Your personal data is collected each time you interact with Chase the Sun, be it by way of participating in our event, visiting our website or speaking to one of our representatives over the phone. The purpose of this policy is to explain how we use and store your data, protecting your privacy in line with relevant legislation and GDPR. It’s important to us that you are fully informed, so there is a lot of detail below but if you have any questions at all please do just get in touch with us at [email protected].
Chase The Sun Cycle Limited is a company incorporated in England and Wales with company number 11055735 and whose registered office is 15 Francis Gardens Winchester SO23 7HD, (referred to here as “Chase The Sun”, “we” or “us”). We take your privacy seriously, we are committed to protecting the privacy of any personal data you give us and we comply with all applicable data protection legislation. We are registered on the public register of data controllers maintained by the Information Commissioner in the UK.
We have a philosophy here about the way we use your consent to be contacted for marketing purposes (if you give us that consent). If you hear from us, we will always aim to be respectful, relevant and appropriate. If at any time you don’t feel we’ve lived up to our philosophy, please let us know straight away by getting in touch with us. You always have the right to withdraw your consent to us contacting you for marketing purposes at any time. Do this by clicking on the unsubscribe link at the bottom of the correspondence sent to you or by contacting us at [email protected].
The information set out in this policy is provided to individuals whose personal data we process (you or your) as data controller, in compliance with our obligations under the Data Protection Act 2018 and the UK GDPR (as defined in the as defined in the Data Protection, Privacy and Electronic Communications Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations SI 2019/419) (GDPR).
This policy may change from time to time and, if it does, the up-to-date version will always be available on the Site. Please note that by continuing to use the Site you are agreeing to any updated versions.
- “Personal data” we mean data about a living individual who can be identified from that data (either by itself or when it is combined with other data);
What data will we collect from you?
We may collect and process the following personal data about you:
Data you give us
You may give us data about yourself by filling in forms on the Site or by communicating with us verbally, by phone, by email, by your actions or otherwise. This includes data you provide when you participate in or spectate at our event, update your profile, enter a competition, promotion or survey and when you report a problem with our. The data you give us may include the following:
- Contact details including your name, postal address, email address and phone number;
- Username and password;
- Personal details including gender, data of birth, age on race day and country in which you are based;
- Financial details such as bank details for the purposes of paying for entry to an event;
- Medical information including medical conditions, injuries, medication taken and whether you have a disability;
- Race day information including predicted time bracket, t-shirt size, why you’re participating and emergency contact name and number;
- Details of conversations with you and complaints, queries and/or comments from you (whether by email or on the phone);
- Event history information including where you heard about the event, if you’ve taken part in the event previously and whether you take part in other events of a similar nature; and
- Any other information you may give us during a post-event or other survey.
Data we collect about you
With regard to each of your visits to the Site we may automatically collect the following data:
- technical data, including the Internet Protocol (IP) address used to connect your computer or mobile device to the internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, other app data; and
- data about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from the Site (including date and time); pages you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction data (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call our customer service number.
With regard to you participating in or spectating at our event, we may collect the following data:
- your participation in and attendance at the event;
- photographs or video of you before, during or after the event; and
- ride time and performance data.
Data we receive from other sources
We work closely with third parties (including, for example, analytics providers and photo, video and timing partners) and may receive data about you from them. If you log in to the Site through a social network site (such as Facebook), we may receive personal data about you from the relevant social network site.
We may also receive personal data about you or on your behalf in the following circumstances:
- a participant in our event may have provided your name and contact details as their emergency contact or as a spectator attending the event to support a participant; or
- someone may have:
- gifted you with participation in one of our events;
- entered you as a member of their group; or
- given us your name as their parent/guardian, so that we may check you, as their parent/guardian, agree to their participation in the event for which they have applied,
in which case they will have provided us with your name and contact details. We will only use these details for the purposes of, as relevant, contacting you: in the case of an emergency; in respect of your entry (where it has been brought for you as a gift or as a member of a group); or, where you are contacted as a parent/guardian, to check you agree to their participation.
Will we use your data for marketing?
