PRIVACY NOTICE Last reviewed: 10 June 2018
This Privacy notice explains what information Marlow Riders (‘we’, ‘us’, and ‘our’) gather about you for the purpose of your participation in the Marlow Red Kite Ride (The Event). It also sets out your rights in relation to your information and who you can contact for more information or queries.
We take data protection very seriously and we are committed to protecting your personal information. This Privacy Notice describes how we handle personal information collected through http://marlowriders.org.uk, http://marlowredkiteride.co.uk (‘our website(s)’) or by any other means.
Personal information is anything that enables you to be identified or identifiable; e.g. your name, address, email address, telephone number, IP addresses.
Special category personal information
Special category personal information is personal information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.
We typically only gather special category information where it is relevant for your safety throughout the event; for example, we may ask you to provide details of known medical conditions or details of your religion where you have asked to be exempted from wearing a helmet on religious grounds.
We ask that you do not provide us with special category personal information unless we have requested it.
Collection of personal information including special category information
It is our policy to collect only the minimum information required from you. You do not have to provide any of your personal information to us; however, if we ask you to do so and you refuse, we may be unable to permit you to enter The Event or provide you with what you want from us.
Below are some examples of how you may provide personal information to us:
- via our website(s) and The Event entry system;
- via direct correspondence with us via meeting, phone, in writing, including by email;
- subscribing to updates on future Marlow Red Kite Rides;
- responding to our post-event survey;
- contacting us for further information; and/or
- providing us with business cards or other contact information.
A cookie is a small data file that certain websites store on your computer’s hard-drive when you visit such websites. Cookies can contain information such as your user ID and the pages you have visited. The only personal information a cookie contains is information that you have personally supplied.
You may refuse to accept cookies by activating the relevant setting on your browser. If, however, you select this setting you may be unable to enter The Event.
Use of personal information
When you provide personal information to us, we may use it for any of the purposes described in this Privacy Notice or as stated at the point of collection, including:
- To administer your participation in The Event;
- To administer and manage our Website(s), including:
- to confirm and authenticate your identity and prevent unauthorised access to restricted areas of the site(s);
- to sort and analyse user data (such as determining the geographical region of visitors to our Website(s));
- To develop The Event;
- To conduct quality and risk management reviews of The Event and associated administration;
- To monitor and enforce compliance with our Terms and Conditions of entry to The Event; and/or
- Any other purposes for which you provided the information to us including informing you when The Event will run in future years if you have agreed to this when you enter The Event.
We do not collect personally identifying information for sale to third parties.
Legal grounds for processing personal information
We rely on one or more of the following processing conditions:
- To perform our contractual obligations to you or;
- Our legitimate interests in the effective delivery of information and services to you and in the effective and lawful operation of The Event, provided these do not interfere with your rights;
- To satisfy any legal and regulatory obligations to which we are subject;
- Where no other condition for processing is available, if you have agreed to us processing your personal information.
Security of personal information
We have implemented generally accepted standards of technology and operational security in order to protect personally identifiable information from loss, misuse, alteration or destruction.
Only authorised persons are provided access to personally identifiable information we have collected, and such individuals have agreed to maintain the confidentiality of this information.
Although we use appropriate security measures once we have received your personal data, the transmission of data over the internet (including by e-mail) is never completely secure.
We endeavour to protect personal data, but we cannot guarantee the security of data transmitted to or by us.
Sharing personal information
We may transfer, share or disclose the personal data we collect from you to third parties (and their respective subcontractors, and/or their subsidiaries and affiliates) for:
- the purposes for which the information has been submitted;
- the purposes listed above under the administration and maintenance of our Website(s) and/or;
- other internal or administrative purposes.
We also may transfer, share or disclose personal data to third party service providers such as website hosting and management, data analysis, data backup, security and storage services.
The third party providers may use their own third party subcontractors that have access to personal data (sub-processors). It is our policy to use only third party providers that are bound to maintain appropriate levels of security and confidentiality, to process personal information only as instructed by us, and to flow those same obligations down to their sub-processors.
We may also disclose personal information to third parties such as the following:
- The Event insurer;
- The Event timing provider;
- In the event of an incident, medical/emergency services and/or other relevant parties.
We may also disclose your personal information to law enforcement, regulatory and other government agencies and to professional bodies and other third parties, as required by and/or in accordance with applicable law or regulation. This includes disclosures outside the country where you are located.
International transfers of personal information
We may transfer or store your personal information outside the country where you are located. This includes countries outside the European Economic Area (EEA) and countries that do not have laws that provide specific protection for personal information.
Where we collect your personal information within the EEA, transfer outside the EEA will be only:
- To you;
- To a recipient located in a country which provides an adequate level of protection for your personal information; and/or
- Under an agreement which satisfies EU requirements for the transfer of personal data to data processors or data controllers outside the EEA, e.g. standard (model) contractual clauses or;
- In exceptional circumstances only, with your explicit consent
Retention of personal information
We will retain any personal information you provided in relation to your participation in The Event for a period of six years following The Event except where we have legitimate grounds to keep it for longer; for example where it is pertinent to an ongoing inquiry or claim.
We will only contact you for marketing purposes where you have consented for us to do so. We keep mailing list information until a user unsubscribes or requests that we delete that information.
If you want to unsubscribe from our mailing list, you should look for and follow the instructions we have provided in the relevant communications to you. Alternatively, you can at any time contact us to request that such communications cease.
If you choose to unsubscribe from any or all mailings, we may retain information sufficient to identify you so that we can honour your request.
Rights in relation to your information
You have certain rights in relation to the personal information we hold about you. In particular, you have the right to:
- Request a copy of personal information we hold about you;
- Ask that we update the personal information we hold about you, or correct such personal information that you think is incorrect or incomplete;
- Ask that we delete personal information that we hold about you, or restrict the way in which we use such personal information;
- Object to our processing of your personal information; and/or
- Withdraw your consent to our processing of your personal information (to the extent such processing is based on consent and consent is the only permissible basis for processing).
If you would like to exercise these rights or understand whether these rights apply to you, please contact us.
If you have any questions or complaints about this Privacy Notice or the way your personal information is processed by us, or would like to exercise one of your rights set out above, please contact us by one of the following means:
You also have the right to lodge a complaint with your local data protection regulator, which in the UK is the Information Commissioner’s Office (ICO). The ICO can be contacted by the following means:
Telephone: 0303 123 1113 (local rate – calls to this number cost the same as calls to 01 or 02 numbers). If you’re calling from outside the UK please call +44 1625 545 700.
Information Commissioner’s Office
Changes to this Privacy Notice
We may update this Privacy Notice at any time by publishing an updated version at http://marlowredkiteride.co.uk. So that you know when we make changes to this Privacy Notice, we will amend the revision date at the top of this page. The new, modified or amended Privacy Notice will apply from that revision date. Therefore, we encourage you to review this Privacy Notice periodically to be informed about how we are protecting your information.