Legal Insights for Entrepreneurs: Navigating Rugby Coach Data Protection, Refunds, and Unique Business Names
Suzanne Dibble LLB CIPP/E
Author of GDPR for Dummies | helped 50k+ small businesses to legally protect themselves | Speaker | Media Commentator
Hello, and welcome to our weekly LinkedIn newsletter!
Every Thursday, we share three valuable insights based on discussions during our Savvy Shay Business Club. This week, we tackle important legal questions surrounding rugby coaches' data protection responsibilities, handling refunds in terms and conditions, and choosing a unique business name.?Keep reading to learn more!
P.s. Exciting news! The registrations for our Total Legal Protection Training and Implementation Programme are open again for popular demand, and with new payment options to make it even easier for you to safeguard your business with comprehensive legal support. Learn more here !
And if you want to join our thriving Savvy Shay Business Club membership and get answers to your burning legal questions,?apply here , where you can try it out for just £1 for your first month... Let's get started!
Are volunteer coaches for a rugby club who share personal data of other coaches on Whatsapp and in Facebook groups (without the knowledge of the rugby club) in any way liable for failures to comply with data protection laws?
The question here is who is the data controller. A data controller is somebody who decides what to do with the personal data that it holds about certain individuals. In this instance, it is questionable as to whether the rugby club is the data controller as it is unaware that the volunteer coaches are swapping their own personal data and it has no control over the platforms on which they are sharing the data i.e. WhatsApp and Facebook.
What seems more likely is that the volunteer coaches are joint controllers of the personal data and hence each have responsibilities under the GDPR. As such, they should agree between them who would deal with things like data subject requests, such as where a coach may contact another coach and request that all of his data is deleted from a Facebook group. The person with agreed responsibility should actually action that request. However, even if one person has taken responsibility for dealing with data subject requests, all of the joint controllers would be potentially liable for compliance with this.
However, it's important to note that being joint controllers doesn't necessarily mean that the liability is shared equally. The GDPR allows for the possibility that one controller might be more responsible than the other, depending on the circumstances.
As to whether the rugby club would have vicarious liability for the actions of the volunteers, this is not clear cut. There have been cases where organisations have been held to have vicarious liability for independent contractors. However, the application of vicarious liability to volunteers is less clear and will depend on the specifics of each case.
The courts will evaluate:
A customer asked for a refund when my terms and conditions make it clear that there aren’t any refunds. She was cross and said “do I need to take this further”?which I assumed was some kind of smear campaign or social media post shooting me down in flames. So I refunded her. Do I need to add something into my t’s and c’s about defamation and threats?
The short answer is that no, you do not need something about this in your terms and conditions.
The legal issue that we are dealing with here is defamation. If you are confident that there are no issues about service delivery or misrepresentation and they are just wanting to change their mind about their purchase and get a refund, then if they were to post on social media about this and say something which caused serious harm to your reputation, they would potentially be liable for defamation.
The two defences to defamation are that the statement is true or that an honest person could have held that opinion. It's hard to see how either defences could apply here (if indeed there are no issues about service delivery or misrepresentation and they are just wanting to change their mind and get a refund). In these situations, it's important to know our rights and to stand our ground -?and if necessary to use the Defamation Cease and Desist Letter (that is in the template library of the Small Business Legal Academy) to show them that you mean business.
If, of course, you are dealing with consumers, you should always provide the 14 day cooling off period if you are selling the distance e.g. over the phone, over the Internet or by email. If the consumer were to cancel during that period, you would need to refund them. However any refunds outside of this period would be at your discretion (unless you had not notified them of the 14 day cooling off period within your terms, in which case the cooling off period and the right to a refund would extend to 12 months post the purchase date). In the case of a sale to a person who is not buying as a consumer (i.e. somebody who is buying wholly or partly for the purposes of a business, trade, craft or profession) you do not have to provide a refund in any circumstances in relation to the provision of services. Ideally this should be stated in your terms of business.
I want to set up an online business selling sweets called Tracy’s Treat. An online search shows that there are two businesses of that name - one in Orlando and one in Mauritius but they sell cakes and baked items. Is that different enough?
The first thing to do in this instance is to check the trademark registry in the UK to see whether either business has registered the name as a trademark in the UK. If you are wanting to sell the sweets globally, then you may also want to do searches of other English-speaking jurisdictions trademark registrations.
If there are no registered trademarks in the relevant class (class 30 for confectionery), we then have to ask ourselves whether either business has an unregistered trademark in the UK, in which case there may be a risk of a passing off claim being brought against you.
To succeed in a passing off claim, the claimant would have to show:
Passing off is generally a lot more difficult to prove than infringement of a registered trademark and it can also be more expensive and time-consuming, so unless the other two businesses have businesses in the UK that they want to protect and believe that there would be a real risk of confusion and loss to them, they may be unlikely to bring a claim for passing off. As to whether there is sufficient similarity between sweets and cakes, it would depend on the risk of confusion. If the other two businesses were well known brands and you started selling sweets under the same name with similar looking packaging, there could very well be a risk of confusion.
If neither business has an active presence in the UK and the UK is your main target audience, then I would suggest that regardless of the difference between sweets and cakes, you will be absolutely fine using that name in the UK. If you want to build the brand, then I would consider trademarking the name in the UK and any other jurisdiction in which you want to build your client base.
If you'd like to know how to trademark your business name, take a look at the series of trademark masterclasses (Trademark Sprint) included in your membership. If you're not yet a member of the Savvy Shay Business Club, click here to see more about all of the benefits and how to give it a try for 30 days for just £1.
And that's it for this week's newsletter!
We hope you found these insights from our Savvy Shay Business Club surgery helpful. And remember, these are just a small sample of what we offer. Join our Savvy Shay Business Club for just £1 for your first month, apply here !
Don't miss this opportunity to get the legal support you need to grow your business.
Suzanne Dibble