We may send you marketing information or other email communication based on your use of the Site if you’ve consented to us doing so. You may opt out of marketing communications at any time via the unsubscribe link at the bottom of the relevant email or by emailing us at [email protected]
We may also participate in Facebook’s ‘Custom Audience’ service from time to time. This service enables us to display our advertisements to you when you visit Facebook. It works by converting your email address to a unique number that Facebook uses to match to unique numbers that Facebook generates from email addresses of its users.
How else will we use your data?
We may also use your data for the following purposes:
- To help provide services to you and to analyse your use of the Site;
- To enable you to pay for and participate in our event;
- To help you connect with any charity that you’ve asked to contact you;
- To provide you with race photos, video and race time and performance data;
- In the event of any medical or health and safety emergency;
- To carry out surveys occasionally and to analyse our user base — ultimately, we want to ensure that the Site provides everything that you, our audience, is looking for;
- To check whether you are eligible for a competition, to contact you if you win and to provide details of the winners of any competition as required by law and the Advertising Standards Agency;
- To comply with the law; and
- As we feel is necessary to prevent illegal activity or to protect our interests.
We will not, however, keep hold of your personal data for longer than is reasonably necessary or required by law.
Will we share your data with anyone else?
Our default position is to only share your data anonymously or if:
- You have given us explicit consent to share your data with specific third parties (for example, with prize providers involved in a sweepstake);
- We are required to do so to comply with the law or with the directions of the courts or other authorities;
- We feel it is reasonably necessary to prevent illegal activity or to protect our interests; or
- It helps our trusted third party service providers to provide and improve our service to you or to carry out surveys and user analysis to understand your needs and preferences. We only share such data as is absolutely necessary and we require these service providers to: (i) keep your personal data safe and secure; and (ii) only use your personal data for the purposes we specify. Our trusted third party service providers include the organisations that support us with our events including those that provide our timing and photography, as well as our technology and marketing vendors.
We may disclose your personal data to third parties:
- in the event that we sell any business or assets, in which case we may disclose your personal data to the prospective buyer of such business or assets;
- if Chase The Sun or substantially all of its assets are acquired by a third party, in which case personal data held by it about you may be one of the transferred assets.
How will we make sure your personal data is secure?
We follow strict security procedures as to how your personal data is stored and used, and who sees it, to help stop any unauthorised person getting hold of it. We have also put in place various security measures to protect your personal data. We take security extremely seriously but as no system is 100% secure, we can’t completely guarantee the protection of your personal data, any more than any other organisation can. As such, we can’t accept any liability for the loss, theft or misuse of the personal data which you’ve registered on this website if there is a security breach.
Will we be transferring any personal data outside the EEA?
The data that we collect from you may need be transferred to, and stored at, a destination outside the European Economic Area (EEA). For example, one of suppliers, involved in the processing of your data in connection with the service they provide, may be based outside the EEA.
We may also transfer your personal data outside of the EEA where one of the derogations for specific situations under UK GDPR Article 49 is applicable to the transfer. These include (in summary):
- the transfer is necessary to perform, or to form, a contract to which we are a party:
- with you; or
- with a third party where the contract is in your interests;
- the transfer is necessary for the establishment, exercise or defence of legal claims;
- you have provided your explicit consent to the transfer; or
- the transfer is of a limited nature, and is necessary for the purpose of our compelling legitimate interests.
We transfer the personal data we collect to our registration platform supplier in Canada, which is a country deemed by the European Commission to have provided equivalent level of protection to individuals’ personal data to that of the EU.. This means that such companies will protect your personal data to the same level that is required under UK data protection law.
Are you protected by this policy outside chasethesun.org?
Our Site contains links to other websites or applications. Obviously, we don’t have any control over them and take no responsibility for any data you give them. Other sites have different privacy and security policies, which we advise you to read.
What are our legal grounds for processing your personal data?
Under UK data protection laws, we can only process your personal data where we have a legal basis for doing so. We will, in the majority of instances, rely on the following legal bases:
- Consent: there are certain instances where we will be processing your personal data because you have told us you’re happy for us to do so. This includes where we send you marketing emails after you have consented to receiving such emails.
