← Back to Helond

Privacy Policy

Last updated: 3 June 2026

1. Who we are

Helond is a referee management platform operated by Helond Ltd. ("we", "us", "our"). We help sport organisations manage referee assignments, compliance, and payments. If you have questions about this policy, contact us at privacy@helond.com.

2. What personal data we collect

We collect the following categories of personal data:

  • Identity data: first name, last name, profile photo
  • Contact data: email address, phone number
  • Location data: home postcode / ZIP code (for distance matching to fixtures)
  • Compliance data (special category): referee certification level and expiry date; background check / vetting status and expiry (e.g. Garda Vetting in Ireland, DBS Check in the UK, Working With Children Check in Australia, Vulnerable Sector Check in Canada). This data constitutes criminal records information and is processed under Article 10 GDPR / UK GDPR and equivalent legislation. It is accessible only to authorised administrators of the relevant Organisation and to Helond personnel for platform operation.
  • Payment preference data: preferred payment method; Revolut personal tag; Venmo username; Zelle contact (email or phone); bank account IBAN (where provided by the referee for direct bank transfer purposes). We do not process card numbers or hold funds.
  • Activity data: fixture assignments, availability calendar entries, notification preferences
  • Technical data: login sessions, push notification tokens, IP address (for security logs)

3. How we use your data

  • To manage your referee profile and assignments (contractual necessity)
  • To send you assignment notifications via email, SMS, push, or WhatsApp (legitimate interest / consent)
  • To calculate and track referee fee payments (contractual necessity)
  • To ensure referee compliance with certification and vetting requirements (legal obligation)
  • To provide league administrators with assignment management tools (legitimate interest)
  • To maintain security and prevent fraud (legitimate interest)

4. Third-party processors

We share data with the following processors who handle it on our behalf:

  • Supabase (EU-West/Ireland) — database and authentication hosting
  • Vercel — application hosting (servers in EU)
  • Resend — transactional email delivery
  • Twilio — SMS and WhatsApp notifications
  • Stripe — subscription billing for organisation accounts
  • Anthropic — AI-powered referee matching (fixture metadata only; no personal referee data is sent to Anthropic)

5. Data retention

We retain your personal data for as long as your referee account is active, plus 3 years for payment and compliance audit purposes. After this period, data is anonymised or deleted. You may request early deletion at any time (see Section 7).

6. Data transfers

Our primary database is hosted in the EU (Ireland). Some processors (Twilio, Resend, Anthropic) operate globally. Where data is transferred outside the EEA, we rely on Standard Contractual Clauses (SCCs) or equivalent safeguards.

7. Your rights

Depending on where you are located, you have the following rights regarding your personal data:

  • Access — request a copy of all personal data we hold about you
  • Rectification — correct inaccurate data (via your profile settings)
  • Erasure — request deletion of your account and associated data
  • Portability — receive your data in a machine-readable format
  • Objection — object to processing based on legitimate interest
  • Restriction — request we limit how we use your data

These rights apply under: EU GDPR (Ireland and EEA); UK GDPR and Data Protection Act 2018 (United Kingdom); CCPA / CPRA (California residents); PIPEDA and Quebec Law 25 (Canada); Privacy Act 1988 (Australia); and Privacy Act 2020 (New Zealand). Where applicable law provides rights beyond those listed above, those rights are not waived by these terms.

How to exercise your rights: Email privacy@helond.com or use the Delete my account option in your profile settings. We will respond within 30 days (or such shorter period as required by applicable law). We may ask you to verify your identity before processing a request.

California residents (CCPA): You may submit a verifiable consumer request up to twice per 12-month period. We will not discriminate against you for exercising any CCPA rights.

Australian residents: You may complain to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au if you are not satisfied with our response.

New Zealand residents: You may complain to the New Zealand Privacy Commissioner at privacy.org.nz.

Canadian residents:You may complain to the Office of the Privacy Commissioner of Canada (OPC) at priv.gc.ca. Quebec residents may also contact the Commission d'accès à l'information (CAI).

8. Cookies

We use only essential cookies required for authentication (session management). We do not use advertising cookies, tracking cookies, or third-party analytics cookies. No cookie consent is required for strictly essential cookies under the ePrivacy Directive.

9. California (CCPA) — Do Not Sell

We do not sell, share, or rent your personal information to third parties for commercial purposes. Helond is a B2B SaaS tool; the personal data we process is used solely to provide the referee management service to your sport organisation.

10. Contact & complaints

For privacy questions: privacy@helond.com

If you are unsatisfied with our response, you may lodge a complaint with the relevant supervisory authority:

  • Ireland (EU): Data Protection Commission — dataprotection.ie
  • United Kingdom: Information Commissioner's Office (ICO) — ico.org.uk
  • United States: Your state Attorney General, or the FTC at ftc.gov
  • Canada: Office of the Privacy Commissioner — priv.gc.ca
  • Australia: Office of the Australian Information Commissioner (OAIC) — oaic.gov.au
  • New Zealand: Privacy Commissioner — privacy.org.nz