We are committed to protecting the privacy and security of your personal information. This privacy notice describes how we collect and use personal information about you during and after the race, in accordance with the General Data Protection Regulation (GDPR) and Data Protection Act 2018.
We, as the data controller, are Friends of Nettlebed School, a charity with registration number 1091177. We can be contacted at firstname.lastname@example.org.
This notice is not contractual and we may update this notice at any time but if we do so, we will provide you with an updated copy of this notice as soon as reasonably practical.
It is important that you read and retain this notice, together with any other privacy notice we may provide on specific occasions when we are collecting or processing personal information about you, so that you are aware of how and why we are using such information and what your rights are under the data protection legislation.
Personal data means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
When you sign up for a race online, you are required to input various data, including your name, telephone number, email address and your child’s name if they are participating as well. This will be used for our legitimate interests in administering the event, checking information and keeping you updated. Your email address will also be used to notify you of future races, unless you ask us not to do this.
If you sign up on the day for your child to participate, you will be asked to provide:
• Parent’s name
• Child’s name
• Child’s date of birth
• Parent’s telephone number
• Parent’s email address (or postal address if you do not have an email address)
• Emergency contact name and number (in addition to parent in attendance)
• Relevant medical details
If you are not providing this information for your own child, you will be required to confirm that you have the consent of the child’s parent to provide this.
“Special categories” of particularly sensitive personal information, being data relating to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for identifying people, health information and data concerning sex life or sexual orientation, require higher levels of protection. We may collect, store and use this information if you provide it to us and consent to us using it for a specific purpose, where it is necessary to protect your interests (or someone else’s interests) and you are not capable of giving your consent, or where you have already made the information public. For example, we may collect, store and use information you give us about your health where it is useful to ensure your safety whilst you are at an event and may provide this to anyone providing you with medical assistance.
Some of the above grounds for processing will overlap and there may be several grounds which justify our use of your personal information, whether sensitive or not.
The online application form is on platform operated by Run Britain, a division of UK Athletics Limited. So they will have access to your data.
We use a third-party organiser, currently Chip Timing Solutions, to manage the registration and payment platform, as well as time the race. They will therefore also have access to your data.
We use an independent photographer for the benefit of participants. They will not publish photos of any runner who marks their race number with a red cross. We do not provide them with any personal data. We may also take some photos ourselves to use in accordance with the Terms and Conditions for the relevant event.
Bucks Events Medics will provide medical coverage. We will only share personal details/relevant medical info in event of an emergency.
Certain details such as your (and any participating child’s) name, event category and running club or age group, but not contact data, may appear on results websites, results emails, text messages and in newspapers.
Our banks, insurers, solicitors, accountants and other advisers are also entitled to obtain specific data on request as part of our compliance checks and legal obligations, although they rarely need specific personal data. Any personal data may be held and used for establishing, exercising or defending legal claims.
We use cloud-based servers for e-mails and general data storage as detailed in the section below titled “Transferring information outside the EU”. We only allow our third-party service providers to use your personal data for specified purposes and in accordance with our instructions.
We may also disclose your Personal Data if we believe such action is necessary. For example if you need medical assistance at the event, we will provide your name and the name and contact details for a relative (if known to us) to people we feel need to know.
We delete event-specific data within two years of the event (and ask Chip Timing Solutions to do the same), but we may retain email addresses for up to five years, so we can notify you of future events.
In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.
We use cloud-based systems for e-mails and general data storage, currently MailChimp and Dropbox.
Information about MailChimp’s international transfers of data can be found at https://mailchimp.com/legal/data-processing-addendum/#6._International_Transfers. This says that data may be transferred to the USA and other countries but MailChimp shall ensure that such transfers are made in compliance with the requirements of data protection laws.
Information about Dropbox can be found at https://help.dropbox.com/accounts-billing/security/physical-location-data-storage. This says that all files stored online by Dropbox are encrypted and kept in secure storage servers. Storage servers are located in data centers across the United States.
A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree. Cookies contain information that is transferred to your computer’s hard drive. We do not analyse data collected by any cookies on our website.
Our website may contain links to enable you to visit other websites of interest easily. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information that you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
In the limited circumstances where you may have consented to the collection, processing and transfer of your personal information for a specific purpose, you may withdraw your consent for that specific processing at any time. To do so, please contact us using the contact details above. We will then no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. Please note that we may process your personal information without your knowledge or consent, where this is required or permitted by law.
If you fail to provide certain information when requested, we may not be able to participate in the event, depending on the specific data, why we need it and what risks the provision of it poses to your rights and freedoms.
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. However, unfortunately, the transmission of data via the internet is not completely secure and we cannot guarantee the security of your data transmitted to our site, and transmission is at your own risk.
You have a number of rights under the GDPR:
• the right to access personal data we hold;
• the right to ask us to rectify or complete our records;
• the right to ask us to delete personal data;
• the right to object to us processing your personal data;
• the right to restrict our processing; and
• the right to ask us to transfer your personal data to another organisation.
These are not absolute rights and are subject to specific conditions and depend on our processing purposes. If you are interested in using any of these rights, please contact our Data Protection Officer. You will not usually have to pay a fee to exercise any of these rights.
It is important that the personal information we hold is accurate and current. Please keep us informed if your personal information changes during your relationship with us.
We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.
If you are unhappy with any aspect of our processing of your personal data, we ask that you talk to us about it first, using the contact details set out above, and discuss your concerns with us. If you are not satisfied with the outcome, you may lodge a complaint with the Information Commissioner’s Office.
If you have any questions about this Privacy Notice, please contact us using the contact details above.