YUMA ELITE Logo

Privacy Policy

Last updated: 5 July 2026

1. Who we are

This website is operated by YUMA ELITE CIC, a community interest company based in Sheffield, UK. For the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, YUMA ELITE CIC is the data controller of the personal data described in this policy. You can contact us about anything in this policy at info@yumaelite.org or via the contact page.

2. What personal data we collect

We keep the personal data we collect to a minimum. Depending on how you use the site, we may collect:
  • Session bookings: your name, email address, and the details of the session you book (event, date and time).
  • Payments and donations: payments are handled by Stripe. We never see or store your card details — Stripe collects them directly. Stripe shares with us your name, email address, and confirmation that payment was made.
  • Contact: if you email us, we receive your email address, your name if you include it, and the contents of your message.

We do not use analytics, advertising, or tracking technologies, and we do not collect data about your browsing. See our Cookie Policy for full details of the (minimal) cookies and local storage we use.

3. Why we use your data and our lawful basis

Under Article 6 of the UK GDPR we must have a lawful basis for each use of your personal data:
PurposeData usedLawful basis
Taking and managing session bookings, including confirming payment and issuing refundsName, email, event details, payment statusPerformance of a contract (Article 6(1)(b))
Processing donationsEmail and payment confirmation, collected by Stripe at checkoutLegitimate interests (Article 6(1)(f)) — processing a donation you have chosen to make
Responding to enquiries you send usEmail address, message contentsLegitimate interests (Article 6(1)(f)) — responding to people who contact us
Keeping financial recordsPayment recordsLegal obligation (Article 6(1)(c)) — UK accounting and tax law

We do not use your data for marketing, we do not carry out automated decision-making or profiling, and we never sell your data.

4. Who we share your data with

We only share your data with service providers who help us run the site, and only to the extent needed:
  • Stripe (payment processing) — Stripe processes your payment details and acts as an independent controller for that data. See Stripe’s privacy policy.
  • Supabase (database hosting) — booking records are stored securely in our Supabase database.

Some of these providers may process data outside the UK. Where that happens, transfers are protected by safeguards recognised under UK law, such as the UK International Data Transfer Agreement, the UK Addendum to the EU Standard Contractual Clauses, or an adequacy decision. We may also disclose data where required by law, for example to regulators or law enforcement.

5. How long we keep your data

  • Booking records are kept for as long as needed to run the session and handle any follow-up (such as refunds), then reviewed and deleted when no longer needed.
  • Payment records are kept for 6 years as required by UK accounting and tax rules.
  • Emails are kept only as long as needed to deal with your enquiry, unless they relate to safeguarding or a legal matter.

6. Children and young people

Our programmes are aimed at young people, so some of the data we handle may relate to children. Where a session is booked for a child, we expect the booking to be made by a parent, guardian, or school. We handle children’s data with particular care, in line with the ICO’s guidance and our safeguarding policy, and we collect no more than is needed to run the session safely.

7. How we keep your data secure

All traffic to this site is encrypted (HTTPS). Card details are handled entirely by Stripe and never touch our servers. Booking records are stored in a secure database with restricted access. We review the data we hold and delete what we no longer need.

8. Your rights

Under the UK GDPR and Data Protection Act 2018 you have the right to:
  • Be informed about how your data is used (this policy).
  • Access a copy of the personal data we hold about you.
  • Have inaccurate data corrected.
  • Have your data erased (“right to be forgotten”).
  • Restrict or object to our processing of your data.
  • Data portability (receive your data in a usable format).
  • Withdraw consent at any time, where processing is based on consent.

To exercise any of these rights, email info@yumaelite.org. We will respond within one month, as required by law. We may need to verify your identity before acting on a request.

9. Complaints

If you are unhappy with how we have handled your data, please contact us first so we can try to put it right. You also have the right to lodge a complaint with the UK supervisory authority, the Information Commissioner’s Office (ICO): ico.org.uk/make-a-complaint or 0303 123 1113.

10. Changes to this policy

We may update this policy from time to time. The “last updated” date at the top of this page will always reflect the most recent revision. If we make significant changes to how we use your data, we will highlight them on this page.