Privacy Policy
Effective Date: March 17, 2025
Actilynk Ltd ("we," "us," or "our") values and respects your privacy. This Privacy Policy applies to the use of our Actilynk platform (the "Service") by parents, guardians, staff, and event participants, including children under the age of 13. It outlines how we collect, use, disclose, and safeguard personal information, as well as the rights and choices you have with respect to your data.
1. Information We Collect
1.1 Personal Information
Parents/Guardians
We may collect your first and last name, email address, and other necessary contact details during sign-up. This helps us verify your identity, manage your account, and associate children's profiles with you.
Children (under 13)
Parents or guardians may provide children's names, dates of birth, school year group, emergency contact information, or dietary requirements. Children do not create their own accounts; all information is provided and controlled by a parent or guardian.
Staff
Staff members or event organisers may provide personal information (e.g., name, email address, role) to help manage event logistics, verify responsibilities, and facilitate communication related to events.
Organiser Verification
For Organisers (including schools acting as Organisers), we may request official documentation or an official email domain to verify your affiliation or authority before allowing you to create or manage events.
Payment Proofs
For offline payments, parents or guardians may upload proof of payment (e.g., receipts). These are securely stored in encrypted, secure storage.
Location Information
We may use the Google Maps API to display event venues. This involves processing location data to show event locations on maps.
Google OAuth Data
If you choose to sign up or log in via Google OAuth, we collect and store minimal Google account information (e.g., your email address) to authenticate and manage your account. We do not access or use any other data from your Google account. We comply with Google's Limited Use requirements and do not share this data with third parties for non-essential purposes.
1.2 Non-Personal Information
Usage Data
We collect technical and usage information, such as IP addresses, browser types, and operating systems. This helps us understand how the Service is accessed and used, improving performance and user experience.
1.3 Custom Questions
Event organisers may create custom registration questions. Responses provided by parents/guardians or staff will be stored as part of the registration process.
1.4 Sensitive Data
Our application includes a dedicated module for student medical information, covering details such as medical conditions and dietary requirements. This sensitive data is collected during registration to ensure the safety and well-being of participants. We only gather information essential for event participation, and any additional sensitive data is handled with explicit consent and in strict accordance with applicable data protection laws.
2. How We Use Your Information
Service Provision
To facilitate event registrations, manage parent/guardian accounts, link children's profiles to these accounts, and process offline payment proofs.
Communication
To send transactional emails about event confirmations, updates, and customer support enquiries.
Customisation
To enable event organisers to create and manage custom questions for registration, ensuring that participants (including children) are properly accounted for.
Analytics
To analyse usage patterns, improve functionality, and enhance the overall user experience.
Security & Compliance
To protect against fraud, ensure account integrity, and comply with legal obligations.
Google OAuth Data
We use your Google OAuth data solely to verify your identity and provide secure login. We do not use it for advertising or any other unrelated purposes, and we comply with Google's Limited Use requirements.
School Enrollment Verification
If you indicate that a child is enrolled in a specific school, we may share the child's name, date of birth, and year group ("Basic Student Information") with that school to verify enrolment. We only do this with schools that have completed our internal verification process and under the assumption that you have the authority to provide this child's information.
2.1 Central Data Management and Data Reuse
Actilynk is designed as the central platform for managing your registration data. When you register for an event through our Service, your information is securely stored by Actilynk. With your consent, this information may be reused to simplify and expedite future registrations with other organisations using our Service. This centralised data management ensures a seamless registration experience while maintaining full control over your personal data. All data reuse is performed in strict accordance with this Privacy Policy and applicable data protection laws.
3. How We Share Your Information
3.1 Service Providers
We may use third-party service providers under strict confidentiality obligations. They may process limited personal information to perform tasks on our behalf:
| Service | Provider | Purpose |
|---|---|---|
| Email Delivery | Resend Mailgun | Used for sending transactional emails. Only necessary personal information (e.g., your email address) is shared to facilitate message delivery. |
| Error Tracking | Sentry | Helps us identify and fix technical issues by collecting non-personal error data. |
| Analytics | Plausible | Collects aggregated, anonymised information to analyse site traffic and improve our services. |
| Map Services | Google Maps API | Utilised to display event venues on a map. Event location data may be shared with Google for this purpose. |
| Authentication | Google OAuth | We integrate with Google OAuth to allow you to sign in using your Google account. We only request and store the minimal profile data needed to authenticate your account (e.g., email). We do not share this data with third parties nor use it for advertising, and we comply with Google's Limited Use requirements. |
3.2 Legal Compliance
We may disclose personal information if required by law or in response to valid requests from public authorities, such as courts or government agencies.
