top of page

Privacy Policy

Welcome to Carolina Blitz Flag Football! Thank you for your interest in this Privacy Policy! This Privacy Policy describes our practices for collecting, using, protecting and disclosing the Personal Data we collect from you when you visit our website at www.carolinablitzflagfootball.com and use our services.

 

GENERAL INFORMATION

What law applies?

In principle, we will only use your Personal Data in accordance with North Carolina’s statutory privacy and data protection provisions and the  General Data Protection Regulation (“GDPR”).

 

What is Personal Data?

Personal Data is any information relating to personal or material circumstances that relates to an identified or identifiable individual. This includes, for example, your name, date of birth, e-mail address, postal address, or telephone number as well as online identifiers such as your IP address.

 

What is processing?

"Processing" means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means. The term is broad and covers virtually any handling of data.

 

Who is responsible for data processing?

The Data Controller is Carolina Blitz LLC of 600 Park Offices Drive Suite 300  Mailbox 4059  Durham, NC, USA (“Carolina Blitz Flag Football”, “we”, “us”, or “our”). If you have any questions about this policy or our data protection practices, please contact us using info@carolinablitzflagfootball.com.

 

What are the legal bases of processing?

We have to have at least one of the following legal bases to process your Personal Data:

 

  • Consent – This is where we have asked you to provide explicit permission to process your data for a particular purpose.

 

  • Contract – This is where we process your information to fulfill a contractual arrangement we have made with you or reply to your messages, e-mails, posts, calls, etc.

 

  • Legitimate Interests – This is where we rely on our interests as a reason for processing; generally, this is to provide you with the best products and service in the most secure and appropriate way. Of course, before relying on any of those legitimate interests we balance them against your interests and make sure they are compelling enough and will not cause any unwarranted harm.

 

  • Legal Obligation – This is where we have a statutory or other legal obligation to process the information, such as for archiving or the investigation of crime.

 

DATA WE COLLECT AUTOMATICALLY

When you access and use our website, we collect the Personal Data that your browser automatically transmits to our server. This is technically necessary for us to display our website and to ensure its stability and security. In this sense, we collect the following data: i) IP address of the requesting computer, ii) Date and time of access, iii) name and URL of the file accessed, iv) website from which the access was made (referrer URL), v) browser used and, if applicable, the operating system of your computer as well as the name of your access provider. The legal basis is our legitimate interest.

 

We host our website using the services of Wix. In this sense, Wix processes all data and communication data, including IP addresses, that are provided to us through our website. This means that all data submitted to our website is transferred to Wix. The legal basis for processing is our legitimate interest.

 

We also use the Content Management System (CMS) of Wix to publish and maintain the created and edited content and texts on my website. This means that all content and texts submitted to us are transferred to our Wix server. In addition to texts, this also includes, for example, your data in our forms. The legal basis for this processing is our legitimate interest.

 

DATA WE COLLECT DIRECTLY

Contacting us

If you contact us, we store and process the following data from you: Name, e-mail address, telephone number as well as other Personal Data that you provide when contacting us. This data is collected and processed exclusively for the purpose of contacting you and processing your request and then deleted, provided there is no legal obligation to retain it. The legal bases for processing are contract and our legitimate interest.

 

We process the Personal Data involved in your use of our services in order to be able to provide our contractual services. This includes in particular our support, correspondence with you, invoicing, fulfillment of our contractual, accounting and tax obligations. Accordingly, the data is processed on the basis of fulfilling our contractual obligations and our legal obligations.

 

For booking and registration for of our camps or season registration in an easy and convenient way, we use Jotform. The use of Jotform is based on our legitimate interest in planning, organizing and scheduling our services, taking into account your intake and registration data. Your data will be kept until the purpose for storing the data no longer applies or you request us to delete it. The legal basis is your consent as well as our legitimate interest.

 

If you make a purchase your payment will be processed via our payment service provider Squareup (Square), Payment data will solely be processed through Square and we have no access to any Payment Data you may submit. The legal basis for the provision of a payment system is the establishment and implementation of the contract.

 

We process data in the context of administrative tasks as well as organization of our business, and compliance with legal obligations, such as invoicing, storage and archiving. In this regard, we process the same data that we process in the course of providing our services. The processing bases are our legal obligations and our legitimate interest.

 

We use your data within the legally permissible scope for marketing purposes, e.g., to draw your attention to special promotions and discount offers. In addition, we may draw your attention to comparable offers by email, e.g., we may inform you about exclusive sales, promotions, or special events. The legal basis for processing is our legitimate interest.

 

PRINCIPLES OF PROCESSING PERSONAL DATA

We handle your personal data with care, adhering to the following principles:

 

Data Retention

We keep your data only as long as necessary for our business relationship (including contracts) and to meet legal obligations, typically for two to ten years.

 

Security Measures

We use SSL/TLS encryption and robust technical and organizational measures (like encryption and "need-to-know" access) to protect your data. While we strive for absolute security, internet transmissions have inherent risks. In case of a data breach, we will notify affected individuals promptly.

 

Children's Data

We do not process data from children or minors unless specifically required for a service, with explicit parental/guardian consent.

 

Sensitive Data

We do not process special category (sensitive) data unless it's specifically required for a service and we have your explicit consent.

 

Automated Decisions and Selling

We do not use automated decision-making or profiling. We do not sell your personal data.