- Legitimate Interest: there will be instances where we will need to process your data in order to pursue our legitimate interests, in a way which might reasonably be expected as part of the running of our business and provided it does not materially impact your rights, freedoms or interests. This includes:
- providing certain suppliers with data so that they may deliver the race related services you would expect (eg; timing and photography) – our legitimate interest in providing such data is the delivery of a successful event including the provision of facilities and services our participants expect;
- working with third parties, such as Facebook, to advertise to you in a targeted manner based around the profile built of you by such third party providers (in accordance with their privacy policies) – our legitimate interest in processing your data in this manner is the promotion of Chase The Sun; and
- the recruitment and management of volunteers – our legitimate interest in processing your data in this manner is the safe delivery of a successful event.
In such instances, the legitimate interest being pursued is the staging of our events, the promotion and development of our business and/or the facilitation of your participation in an event (in each case in line with your reasonable expectations, including, for example, the publication of results, live tracking during events, the provision of race photographs and the promotion of our events (other than by email, where we only act in accordance with your explicit consent)).
- Performance of a Contract: there will be instances where we will need to process your data in order to comply with our contractual obligations to you. For example, where you purchase entrance to our event, we use your postal address to deliver your race pack.
- Compliance with a Legal Obligation: there may be instances where we are required to collect and process your data by law. For example, where we receive a valid legal request to disclose data.
How long do we keep your personal data for?
We only keep your personal data for as long as is necessary for the purpose for which it was collected. After such period, your data is deleted or anonymised (for example by removing all data that is personal to you, ahead of its use for statistical purposes). In determining the retention period for the various categories of personal data we process we consider the purpose for which it has been collected, the legal basis on which we are processing it and the potential risk of harm to you.
By way of general example, the personal data:
- you give to us on registering for our event (used primarily for providing your participation in the event, marketing our products and those of our partners and analysing our customer base) shall be retained for three years after your last interaction with us;
- given to us when registering you as a ‘mate’ (where a place in an event is bought on your behalf and such data is used only to facilitate such entry) shall, save where you have gone on to register as directed, be retained until after the event, at which point it shall be erased (where you have registered for an event your personal data shall be retained for three years in your capacity as a participant).
Please do get in touch with us at [email protected] if you have any specific questions about the period for which your personal data will be retained.
What rights do you have in respect of your personal data?
You have certain rights in respect of your personal data that is held by us. You will generally have a right to request:
- a copy of all of your personal data that is held by us;
- that we correct any of your personal data which is incomplete or inaccurate;
- whenever we are processing based on your consent, that such processing stops (you are free to withdraw such consent at any time); and
- that we stop using your personal data for direct marketing.
You may have additional rights, depending on the basis on which we are processing the relevant data, as follows:
- a right to request erasure of your personal data – available where you believe that the purpose for which we collected your personal data has been satisfied, we are not using your personal data in a lawful manner or where the lawful basis for processing your personal data is consent and you withdraw such consent;
- a right to restrict our processing of your personal data – available where you believe that the purpose for which we collected your personal data has been satisfied, we are not using your personal data in a lawful manner or any of your personal data held by us is inaccurate;
- a right to require that we transfer all of your personal data to you or another data controller – available where the lawful basis for processing your personal data is consent or to enable us to satisfy a contract we have with you; and
- where we are processing on the basis of a legitimate interest, a right to object to our processing, which we must stop unless we believe that we have an overriding reason to continue processing.
To request a copy of any personal data we hold or to make any other request in respect of your personal data, please email us at [email protected]. In each case, your request should be addressed to the Data Protection Officer. If we choose not to action your request, we will explain the reason(s) for our refusal.
If you want to complain about how we have handled your personal data, please contact us using the above details or alternatively contact the Information Commissioner’s Office. Contact details can be found on their website, here.
Sometimes you may be asked to provide proof of identity before we show you your personal data – that’s so we can prevent unauthorised access.
Automated decision making
We do not make decisions based solely on automated data processing, including profiling.
Talk to us
This policy was last updated on 9 November 2021.