3.3 Business Transactions
In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of such changes and outline any new privacy choices you may have.
3.4 Data Sales Prohibition
We do not, and will never, sell, trade, or rent your personal data to any third party. Protecting your privacy is a core value for us, and your data is used only for the purposes described in this Privacy Policy.
3.5 Enrollment Verification with Schools
If you select a verified school for a student's current enrolment, we may share Basic Student Information (name, date of birth, year group) with that school to confirm the student's enrolment status. This sharing is strictly limited to verified schools, and we do not disclose this information to any unverified entity.
3.6 Schools Acting as Organisers
When a verified school is acting as the Organiser of an event, any registration information the school has requested (e.g., name, date of birth, emergency contacts, dietary requirements, or other custom questions) will be shared with that school. By registering for a school-organised event, you acknowledge and consent that the requested data will be accessible to the school for event management purposes.
3.7 Payment Processing and Third-Party Providers
When you make a payment through our Service, your payment data is processed by our designated payment providers. For users in Thailand, payments are processed through OPN, while for users in other supported regions, payments are processed via Stripe. We share only the minimum necessary information with these providers solely to complete your transaction. Each payment provider is contractually obligated to adhere to strict security and data protection standards. For further details on how these providers handle your data, please review their respective privacy policies.
4. Data Security
We take data security seriously and employ technical and organisational measures to protect your information:
- Technical Safeguards: Encryption of data at rest and in transit, secure servers, and robust authentication mechanisms.
- Organisational Measures: Access controls, regular security training for staff, and strict data handling policies.
- Incident Response: Procedures to quickly address and mitigate data breaches, should they occur.
5. Data Retention and Deletion
Accounts (Parents/Guardians, Staff)
Retained as long as accounts remain active or necessary for event management.
Children's Data
Retained as long as needed for event participation and as permitted by parental consent and applicable laws.
Inactive Accounts
May be archived or deleted after a period of inactivity (e.g., 2 years) unless legal obligations require longer retention.
Payment Proofs
Retained for up to 7 years to comply with financial and regulatory requirements.
Custom Questions & Responses
Retained for the duration of the event plus a grace period (usually 1 year). May be archived for audit purposes (up to 3 years) unless requested otherwise by the user.
Non-Personal Usage Data
Retained indefinitely in aggregate form to help us improve the Service.
Google OAuth Credentials
We store only the minimal tokens or identifiers necessary to facilitate secure login using your Google account. You may revoke our access at any time by removing our app's permissions via your Google account settings or by contacting us at [email protected].
To request deletion of personal information, contact us at [email protected]. We will remove personal data from active systems and ensure it is not recoverable from backups within a reasonable timeframe.
6. Your Rights
Depending on your jurisdiction, you may have the right to access, correct, delete, or restrict your personal data, as well as object to certain processing or request data portability. To exercise these rights, please contact [email protected].
7. Parental Consent for Children Under 13
When Consent is Required
If you add a child under the age of 13, we will prompt you to confirm that you are their parent or legal guardian and that you consent to the collection and use of the child's information as described in this policy. You will be required to check a box affirming this consent during the registration process.
One-Time Consent per Child
Once you provide consent for a particular child, you generally will not need to re-consent for subsequent events unless our Privacy Policy changes or additional permissions are required.
Revoking Consent
You can withdraw your consent at any time by contacting us. Upon revocation, we will delete the child's personal information as required by applicable law.
8. Cookies and Tracking Technologies
We use cookies and similar technologies to enhance your user experience and gather non-personal analytics data. A cookie consent banner is provided to allow you to accept or manage your cookie preferences. You can modify these settings at any time via your browser or by revisiting the cookie banner.
9. International Data Transfers
Your information may be processed or stored outside your country of residence, including in the UK and Singapore. We implement appropriate safeguards, such as Standard Contractual Clauses (SCCs), to ensure your data is protected under applicable data protection laws (e.g., GDPR, UK Data Protection Act, Thailand PDPA).
10. Changes to This Policy
We may update this Privacy Policy to reflect changes in our practices or to comply with legal requirements. We will post updated versions with a revised "Effective Date" and will clearly communicate any significant changes.
11. Contact Us
If you have questions or concerns about this Privacy Policy or our data practices, please contact us:
Email: [email protected]
Registered Address: 8 Lewis Road, Kent, UK
By using our Service and providing personal information about yourself, children under your care, or staff details, you acknowledge that you have read and understood this Privacy Policy and agree to its terms.