Privacy Policy

Last updated: 1 April 2026

Sessions.Center ("Sessions", "we", "us", "our") is operated by CORE Distribution Ltd, registered in England and Wales. We are committed to protecting your privacy and handling your data in accordance with UK GDPR and the Data Protection Act 2018.

1. Who We Are

Data Controller: CORE Distribution Ltd, 3 Vale Row, Parkvale Avenue, North Cheshire Trading Estate, Prenton, Wirral, CH43 3HF, United Kingdom.

Contact: info@sessions.center | +44 (0) 151 394 2047

2. What Data We Collect

2.1 Platform Customers (Venue Operators)

• Name, email address, phone number
• Business name, address, VAT number
• Payment and billing information (processed via Stripe)
• Account login credentials (passwords are hashed and never stored in plain text)

2.2 Venue Members (End Users)

Venue operators use Sessions to manage their members. The following data may be collected and processed on behalf of the venue operator (who acts as the data controller for their members):

• Name, date of birth, email, phone number, address
• Emergency contact details
• Medical information relevant to participation (allergies, conditions)
• Profile photographs
• Sport preferences, membership status, booking history
• Waiver and consent signatures (including timestamps and IP addresses)
• Payment transaction records
• Check-in and attendance data

3. How We Use Your Data

• To provide and maintain the Sessions platform
• To process subscriptions and payments
• To send transactional emails (booking confirmations, receipts, reminders)
• To provide customer support
• To improve our services and user experience
• To comply with legal obligations

4. Legal Basis for Processing

• Contract: Processing necessary to provide the services you have subscribed to
• Legitimate Interest: Service improvements, security, fraud prevention
• Consent: Marketing communications (you can opt out at any time)
• Legal Obligation: Tax records, regulatory compliance

5. Data Sharing

We do not sell your personal data. We may share data with:

• Stripe: Payment processing
• Resend: Transactional email delivery
• Render: Cloud hosting infrastructure
• Accounting integrations: Xero, QuickBooks, or Sage (only when configured by the venue operator)

6. Data Retention

We retain your data for as long as your account is active or as needed to provide services. When an account is closed, personal data is deleted within 90 days, except where retention is required by law (e.g., financial records retained for 7 years).

7. Your Rights

Under UK GDPR, you have the right to:

• Access your personal data
• Rectify inaccurate data
• Request erasure ("right to be forgotten")
• Restrict or object to processing
• Data portability
• Withdraw consent at any time

To exercise these rights, contact info@sessions.center.

8. Cookies

Sessions uses essential cookies for authentication and session management. We do not use third-party tracking cookies or advertising cookies. Essential cookies cannot be disabled as they are required for the platform to function.

9. Data Security

We implement appropriate technical and organisational measures to protect your data, including:

• Encrypted data transmission (HTTPS/TLS)
• Hashed passwords (bcrypt)
• Regular security updates
• Access controls and authentication
• UK and EU-based hosting infrastructure

10. International Transfers

Your data is primarily stored and processed within the UK and EU. Where data is transferred outside the UK, appropriate safeguards are in place in accordance with UK GDPR.

11. Children's Data

Venue members may include children. Parental or guardian consent is required for processing children's data. This is managed by the venue operator through their registration and waiver processes.

12. Changes to This Policy

We may update this policy from time to time. Material changes will be notified via email or through the platform. The "last updated" date at the top reflects the most recent revision.

13. Complaints

If you have concerns about how your data is handled, please contact us at info@sessions.center. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.