Pop Up Races is committed to protecting and respecting your privacy. Our goal is to maintain your trust and confidence by handling your personal information with respect and ensuring its security.
By visiting our website, you are accepting the terms of this Data Protection Policy. Any external links to other websites are clearly identified and as such and we are not responsible for the content or the privacy notices of these other websites. If you are unhappy with this policy, you should not use this website and you should inform Pop Up Races immediately as this will affect how we interact with you.
This policy establishes and effective, accountable and transparent framework for ensuring compliance with the requirements of the GDPR.
Who is the Data Controller?
Pop Up Races 26 Thompson Business Park, Clane, Co Kildare is the Data Controller for information you supply us in relation to goods or services.
Information we may collect from you
There are several scenarios when we may collect data from you. Data is collected:
- When you user our website, we collect information such as the browser and device you’re using, your IP address, your location, the site you came from, what you used our site for or the site you visit after your leave ours. (More information available in our Cookies Policy)
- When you use our social medial features within website or apps and you post to social media platforms, the social media site will provide us with some information about you.
- When you buy a ticket, register for an event, purchase from our online store, have a ticket transferred to you by a colleague we may collect your information depending on the service we supply. The information we collect in this instance is most commonly (but not limited to**):
- Date of Birth (if there are age category prizes in an event)
- Gender (again for prize purposes)
- Mobile Number
- Club Affiliation
- Credit/debit card details
*Address is only asked for where required e.g. where number is being posted, where the charity associated with the race are sending out sponsorship cards, where it’s a virtual entry. Where possible we will only collect a county for internal MIS purposes and not the full address.
**Some events require more personal information than others e.g. triathlons may need you to provide your Tri Ireland membership number. Please note that we limit the amount of data we ask you for and will only ask for data where necessary.
- When you sign up for our newsletter. We retain your name and email address. You can unsubscribe from our mailing list at any time.
- When you attend an event, we may take your picture. Pictures are posted on social media and may be used on the organizer/our website. You can request that a picture of you be removed by emailing firstname.lastname@example.org
- When you register an interest in using our services for an event your organizing. In this instance we will initially collect your name, email address and phone number so that we can contact you to quote for your event.
- When you hire the services of Pop Up Races to time your event. In this instance we will collect your name, company / organization / charity name, email address, phone number and bank details.
If you’re concerned about why you’re being asked to provide data, please do not hesitate to contact us on email@example.com
How do we use your Personal Data?
We use your personal data for the following reasons (legal basis highlighted in brackets):
To carry out the performance of our contract with you (Contract)
- to provide you with entry to an event
- to create an account for you on Eventmaster so that you can manage your booking.
- to deliver you a product
- to time your event
- to provide you with customer support
- to pay race proceeds to your account (race organisers)
For Marketing Purposes (Consent)
- To provide you with details of upcoming events or offers on existing events.
- To invite you to attend events previously attended or in your locality
For Market Research Purposes (legitimate Interest)
- For internal marketing purposes
- To be able to provide demographics to race organizers.
- To conduct market research and analysis to help improve our services
- To send you emails concerning the event you’re booked into e.g. race day details.
For your own health & wellbeing (Vital Interests)
- For particularly onerous activities, we may need health information declared or an emergency contact provided.
Security and where we store your personal data
Any personal data you provide to Pop Up Races if retained will be held on secure servers and will only be used to better our service offering.
We use appropriate technical, organizational and administrative security measures to protect any information we hold in our records from loss, misuse, unauthorized access, disclosure, alteration and destruction.
For example, on our website
- We use regular malware scanning on our site to confirm it’s safe to use.
- We have a range of tools which monitor activity on our site to identify unusual activity
- All information you provide though the website is encrypted by SSL (Secure Socket Layer) technology between your browser and the site
- We do not store credit/debit card information on our servers
In terms of local devices
- All devices, including back up devices, use disk encryption to ensure data is secure at rest.
- Devices automatically lock after a short period of inactivity to reduce the risk of unauthorized access.
- Devices are ‘patched’ (updated with the latest security updates) on a regular basis.
- Information is backed up regularly.
The 3rd party service providers who we employ to perform certain tasks also commit to implementing appropriate security measures to protect the data that we disclose to them.
Unfortunately, no company or service can guarantee complete security. Unauthorized entry or use, hardware or software failure, and other factors, may compromise the security of user information at any time.
Disclosure of your information
We do not rent or sell your personal data to anyone.
Your data is shared with third parties who require the data to support our services. These would include:
- Eventmaster: We use Eventmaster as our registration platform. Eventmaster therefore have all access to all the data you provide when entering an event.
- Event organisers: Event organisers have access to your data via Eventmaster. Once the event is complete, the organizer no longer has access to your data.
- Race Result: We use Race Result for our timing services. Race Results have access to your name, d.o.b., gender and affiliated club.
- Our WebHosting Providers (Currently Graphedia.ie)
- Stripe: We use Stripe to process card payments. We do not hold any card details on our servers.
- Mailchimp – we use MailChimp for marketing emails – we would share your name and email address with them.
- In addition, we use social media to publicise our races. Therefore, your picture may be shared on Facebook (most commonly), Twitter, Linkedin and/or Instagram.
In the case of race organisers:
- Account details are set up on our banking online platform (currently with AIB) to allow us to make payment to you post event.
- Where you’ve ordered medals, your name and address may be shared with Racegear.ie
- Where you’ve ordered t-shirts, your name and address may be shared with Inverseteams.com
Is your Personal Data transferred outside of the EEA?
Currently the only data we share outside the EEA is the data with share with Mailchimp. Mailchimp is currently compliant with the US Privacy Shield. Their data protection policy is available to view here.
As an individual, under EU law you have certain rights to apply to us to provide information or make
amendments to how we process data relating to you. These rights apply in certain circumstances
and are set out below: –
- The right to access data relating to you (‘access right’). Click here for our data access request form.
- the right to rectify/correct data relating to you (‘right to rectification’).
- The right to object to processing of data relating to you (‘right to object’).
- The right to restrict the processing of data relating to you (‘right to restriction’).
- The right to erase/delete data relating to you (i.e. the “right to erasure”), and
- The right to ‘port’ certain data relating to you from one organisation to another (‘right to data portability’).
Changes to this policy
We reserve the right to change this Policy from time to time in our sole discretion. If we make any changes, we will post those changes here so that you can see what information we gather, how we might use that information and in what circumstances we may disclose it. By continuing to use our site or our services or otherwise provide data after we post any such changes, you accept and agree to this Policy as modified.
Questions, comments, requests and complaints regarding this Policy and the information we hold are welcome and should be addressed to us at firstname.lastname@example.org. All requests will be dealt with promptly and efficiently.
2nd April 2019