:::The Going: Update:Soft, Soft to heavy in places ::: Posted 16th Mar 2019
Every day our business will receive, use and store personal information about our customers, suppliers and colleagues. It is important that this information is handled lawfully and appropriately in line with the requirements of the [Data Protection Act 2018] and the General Data Protection Regulation (collectively referred to as the ‘Data Protection Requirements’).
Down Royal Corporation of Horsebreeders promises to respect any personal data you share with us, or that we get from other organisations and keep it safe. We aim to be clear when we collect and process your data and not do anything you wouldn’t reasonably expect. By signing up for our communications you are accepting and consenting to the practices described in this policy. Developing a better understanding of our supporters through their personal data allows us to make better decisions, helps us to continue to protect you and improve your racing experience.
If you have any questions about how we look after your personal data, you can contact us:
In writing to:
The Data Protection Manager, Down Royal Racecourse, Maze, Lisburn BT27 5RW.
By email to this address: email@example.com
By telephone on +44 (0)28 621256.
Where we collect information about you from
In accordance with the Data Protection Requirements, we will only process personal data where it is required for a lawful purpose. The lawful purposes include (amongst others): whether the individual has given their consent, the processing is necessary for performing a contract with the individual, for compliance with a legal obligation, or for the legitimate interest of the business. When sensitive personal data is being processed, additional conditions must be met.
Sometimes we may combine information you provide to us with information available from external sources to gain a better understanding of our supporters to improve our raceday experience, products and services.
The information we get from other organisations may depend on your privacy settings or the responses you give to such organisations, so you should regularly check them. This information comes from the following sources:
Third party organisations
You may have provided permission for a company or other organisation to share your data with third parties, including ourselves. This could be when you buy a product or service, register for an online competition or sign up with a comparison site.
Depending on your settings or the privacy policies for social media and messaging services like Facebook, WhatsApp or Twitter, you might give us permission to access information from those accounts or services.
Information available publicly
This may include information found in places such as Companies House and information that has been published in articles/ newspapers.
When you use our websites or web applications
In addition, the type of device you’re using to access our website or web applications and the settings on that device may provide us with information about your device, including what type of device it is, what specific device you have, what operating system you’re using, what your device settings are, and why a crash has happened. Your device manufacturer or operating system provider will have more details about what information your device makes available to us.
What personal data we collect and how we use it
The type and quantity of information we collect and how we use it depends on why you are providing it.
If you purchase a Down Royal Corporation of Horsebreeders membership, sign up for an event or buy tickets, we will usually collect:
· Your name
· Your contact details
· Your date of birth
· Any telephone number used to contact us
· Purchases and orders made by you
· Your payment card details (which we encrypt) when you purchase our products or services
· Your correspondence with us
· Data we receive from other sources (including, for example, location data, business partners, sub-contractors in technical, payment and delivery services, credit reference agencies and others).
If you have contacted us via the internet, we will also collect:
· The Uniform Resource Locators (URL)
· Internet Protocol (IP) address used to connect your computer to the Internet
· Clickstream to, through and from our site, and other information about your visit
· Your browser type and version and login information
How we will use the information
We also use this information to improve our website, prevent or detect fraud or abuses of our website and enable third parties to carry out technical, logistical or other functions on our behalf. We will ensure that personal data we hold is accurate and kept up to date. We will check the accuracy of any personal data at the point of collection and at regular intervals afterwards. We will take all reasonable steps to destroy or amend inaccurate or out-of-date data.
We will only use your personal information when the law allows us to. Most commonly we will use your personal information where we need to perform the contract we have entered into with you, where we need to comply with a legal obligation or where it is necessary for our legitimate interests or those of a third party (and your interests and rights do not override those interests) including the following:
· Communicate, handle orders and deliver products and services to you;
· Provide you with information on products, services and promotional offers;
· Process payments and administer your accounts with us.
In addition, we may disclose your personal information to third parties in the event that we sell or buy any business or assets (in which case we will disclose your personal information to the prospective seller or buyer) or if we are under a duty to disclose or share your personal information in order to comply with any legal obligation or enforce or protect any contractual or other rights, property or safety of our members or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
If we intend to use your personal information for any other purpose other than as listed above, we will notify you of such new purpose prior to such activity commencing unless we are unable to do so by law or it would require a disproportionate effort.
