Policy Date: 17/09/2018
We are registered as a limited company to an address at 15b Sawley Park, Derby, DE21 6AS.
We gather and use personal and sensitive information about individuals so that We may provide products, comply with law and permit access to our services, digital services and events.
What personal and sensitive data we record
- Your name
- Contact information including email address and mobile phone number
- Your home address
- Special category data regarding your health information, including information collected on a medical PAR-Q and special needs/dietary requirements provided on booking forms, and other special data where relevant, such as date of birth.
- Next of kin information
- Demographic information, such as location, gender and age.
- Questions, queries or feedback you leave if you contact us via the contact page.
What digital information We collect about you
- Website usage data
- Your IP address, and details of which version of web browser you used.
- Information on how you use the site, using cookies and page tagging techniques.
- Geographical location when browsing our websites, device information (ie iPhone, Google Pixel, Desktop etc).
Your Consent to certain company activities
For certain company activities or management of special categories of data, we will ask you to provide your explicit consent to process your personal data;
- 1) to receive electronic marketing by us and/or by third parties,
- 2) to process special category data where relevant, including for insurance purposes.
- You do not need to provide us with marketing consent in order access our services or attend our events. However, We are unable to offer our services where you do not provide explicit consent to process your medical data as a participant, for example where you do not sign medical consent or complete a medical PAR-Q or Agreement form.
How We legally process your information
The legal grounds for processing your personal data are where:
- It is necessary that We collect your data for the performance of a contract to which you are a party, or where We are entering into a pre-contractual arrangements with you in order to provide you with our services. The data that We require in all cases is your name and contact details, without which We are unable to offer you our services.
- It is necessary for the purposes of our legitimate interests, except where our interests are overridden by your interests, rights or freedoms To determine this, We consider a number of factors, such as what you’re told at the time you provided your data, what your expectations are about the processing of the data, the nature of the data, and the impact of the processing on you. Our legitimate interests are to better understand our customers’ interests, to improve and to promote our Services and those of others, to administer the site, to promote fundraising for Cancer Research UK and to provide you with information and useful offers/promotions relevant to your training course and future courses.
- It is necessary to process your medical data for your own vital interests, in the event you are injured and need urgent medical treatment.
- Where it is required by law or needed for public interest or official purposes
How we use this data
We Collect data to understand what you are looking for, to enable us to deliver and improve our products and services and provide you with medical assessment or treatment.
Specifically, We will use data:
- As necessary to provide our services or information about our services
- We will use the data set out above (in How We legally process your information) to provide details about our training course, process bookings and prompt fundraising for Cancer Research UK.
- For our own internal records, namely fight orders, insurance data, participant records and to ensure correct medical treatment is provided where required.
- To improve the products and services We provide, including our training courses, our fundraising and our events.
- To contact you in response to a specific enquiry.
- To contact you in response to your application to our events and provide you with more information regarding the programme.
- To send you a Newsletter about Ultra Events ltd and other things We think might be relevant to you.
Who We share your personal information with
We need to share certain information with third parties in order to provide our services, to send emails and SMS, engage Insurance providers, medical assessors, medical practitioners and area representatives.
Your personal information may be made available to third parties who provide us with relevant services such as IT hosting, IT maintenance providers, email marketing providers and SMS suppliers. These companies employ risk mitigation controls when performing data management functions on our behalf. A list of these organisations is available here link
Where you have provided sensitive medical information to us by completion of our pre-training agreement or PAR-Q form, we may need to share this for medical or insurance purposes. Where you have provided us with a grant of access to your historic medical records, we will ensure that the right to access such records will only be exercised by a medical professional for emergency treatment.
Mandatory disclosure of information by law
We may disclose specific information by lawful request by government authorities, law enforcement and regulatory authorities where required or permitted by law and for tax or other purposes. Your personal information may also be made available to third parties or partners, where necessary, as part of any restructuring of our business or assets.
International Data Transfers
Some external third parties We engage are based outside the European Economic Area (EEA) so processing of some of your personal data may involve a transfer of data outside the EEA.
Where We transfer your personal data outside of the EEA, We ensure compliance with international privacy standards equivalent to EU data protection by ensuring at least one of the following safeguards is implemented:
- We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
- Where We use certain service providers, We may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe. For further details, see European Commission
- Where we use service providers based in the US, we may transfer data to them if they ascribe to the Privacy Shield, which requires them to provide protection to personal data shared between the Europe and the US.
How long we keep your digital account data for
If you express an interest via our online registration, We will keep your details on record for so long as you have a registered account with us (or for thirty days if you visit our site and do not register with us). If you would like to close or delete your registered account, please contact us, in which case we will within thirty days of your request, remove all of your personal data from our records (except to the extent that it is required to satisfy any legal, accounting, or reporting requirements).