 

Sharing & Disclosure

We only share your data with third parties when necessary for our services (e.g., shipping), with your consent, or when legally obliged (e.g., court order, investigations, legitimate interests).

 

International Transfers

We may transfer your data internationally. When we do, we use contractual agreements and implement all reasonable technical and organizational measures to ensure its protection.

MARKETING AND ADVERTISING

We use your Personal Data to provide you with relevant marketing communications and advertisements, both online and offline. This may include:

 

Direct Marketing

Sending you emails, newsletters, postal mail, or other communications about our programs, events, and promotions, based on your explicit consent where required by law. You can withdraw your consent and opt-out of these communications at any time.

 

Targeted Advertising

We may partner with third-party advertising networks (e.g., social media platforms, ad exchanges) to display advertisements tailored to your interests based on your online activities (e.g., website visits, interactions with our content). These third parties may use cookies and similar technologies to collect information for this purpose.

 

Offline Marketing

Using limited contact information to inform you about local events or opportunities, again, where permissible and with your consent.

 

We will obtain your clear consent before sending marketing communications when legally required. You have the right to object to or opt-out of receiving marketing communications at any time. For more information on how to manage your preferences and opt-out, please refer to the "Your Rights" section below.

 

SOCIAL MEDIA

General

We are present on social media and if you contact or connect with us via social media websites, we and the relevant social media website are jointly responsible for the processing of your data and enter into a so-called joint controller agreement. The legal basis is our legitimate interest, your consent or, in some cases, the initiation of a contract.

 

When you visit our profiles and interact with us and others

When you visit our social media profiles, we, as the operator of the profile, process your actions and interactions with our profile (e.g., the content of your messages, enquiries, posts or comments that you send to us or leave on our profile or when you like or share our posts) as well as your publicly viewable profile data (e.g., your name and profile picture).

 

Which Personal Data from your profile is publicly viewable depends on your profile settings, which you can adjust yourself in the settings of your social media account.

 

Please take care not to transmit or share sensitive data or confidential information (e.g., application documents, bank or payment data) via social media platforms; we recommend that you use a more secure means of transmission (e.g. e-mail).

 

YOUR RIGHTS AND PRIVILEGES

Privacy rights

You can exercise the following rights:

  • Right to information

  • Right to rectification

  • Right to deletion

  • Right to data portability

  • Right of objection

  • Right to withdraw consent

  • Right to complain to a supervisory authority

  • Right not to be subject to a decision based solely on automated processing.

 

If you have any questions about the nature of the Personal Data we hold about you, or if you wish to exercise any of your rights, please contact us.

 

Updating your information

If you believe that the information we hold about you is inaccurate or that we are no longer entitled to use it and want to request its rectification or deletion or object to its processing, please do so by contacting us.

 

Withdrawing your consent

You can revoke consents you have given at any time by contacting us. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

 

Access Request

In the event that you wish to make a Data Subject Access Request, you may inform us in writing of the same. We will respond to requests regarding access and correction as soon as reasonably possible. Should we not be able to respond to your request within thirty (30) days, we will tell you why and when we will be able to respond to your request. If we are unable to provide you with any Personal Data or to make a correction requested by you, we will tell you why.

 

Complaint to a supervisory authority

You have the right to complain about our processing of Personal Data to a supervisory authority responsible for data protection. The competent data protection authority in North Carolina is: The Office of the Attorney General, www.ncdoj.gov. We would, however, appreciate the chance to deal with your concerns before you approach the Attorney General’s Office.

 

USERS LOCATED ELSEWHERE IN THE UNITED STATES

While there isn't a single federal privacy law like GDPR in the US, we are committed to applying relevant privacy rules based on your state of residence. To ensure comprehensive protection, we generally aim to grant all US users the same rights and privileges outlined in this policy. If there's ever a conflict between state laws, we'll apply the most stringent provision to best protect your personal data.

 

REGULATORY COMPLIANCE

We adhere to key US regulations concerning online privacy and communications:

 

COPPA (Children's Online Privacy Protection Act)

We do not specifically market to children under 13. Where children's data is processed for specific services, explicit parental consent is obtained, putting parents in control as mandated by COPPA.

 

CAN-SPAM Act

For commercial emails, we comply with CAN-SPAM. You can unsubscribe from future emails at any time by contacting us, and we will promptly remove you from our mailing lists.

 

TCPA (Telephone Consumer Protection Act)

If we send you SMS marketing, you can opt-out by replying 'STOP' to our messages. This processing is solely based on your consent for personalized SMS advertising.

 

Do-Not-Track (DNT)

Our website does not currently respond to DNT signals, as a uniform standard is not yet finalized. We will update this policy if a standard we must follow is adopted.

 

Right to Complain

You have the right to lodge a complaint about our data processing with a data protection supervisory authority (e.g., your State's Attorney General's office). However, we encourage you to contact us first so we can address your concerns.

 

CHANGES

We may update this Privacy Policy from time to time. If we make changes to this Privacy Policy, we will revise the effective date. This Privacy Policy was last updated on Sunday, May 25th, 2025.

 

QUESTIONS

If you feel that the above is not sufficient or if you have any queries as regards the collection, processing or use of your information we are looking forward to hearing from you. We will make every effort to reply as soon as possible and take into consideration any suggestions from your end.

bottom of page