1. Introduction
This Privacy Policy explains how Ace Rally Media collects, uses, shares, and protects personal data, and sets out your rights under UK data-protection law. It applies to our website at acerally.co.uk, to visitors and prospective clients, and to our Services (Rally AI, RacketSync, Ask Ace, and our digital marketing services).
Who we are. Ace Rally Media is a trading name of MB Digital Services Ltd, a company registered in England and Wales. For the purposes of UK data-protection law, MB Digital Services Ltd is the entity responsible for the data described in this policy. You can contact us at info@mbdigital.services.
We comply with the UK General Data Protection Regulation (“UK GDPR”) and the Data Protection Act 2018.
2. Controller and Processor — Our Two Roles
It is important to understand the difference between the two roles we play, because they determine who is responsible for the data and which parts of this policy apply to you.
2.1 Where we are the controller
We are the “controller” (we decide why and how data is used) for:
- visitors to our website and people who contact us or enquire about our Services;
- our business clients and their staff (account contacts, billing contacts);
- recipients of our own marketing; and
- data we collect to run and improve our own business.
Sections 3 to 12 of this policy apply to data for which we are the controller.
2.2 Where we are the processor
When we provide Rally AI, RacketSync, and Ask Ace to a club or venue, that club’s end-customer data — its members, players, leads, and contacts — is controlled by the club, not by us. The club decides why that data is collected and used; we process it on the club’s documented instructions in order to provide the Services. In that situation:
- The club is the controller and is responsible for telling its own members and players how their data is used (through the club’s own privacy notice) and for having a lawful basis to collect it.
- We are the processor and handle that data only to operate the Services, under the data-protection terms of our Service Agreement with the club.
If you are a member, player, or customer of a club that uses our Services and you have questions about your data, please contact the club directly, as they are the controller. We will support the club in responding to any request.
3. Personal Data We Collect
As controller, we may collect and process the following categories of personal data:
| Category | Examples | Source |
|---|---|---|
| Identity & contact | Name, business name, job title, email, phone, postal address | You, when you enquire or contract with us |
| Account data | Login identifiers, account settings, preferences | Created during onboarding |
| Transaction data | Billing details, invoices, payment records | You and our payment providers |
| Communications | Emails, messages, call notes, support requests | Your interactions with us |
| Technical & usage | IP address, device and browser type, pages viewed, referring URLs | Automatically via cookies and similar tools |
| Marketing data | Engagement with our ads, emails, and campaigns; ad-platform identifiers | Advertising and analytics platforms |
We do not intentionally collect special-category data (such as health data) about our own contacts. Please do not send us such data unless necessary and lawful.
4. How We Use Personal Data & Our Lawful Bases
As controller, we use personal data for the following purposes, relying on the lawful bases shown:
| Purpose | Lawful basis | Notes |
|---|---|---|
| Providing and managing the Services to clients | Contract | To deliver what we have agreed |
| Responding to enquiries | Legitimate interests | To answer and follow up with prospects |
| Billing, payments, and record-keeping | Contract / Legal obligation | Including tax and accounting requirements |
| Marketing our Services to businesses | Legitimate interests / Consent | You can opt out at any time |
| Website analytics and improvement | Consent | Via cookies where consent is given |
| Security, fraud prevention, and compliance | Legitimate interests / Legal obligation | To protect our business and users |
Where we rely on legitimate interests, we have assessed that those interests are not overridden by your rights. Where we rely on consent, you may withdraw it at any time.
5. Marketing Communications
- We may send business-to-business marketing about our Services. You can opt out at any time using the unsubscribe link in our emails or by contacting info@mbdigital.services.
- We will only send marketing by electronic means where we are permitted to do so under the Privacy and Electronic Communications Regulations (PECR), and we honour all opt-out requests promptly.
6. Cookies & Tracking
Our website uses cookies and similar technologies, including advertising and analytics tools such as the Meta Pixel. Non-essential cookies are only set where you have given consent through our cookie banner. Full details of the cookies we use, and how to manage them, are set out in our separate Cookie Policy.
7. How We Share Personal Data
We do not sell personal data. We share it only as necessary, with:
- Service providers and sub-processors who help us operate — including cloud hosting and CRM infrastructure providers, email, SMS and messaging providers, payment processors, analytics and advertising platforms, and trusted AI providers that power our AI features.
- Advertising platforms such as Meta and Google, where we run campaigns or measure their performance, in line with their terms and your cookie choices.
- Professional advisers such as our accountants and legal advisers, where necessary.
- Authorities or third parties where required by law, to enforce our terms, or to protect our rights, property, or safety.
All our processors are bound by contracts requiring them to protect personal data and to process it only on our instructions.
8. International Transfers
Some of our providers, and the infrastructure on which Rally AI and related Services run, are located outside the United Kingdom. This means personal data may be transferred to, stored, and processed in countries outside the UK.
Where personal data is transferred outside the UK, we ensure an appropriate safeguard is in place as required by UK data-protection law — such as the transfer being to a country with UK ‘adequacy’ status, or the use of the UK International Data Transfer Agreement or the UK Addendum to the EU Standard Contractual Clauses, together with any additional measures needed to protect the data. You can request more information about the safeguards we use by contacting info@mbdigital.services.
9. How Long We Keep Personal Data
We keep personal data only for as long as necessary for the purposes for which it was collected, including to satisfy any legal, accounting, or reporting requirements.
- Client and billing records are typically kept for up to six (6) years after the end of the relationship, to meet tax and legal requirements.
- Enquiry and prospect data is kept for a reasonable period and then deleted if it does not lead to a relationship.
- Where we are a processor, retention of club end-customer data is determined by the club and our Service Agreement, and that data is returned or deleted on termination as described in our Data Deletion Policy.
10. Data Security
We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, or misuse. These include access controls, encryption in transit, restricted credentials, and contractual obligations on our providers. No system is completely secure, but we take our obligations seriously and will notify you and the relevant authorities of any breach where the law requires.
11. Your Rights
Where we are the controller of your data, you have the following rights under UK GDPR:
- the right to be informed about how we use your data;
- the right of access to a copy of your data;
- the right to rectification of inaccurate data;
- the right to erasure (“the right to be forgotten”) in certain circumstances;
- the right to restrict or object to processing;
- the right to data portability; and
- the right to withdraw consent at any time where we rely on consent.
To exercise any of these rights, contact info@mbdigital.services. We will respond within one month, as required by law. If your data is held by a club that uses our Services, please contact that club, as they are the controller; we will assist them in responding.
You also have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority, at ico.org.uk. We would, however, appreciate the chance to address your concerns first.
12. Children
Our Services are provided to businesses and are not directed at children. Where a club collects data relating to junior members, the club is the controller and is responsible for the appropriate lawful basis and any parental-consent requirements.
13. Changes to This Policy
We may update this Privacy Policy from time to time. The current version will always be available on our website, and the “Last updated” date shows the latest revision. Material changes will be communicated where appropriate.
14. Contact Us
For any questions about this policy or your personal data, contact MB Digital Services Ltd t/a Ace Rally Media at info@mbdigital.services.