PRIVACY POLICY
Background
Crazy Legs Events are committed to protecting and respecting your privacy. Any references to “we”, “our” and “us” in this Privacy Notice are references to Crazy Legs Events. We are a controller of your personal data under applicable data protection laws, including from 25th May 2018, the General Data Protection Regulation (“GDPR”). We, as a controller, determine why and how we collect and use your personal data.
What is the purpose of this Privacy Notice?
When you enter one of our events or otherwise interact with us, we collect information about you which constitutes personal data under the GDPR. This Privacy Notice explains how we collect, use, share and protect your personal data. Please read this Privacy Notice carefully to understand what we do with your personal data. We may change this Privacy Notice from time to time and if we make any material changes then we will make the updated Privacy Notice available to you on our website or by other means. The date at the top of this Privacy Notice indicates from when this Privacy Notice applies.
Whose personal data to we collect?
We collect and process personal data about individuals who enter or interact with us about our events (collectively “you”)
What kind of personal data do we collect about you?
We collect from you personal data such as;
· Name
· Gender
· Club
· Age/Date of Birth – Age Category is derived from this
· Telephone Number (Home and mobile) and Emergency Contact Telephone Number
· Address
· E-mail address
· Sports Governing Body Registration Numbers
We do not collect payment details, this data is collected and processed by a third party payment processor.
If you are entering details on behalf of a child for whom you are a parent or guardian then the child has the same rights through this notice as an adult and you are giving your consent for the processing the child’s personal data in line with the terms of this Privacy Notice.
How do we collect your personal data?
We may collect your personal data when you;
- Enter one of our events via our website, our Facebook pages or a link from other websites which have our events listed. We use a third party registration system to handle online entries, the payments of entries are processed via Stripe. Our Stripe account is connected directly to the third party registration system provider for payments to be made. All the data entered apart from the specific payment card number details is forwarded to us or can be downloaded by us from Stripe.
- The Third Party providers for the online event registration service used to promote, share and sell event entries has visibility of our account.
- Enter an event organised by a third party for which we provide timing or other event services.
- Provide it to us in correspondence and conversations with you.
- Interact with us via social media. If you join our Facebook or other social media pages, please note that provider of the social media platform has its own privacy notice and that we do not accept any responsibility or liability for it. Please check this notice before you submit any personal data on our website and social media pages.
- Enter an event using a paper based entry form
This notice forms part of the terms and conditions for event entry and by entering an event we organise or provide services for, or by interacting with us as above you agree to the terms of this notice.
Do we collect personal data about you from third parties?
We collect information about you from the following third parties;
- Our registration system
- Our payment processor, this includes the amounts of payments made and the name of the person who has made the payment but not the payment card number details.
- Event organisers for whom we provide event services such as timing or registration
- Third parties from whom we collect data about you will have their own privacy notices for which we have no responsibility or liability.
How do we use your personal data?
This section of this Privacy Notice explains for what purposes we use your personal data and on what legal bases we rely, to ensure we process your personal data lawfully. Our legal bases for collecting and using your personal data will include:
- To perform our contract with you when you enter an event we organise, or our contract with an organisation for which we provide event services such as timing or registration.
- In your vital interests if we need to provide your details to emergency services.
- To comply with our legal obligations if requested to provide information for insurance or other legal purposes.
- To pursue our legitimate interests which do not override your interests or fundamental rights and freedoms, such as;
o the operation of Crazy Legs Events as an event promoter and/or as a provider of event services to third party organisations.
o the development of future events organised by Crazy Legs Events. - In certain circumstances and subject to applicable laws, your consent, however when this legal basis is used we will make this clear to you at the time of collection of your personal data, and you will have the right to withdraw your consent at any time.
What are the consequences if you fail to provide us with the requested personal data?
If we ask you to provide us with your personal data for an event to protect your vital interest, or to allow us to enter into a contract with you, we will advise you in the entry form whether you are obliged to provide personal data or whether it is voluntary. If you do not provide us with data that you are obliged to provide we may reject or delay the processing of your event entry.
Who do we share your personal data with?
We share your personal data with the following in the form of event results;
- Organisations for whom we provide event services, such as timing and event results.
- Third parties for the purpose of publishing results.
- National Sport Governing Bodies for the purpose of recording and publishing event participation and results.
Event results will normally be limited to;
· Name
· Club
· Age Category
· Sports Governing Body Affiliation Number (if applicable)
· Time to complete all or part of an event
· Position in an event
In this case British Triathlon will require athlete name, age category, date of birth, Home Nations membership number (if applicable), e-mail address and club name (if applicable) of all entrants for the purpose of processing the results, prizes and GB Age Group team selection (details of which may be uploaded to the internet and shared on social media other than date of birth which shall be kept confidential and used for data processing only), and for membership promotion and survey distribution.
Personal data that we share with third parties (such as online registration providers and payment processors) is subject to their privacy policies for which we have no responsibility or liability.
We may disclose your personal data to Emergency Services if necessary or to other authorities where we are legally obliged to do so or in our reasonable opinion such disclosure is necessary to comply with applicable laws and legal processes, support an investigation or to protect our rights and interests.
We may publicly share images of people and events to promote the event on social media and/or on our website. Where we share images individuals may be identified by referencing the results.
We will not share images where we have been specifically requested not to do so or where we are aware we may cause embarrassment or offense.
British Triathlon may take photographs and/or video footage for the purpose of reporting of the event and advertisting for future events, to include in printed media, digital content and social media.
We will not transfer your data outside of the European Economic Area.
How do we protect your personal data?
To protect the security of your personal data, we implement appropriate technical and organisational security measures which include physical and technical security safeguards with appropriate policies and procedures.
How long do we hold your personal data for?
We may retain your personal data as long as it remains necessary in relation to the purposes we collected the information for. When determining the appropriate retention period we consider the risks of the processing, our contractual, legal and regulatory obligations, our data retention periods and our legitimate business interests.
Any personal data with the exception of event result data (name, club/team, age category, time and position) and financial transaction data will be deleted or destroyed within three years of the event for which it was collected. Financial transaction data will be deleted or destroyed within eight years of the financial transaction – this data only includes the amount and source of the payment, not the payment means.
What are your rights in relation to the personal data we hold about you?
Subject to the conditions prescribed in applicable laws, you have the right;
- To access, rectify or request erasure of your personal data
- To ask us to restrict processing of it
- To request portability of it
- To object, on grounds relating to your particular situation, to processing of your personal data which is based on our or a third party’s legitimate interests
- To object to processing of your data for direct marketing purposes.
You can exercise these rights by contacting us using the contact details below.
How can you contact us?
If you have any questions or concerns about our use of your personal data please contact us via e-mail at enquiries@crazylegsevents.co.uk
If you have any question regarding our privacy policy, please contact our Data Protection Officer:
Bill Shone 5 Woodsmoor Lane, Stockport, Cheshire SK2 7AS Telephone: +44 7858521570