How long we keep your personal and sensitive data for
If you wish to enter an event and complete our Agreement, associated forms and PAR-Q form, these and associated medical, training, injury or welfare notes taken at the time of the Agreement, will be retained for a period of 6 years. This is to ensure that we can meet legal obligations. We will be unable to delete this data before the end of the 6 -year expiration period but will delete such data after the period has expired.
How you can access and update your personal information
You can find out if We hold any personal information about you by making a ‘Subject Access Request’, normally free of charge, under data protection law. If we do hold information about you we will provide you with a copy of that information unless a legal exception applies, in which case we will inform you of this at the time of our response.
You also have the right to access or request information we hold about you. We will at your request correct, complete, or update information. We will only oblige a request to access your own personal data and will ask for your own proof of identity to ensure you are the legal person entitled to make a request. Where you cannot provide ID to assert your identity, we will refuse your request.
We reserve the right to exercise reasonable discretion to redact information where it conflicts with legal obligations, commercial sensitivity or third party privacy.
To make a request to exercise either of these rights, please either put the request in writing addressing it to the address provided below or email us your request For the attention of the Data Protection Officer at firstname.lastname@example.org .We will respond to your request within 30 calendar days.
How you can request erasure of your data
You may ask us to delete or remove personal data. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for legal reasons, which will be notified to you at the time of your request.
How you can withdraw your consent
You have the right at any time to withdraw any consent you have given us to process your personal data. Please note if you withdraw your consent it will not affect the lawfulness of any processing of your personal data we have carried out before you withdrew your consent. If you have opted into receive marketing information, you can change your mind easily by sending an email to email@example.com or clicking the unsubscribe link.
For any consent you have provided for us to process special category data (such as medical information), to withdraw your consent, please contact us.
How you can restrict or object to us using your data
You can ask us to suspend the way in which we are processing your information in certain scenarios, or object to our processing your data where we are relying on a legitimate interest ground (or those of a third party) and you feel it impacts on your fundamental rights and freedoms, or where we are processing your personal data for direct marketing purposes or profiling your data. In some cases where you object, we may demonstrate that we have compelling legitimate grounds to process your information, which override your rights and freedoms.
Please note that if you want us to restrict or stop processing your data this may impact on our ability to provide our Services. Depending on the extent of your request we may be unable to continue providing you with our service.
Any queries or concerns about the way in which your data is being used can be sent via email to firstname.lastname@example.org
Moving your information to another organisation
You have the right to request that we send to you or to another organisation, an electronic copy of the personal data we hold about you, for example when you are dealing with a different service provider. If you would like us to move, copy, or transfer your information please let us know by emailing email@example.com . We will respond to you within one month after assessing whether or not this is possible, taking into account the technical compatibility with the other organisation in question.
Your Right to transfer medical records
Where you Request transfer of medical records under the Data Protection law, these should be submitted in writing, clearly stating the records required and enclose as much information as possible to correctly identify these records i.e. your full name, your previous/current addresses, your date of birth, the time period that you were under their services and the location at which the record may have been taken. It will also be necessary to provide proof of your identity
Our services are not aimed at children and we do not permit children to use our service. Service users must have reached 18 years of age.
Control of your digital privacy
Cookies and how we use them
What is a cookie?
A cookie is a small file placed on your computer’s hard drive. It enables our website to identify your computer as you view different pages on our website.
Cookies allow websites and applications to store your preferences in order to present content, options or functions that are specific to you. They also enable us to see information like how many people use the website and what pages they tend to visit.
- Analyse our web traffic using an analytics package. Aggregated usage data helps us improve the website structure, design, content and functions.
- Identify whether you are signed in to our website. A cookie allows us to check whether you are signed in to the site.
- Test content on our website. For example, 50% of our users might see one piece of content, the other 50% a different piece of content.
- Store information about your preferences. The website can then present you with information you will find more relevant and interesting.
- To recognise when you return to our website. We may show your relevant content, or provide functionality you used previously.
Cookies do not provide us with access to your computer or any information about you, other than that which you choose to share with us.
However, please note that doing this may affect how our website functions. Some pages and services may become unavailable to you.
To learn more about cookies and how they are used, visit All About Cookies.
Automated decision making
We do not use your information for automated decision making. Also, we do not use your data to auto profile or conduct automated analysis and do not approve third parties who might conduct these activities without our knowledge or consent.
Changes to this Policy
This Policy is subject to regular review. We may change this Policy from time to time or update this page in order to reflect changes in the law and/or our privacy practices. The policy date provided is the date the policy was last amended.
Data Protection Officer Details
To contact our Data Protection Officer at Ultra Events Limited please contact us at: firstname.lastname@example.org
If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law you can complain to the UK data protection regulator, the Information Commissioner’s Office. Further details can be found at www.ico.org.uk or 0303 123 1113.