3 years after resolution |
| Medical and anti-doping records | Duration of membership plus 7 years |
| Session and authentication data | 30 days (auto-expired) |
| Magic link tokens | 15 minutes (auto-expired), records retained for 90 days for security |
| Website analytics (Cloudflare) | 12 months (managed by Cloudflare, no PII collected) |
Upon expiry of the retention period, data is securely deleted or anonymised.
9. Your Rights Under GDPR
Under the GDPR, you have the following rights in relation to your personal data. To exercise any of these rights, contact us at info@tenpinireland.ie. We will respond within 30 days of receiving your request.
- Right of access (Art. 15): You have the right to request a copy of the personal data we hold about you.
- Right to rectification (Art. 16): You have the right to request correction of inaccurate or incomplete data.
- Right to erasure (Art. 17): You have the right to request deletion of your personal data ("right to be forgotten"), subject to legal retention requirements.
- Right to restriction (Art. 18): You have the right to request that we restrict processing of your data in certain circumstances.
- Right to data portability (Art. 20): You have the right to receive your data in a structured, commonly used, machine-readable format.
- Right to object (Art. 21): You have the right to object to processing based on legitimate interests or for direct marketing purposes.
- Right to withdraw consent (Art. 7(3)): Where processing is based on consent, you may withdraw it at any time.
- Right not to be subject to automated decision-making (Art. 22): We do not use automated decision-making or profiling that produces legal effects.
10. Right to Lodge a Complaint
If you are unsatisfied with how we handle your personal data, you have the right to lodge a complaint with the Data Protection Commission (An Coimisiun um Chosaint Sonrai), the Irish supervisory authority:
Data Protection Commission
21 Fitzwilliam Square South
Dublin 2, D02 RD28
Ireland
Phone: +353 (0)1 765 0100 / 1800 437 737
Website: www.dataprotection.ie
11. Data Security
We implement appropriate technical and organisational measures to protect your personal data, including:
- HTTPS encryption on all pages
- HttpOnly, Secure session cookies to prevent cross-site scripting
- Content Security Policy (CSP) and security headers
- Encrypted database storage (Cloudflare D1)
- Passwordless authentication (magic links) to eliminate password-related vulnerabilities
- Payment data processed directly by Stripe — card details never touch our servers
- Access controls restricting data access to authorised personnel only
While we take all reasonable precautions, no method of transmission over the Internet is entirely secure. We cannot guarantee absolute security of data transmitted to our site.
12. Data Sharing With Sporting Bodies
As the National Governing Body for Tenpin Bowling, we may share limited member data with:
- Sport Ireland — as required for grant funding, anti-doping, and safeguarding compliance
- European Tenpin Bowling Federation (ETBF) — for international team selection and competition entries
- World Bowling — for international rankings and competition administration
- Affiliated clubs — limited to data necessary for league and competition management
This sharing is carried out under our legitimate interest as the NGB for tenpin bowling in Ireland and, where applicable, with your consent at the time of registration.
13. Changes to This Policy
We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated "Last updated" date. Where changes are significant, we will notify members via email. Your continued use of our website and services after changes constitutes acceptance of the revised policy.
14. Contact Us
For any questions, concerns, or requests regarding this Privacy Policy or your personal data, contact:
Tenpin Ireland
Sports Ireland Campus
Blanchardstown
Dublin 15, D15 PN0N
Ireland
Email: info@tenpinireland.ie