We do not anticipate that your personal information will be transferred except in relation to certain third-party business partners and sub-contractors who provide [data processing, data storage, technical, payment and delivery services, advertising networks, analytics providers, search engine providers, credit reference agencies and other back office support services]. You agree that we have the right to share your personal information which such third parties for such purposes.
We hope that you will consider these techniques to be a reasonable use of resource, but you do have the right to request that we do not process your information in this manner if you prefer.
Our marketing communications include information about our latest news, campaigns and event/competitions and we intend to contact you to let you know about the progress we are making.
We do not sell or share personal details to third parties.
How we keep your data safe
We ensure that there are appropriate technical controls in place to protect your personal details. For example, our online forms are always encrypted and our network is protected and routinely monitored.
We undertake regular reviews of who has access to information that we hold to ensure that your information is only accessible by appropriately trained staff, volunteers and contractors.
We use external companies to collect or process personal data on our behalf. We do comprehensive checks on these companies before we work with them, and put a contract in place that sets out our expectations and requirements, especially regarding how they manage the personal data they have collected or have access to.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
Transferring Personal Data Outside of the EEA
We may transfer any personal data we hold to a country outside the European Economic Area (‘EEA’) or to an international organisation, provided that one of the following conditions applies:
a. The country to which the personal data are transferred ensures an adequate level of protection for the data subjects’ rights and freedoms.
b. The data subject has given his consent.
c. The transfer is necessary for one of the reasons set out in the Act, including the performance of a contract between us and the data subject, or to protect the vital interests of the data subject.
d. The transfer is legally required on important public interest grounds or for the establishment, exercise or defence of legal claims.
e. The transfer is authorised by the relevant data protection authority where we have adduced adequate safeguards with respect to the protection of the data subjects’ privacy, their fundamental rights and freedoms, and the exercise of their rights.
Subject to the requirements above, personal data we hold may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. Those staff may be engaged in, among other things, the fulfilment of contracts with the data subject, the processing of payment details and the provision of support services.
We may need to disclose your details if required to the police, regulatory bodies or legal advisors.
We will only ever share your data in other circumstances if we have your explicit and informed consent.
Keeping your information up-to-date and how long we retain your data
Where possible we use publicly available sources to keep your records up to date; for example, the Post Office’s National Change of Address database and information provided to us by other organisations as described above. We really appreciate it if you let us know if your contact details change.
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. In order to comply with law and to ensure we have the necessary information required in order to resolve future issues that might arise, we retain all personal data for a period of up to ten years from collection. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.
Your right to know what we know about you, make changes or ask us to stop using your data
You have a right to ask us whether and how we are processing your personal information, to request access to your processed personal data, to obtain information in relation to the purpose of such processing, the type of information processed, the sources and recipients of your information, how long we store your information, whether we use automated decision making software, to correct inaccurate and complete incomplete information, to stop or restrict the scope of processing some or all of your personal data and to stop all automated decision-making processing.
You also have the right to ask us to erase your personal information and if it is not necessary for the purpose you provided it to us for (e.g. processing your donation or registering you for an event), or you have withdrawn your consent for such processing and such processing is not for a task in the public interest or for public health, or necessary to pursue our or a third party’s legitimate business interests, or required by law or litigation, we will do so without delay. We will also take reasonable steps to make any other third parties to whom your information has been shared aware of your erasure request.
You have a right to ask for a copy of the information we hold about you which we will do free of charge. You may request a copy in an electronic format so that you can easily store it for your personal use and transmit it electronically to a third party. If there are any discrepancies in the information we provide, please let us know and we will correct it.
By law, you can ask us what information we hold about you, and you can ask us to correct it if it is inaccurate. You can also ask us to give you a copy of the information and to stop using your information for a period of time if you believe we are not doing so lawfully. To submit a request by email, post or telephone, please use the contact information provided above.
Our address is Down Royal Racecourse, Maze, Lisburn BT27 5RW. You can contact us by post at the above address, by email at firstname.lastname@example.org or by telephone on +44 (0)28 92621256.
We have appointed a data privacy manager to oversee compliance with this privacy notice. If you have any questions or concerns about this privacy notice or how we handle your personal information, please contact the data privacy manager on 02892621256 or email@example.com. You have the right to make a formal complaint with the Information Commissioners Office (ICO), the UK supervisory authority for data protection issues.