NetSet · Legal

Privacy Policy

Effective Date: 1 June 2026 · Version 1.0 · GDPR-Compliant

1. Who We Are

NetSet Ltd ("NetSet", "we", "our", "us") operates the NetSet padel court booking platform. For the purposes of the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (EU GDPR 2016/679), and applicable data protection laws in the Middle East and North Africa (MENA) region, NetSet is the data controller for personal data collected through our Platform.

Data Protection Officer (DPO)
Email: privacy@netset.me

2. Data We Collect

2.1 Data You Provide Directly

  • Full name and display name
  • Mobile phone number (used for booking confirmation)
  • Email address (used for OTP authentication, booking confirmations and receipts)
  • Payment information (processed by our third-party payment provider — we do not store full card numbers)
  • Booking preferences and session history
  • Reviews and ratings you submit

2.2 Data Collected Automatically

  • Device type, operating system, and browser information
  • IP address and approximate geolocation (country/city level)
  • Pages visited, features used, and time spent on the Platform
  • Crash reports and error logs

2.3 Data We Do Not Collect

We do not collect sensitive personal data such as racial or ethnic origin, political opinions, religious beliefs, health data, or biometric data.

3. Legal Basis for Processing (GDPR Articles 6 & 9)

  • Contract performance (Article 6(1)(b)): processing necessary to provide the booking service you have requested, including payment processing and booking confirmations.
  • Legitimate interests (Article 6(1)(f)): to improve the Platform, prevent fraud, and maintain platform security.
  • Legal obligation (Article 6(1)(c)): to comply with applicable laws, including tax and financial regulations.
  • Consent (Article 6(1)(a)): for marketing communications and optional analytics cookies, where we obtain your explicit consent.

Where we rely on consent as our legal basis, you have the right to withdraw that consent at any time without affecting the lawfulness of processing before withdrawal.

4. How We Use Your Data

  • Creating and managing your account
  • Processing court bookings and payments
  • Sending booking confirmations, reminders, and receipts
  • Responding to customer support requests
  • Detecting and preventing fraud and abuse
  • Improving our Platform through anonymised analytics
  • Sending promotional communications (only with your explicit consent, which you may withdraw at any time)
  • Complying with legal and regulatory obligations

5. Data Sharing

5.1 What We Share and With Whom

  • Payment processors: We share payment data with our PCI-DSS-compliant payment provider to process transactions securely. We do not store full card numbers.
  • Cloud infrastructure providers: Our hosting and database providers process data on our behalf under strict data processing agreements.
  • SMS gateway: Your mobile number is shared with our SMS provider solely to deliver OTP codes and booking notifications.
  • Analytics providers: We use anonymised, aggregated analytics. No personally identifiable information is shared with analytics platforms.

5.2 Venue Owners — Important Notice

NetSet does not share your personal data (including name, phone number, email address, or payment information) with venue owners or venue managers. Venue operators receive only the information necessary to confirm a court has been booked (booking time, court, number of players). They do not receive your identity or contact details.

5.3 Legal Disclosure

We may disclose your data if required to do so by law, court order, or regulatory authority, or where we believe disclosure is necessary to protect the rights, property, or safety of NetSet, our users, or others.

5.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your personal data may be transferred to the acquiring entity, subject to equivalent privacy protections.

6. International Data Transfers

If you are located in the European Economic Area (EEA) or the United Kingdom, your data may be transferred to and processed in countries outside the EEA/UK, including countries in the Middle East. Where such transfers occur, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) and UK International Data Transfer Agreements (IDTAs) where applicable.

For data transfers relating to users in the UAE and broader MENA region, we comply with applicable local data protection laws, including the UAE Federal Decree-Law No. 45 of 2021 on Personal Data Protection.

7. Data Retention

Data Type
Retention Period
Account data
Duration of account + up to 3 years after closure
Booking records
7 years (financial and legal compliance)
OTP codes
Deleted immediately after use or expiry (10-minute TTL)
Marketing preferences
Until you withdraw consent
Analytics data
Anonymised within 26 months of collection

8. Your GDPR Rights

  • Right of Access (Article 15): Request a copy of the personal data we hold about you.
  • Right to Rectification (Article 16): Ask us to correct inaccurate or incomplete data.
  • Right to Erasure (Article 17): Request deletion of your data ("right to be forgotten").
  • Right to Restriction (Article 18): Ask us to restrict processing in certain situations.
  • Right to Data Portability (Article 20): Request your data in a structured, machine-readable format.
  • Right to Object (Article 21): Object to processing based on legitimate interests or for direct marketing.
  • Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time.
  • Right not to be subject to automated decision-making: We do not use fully automated decision-making that produces legal or similarly significant effects.

To exercise any of these rights, contact us at privacy@netset.me. We will respond within 30 days. We may need to verify your identity before fulfilling a request.

9. Cookies

9.1 What Cookies We Use

  • Strictly necessary cookies: Essential for the Platform to function (e.g., session management). These cannot be disabled.
  • Functional cookies: Remember your preferences (e.g., preferred language or location).
  • Analytics cookies: Collect anonymised information about how you use the Platform (only with your consent).
  • Marketing cookies: Used to deliver relevant advertising (only with your explicit consent).

9.2 Managing Cookies

You can manage your cookie preferences through your browser settings. Please note that disabling certain cookies may affect Platform functionality.

10. Security

  • TLS/SSL encryption for all data in transit
  • Encryption of data at rest
  • Multi-factor authentication for staff accounts
  • Regular security assessments and penetration testing
  • Strict access controls — staff access personal data only on a need-to-know basis

11. Children's Privacy

The Platform is not directed at children under the age of 16 (or 13 in jurisdictions where this is the minimum age). We do not knowingly collect personal data from children. If you believe a child has registered on our Platform, please contact privacy@netset.me and we will delete the account promptly.

12. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes via the Platform or by email at least 14 days before the changes take effect. The "Effective Date" at the top of this document will be updated accordingly.

13. Complaints

If you have concerns about how we handle your personal data, please contact our DPO at privacy@netset.me first. If you are unsatisfied with our response, you have the right to lodge a complaint with your local supervisory authority:

Contact: privacy@netset.me · netset.me