All references to: “Chris & Aaron UK BTA”, “Chris & Aaron UK”, “BTA”, “Basketball Training Academy”, “we” or “us” the domain chrisandaaron-bta.co.uk and related domains refer to:
Chris & Aaron UK – Basketball Training Academy
Brand di Tiffany Organization a.s.d.
Registered Office: Via Carlo Farini 53 – 20159 Milano – Italy
VAT n. 06276130967 – REA 1882940
Tiffany Organization a.s.d. is the Italian amateur sports association coordinating activities carried out in Italy, the United Kingdom and the United States.
This Privacy Notice applies to:
- website users;
- athletes (minors and adults);
- parents or legal guardians;
- customers making purchases;
- participants in Camps, Championships, Training Sessions and Events.
- partecipanti a Camp, Campionati, Allenamenti ed Eventi.
Access to the website and participation in activities implies acceptance of this Privacy Notice.
Enrollment in our sports and associative activities constitutes full acknowledgment of this document.

We may collect the following categories of personal data:
Identification data.
- full name
- date of birth
- nationality
Contact data.
- email address
- telephone number
- residential address
Sports-related data.
- camp or training registrations
- memberships
- technical and performance information
Administrative and payment data.
- billing information
- payment details (processed through secure providers)
Technical browsing data.
- IP address
- access logs
- device information
We collect only data necessary for the management of organizational, sporting and administrative activities.
Providing the requested data is necessary for the proper management of the associative and contractual relationship.

Personal data is processed for:
- management of registrations and memberships;
- organization of camps, training sessions and events;
- online order management;
- organizational communications;
- customer support;
- IT security;
- tax and legal compliance;
- fraud prevention.
We do not sell or transfer personal data to third parties for commercial purposes.
The legal basis for processing consists of the performance of the associative or contractual relationship, compliance with legal obligations, and, where required, the explicit consent of the data subject or the parent/legal guardian.
Failure to provide necessary data may result in the inability to complete registration or access the requested services.

During camps, training sessions, matches and events, the following may be captured:
- individual and group photographs;
- video recordings;
- technical and promotional content.
Images may be used for:
- publication on official websites;
- use on social media platforms (e.g., YouTube, Instagram, Facebook);
- informational and promotional materials;
- internal scouting and technical analysis across locations.
Authorization for image use is provided:
- by the adult athlete; or
- by the parent/legal guardian in the case of minors.
For minors, written consent is required at the time of registration.
The use of images does not entitle the participant to financial compensation unless otherwise agreed in writing.
In the absence of image authorization, the organization may restrict participation in activities involving continuous audiovisual recording.

Call Recordings. Calls to official numbers may be recorded for:
- contractual protection;
- service quality;
- security;
- regulatory compliance.
IT Security
We collect technical data (IP address, logs, access records) for:
- system protection;
- prevention of unauthorized access;
- fraud prevention;
- compliance with regulatory obligations in case of significant transactions.
Appropriate technical and organizational measures are implemented to protect personal data.
Access to personal data is limited to authorized individuals who are adequately instructed regarding confidentiality obligations.

Due to the international structure of the organization, personal data may be processed or stored in:
- Italy
- United Kingdom
- United States
Applicable Legal Framework
Processing is carried out in compliance with:
- Regulation (EU) 2016/679 on the protection of personal data;
- United Kingdom data protection legislation;
- applicable federal and state data protection laws in the United States.
Safeguards
When data is transferred outside the European Union or the United Kingdom:
- appropriate legal mechanisms are used to ensure an adequate level of protection;
- access is restricted to authorized personnel;
- technical and organizational safeguards equivalent to European standards are applied.
Data transfers occur exclusively for organizational, administrative and technical purposes related to sporting activities.
International transfers are carried out in accordance with applicable data protection laws both in the country of origin and in the country of destination.

Personal data is retained for the time necessary to fulfill the purposes for which it was collected.
Inactivity.
If no interaction occurs for four (4) years:
- the account may be deactivated;
- personal data may be removed from active systems,
subject to tax or legal retention obligations.
Guest Transactions.
For purchases made without account creation, data is retained for up to six (6) months, unless longer retention is required by law.
Any mandatory retention obligations imposed by tax, accounting or competent authorities remain unaffected.

Users have the right to:
- access their data;
- request rectification;
- request erasure (within legal limits);
- restrict processing;
- object to processing;
- request a copy of their data.
- request data portability, meaning the right to receive the personal data you have provided in a structured, commonly used and machine-readable format and, where technically feasible, to transmit those data to another data controller;
- if you are a resident of the United States or of jurisdictions that provide for such rights (including the State of Virginia), request to opt out of the processing of personal data for purposes of targeted advertising, sale of personal data, or profiling, where applicable.
Requests may be sent to:
concierge@chrisandaaron-bta.co.uk
Requests will be handled within the time limits established by applicable law.
The exercise of rights may be limited where processing is necessary to comply with legal obligations or to protect the organization’s rights in legal proceedings.

This section supplements the present Privacy Notice and applies exclusively to individuals residing in the European Economic Area (“EEA”) and the United Kingdom (“UK”).
In accordance with the EU General Data Protection Regulation (GDPR) and UK data protection law, data subjects also have the right to:
- withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal;
- receive their personal data in a structured, commonly used and machine-readable format (data portability);
- lodge a complaint with the competent supervisory authority in their country of residence.
Where personal data is transferred outside the EEA or UK, the Data Controller implements appropriate safeguards pursuant to Article 46 GDPR, including, where applicable, Standard Contractual Clauses.
A copy of the safeguards may be requested by contacting:
welcome@chrisandaaron-bta.co.uk

Provisions concerning:
- Cookies and tracking technologies;
- website usage liability;
- limitation of liability;
- external links;
are governed by separate documents:
- Cookie Policy
- Website Use Policy
This Privacy Notice may be updated at any time to reflect regulatory or organizational changes.