Some examples of the type of information we may collect and hold about you are as follows:
But we may also collect, hold and process other personal data where it is appropriate and relevant, for example:
We will use your personal data to:
The legal bases that we rely on for processing your personal data are:
You have provided your consent to us using your personal data for a specific purpose:
We will ask for your consent to use your personal data to send you marketing emails and SMS.
You always have the right to withdraw your consent at any time.
It is necessary in connection with the performance of a contract with you:
Sometimes it is necessary to process your personal data so that we can enter into contractual relationships with you. For example, if you purchase an event, we will require your personal data to enable us to perform an carry out that agreement.
It is within our legitimate interests.
Applicable law allows personal data to be collected and used if it is reasonably necessary for our legitimate interests or a third party’s legitimate interests (as long as the processing is fair, balanced and does not unduly impact individuals’ rights). We will rely on this ground to process your personal data when it is not practical or appropriate to ask for your consent, and where we are confident that this will not impact your rights. This may include where we undertake research on individuals including before we proactively contact them.
Where you have provided your details to us, we may contact you by post and phone for certain marketing and fundraising activities as set out in section 5 below (but we will explain this to you at the point that we collect your details). You can opt out of this activity at any time by emailing us on [email protected]
When we process your personal data to achieve such legitimate interests, we consider and balance any potential impact on you (both positive and negative), and your rights under data protection laws. We will not use your personal data for activities where our interests are overridden by the impact on you, for example where use would be excessively intrusive (unless, for instance, we are otherwise required or permitted to by law).
We will collect and process the following data about you:
We may contact you by post and telephone, and, where you have provided consent, by e-mail, to let you know about our events and activities. We provide the opportunity for you to opt-out from receiving our marketing communications every time we contact you.
You can opt-out from receiving our marketing communications, or update your contact preferences at any time by emailing: [email protected]
If you are a social media user, we will use certain social media tools as part of our relationship with you. These tools include such things as Facebook and Instagram Custom/Lookalike Audiences, Google Customer Match/Similar Audiences, Twitter Tailored/Lookalike Audiences and LinkedIn Matched Audiences.
Through using these tools, we will provide some of your data to the social media platform / organisation to allow them to identify your social media profile with them. The social media platform / organisation will then show you relevant advertisements relating to Challenge Finder which we think you will be interested in seeing on your newsfeed.
We do not sell your information under any circumstances. We may from time to time share your personal data with third parties for them to use for marketing purposes or for us to use jointly with a third party where we are acting as your agent for an event booking. However, we will only ever do this where you have given us permission to do so or where we are carrying out joint research.
We work with service providers and other third parties who help us to operate and to provide and improve our information, products and services, and we may share information with them for this purpose.
Whilst we may allow our staff, consultants and/or external service providers acting on our behalf to access and use your personal data for the activities we have described in this policy (eg. to provide services or products to you, deliver mailings, to analyse data and to process payments), we only permit them to use it to deliver the relevant information, goods or services, and only if they apply an appropriate level of security protection.
We may need to disclose your personal data upon request to regulatory and government bodies as well as law enforcement agencies. We may also merge or partner with other organisations and in so doing, acquire or transfer personal data but your personal data would continue to be used for the purposes set out above.
The personal data we collect from you may be transferred to, shared and/or otherwise processed by organisations or companies outside the European Economic Area (“EEA”). Where your personal data is transferred outside the EEA, we will take reasonable steps to ensure that the recipient implements appropriate measures to protect your personal data (for example, by entering into EU Commission approved standard contractual clauses).
Unfortunately, the transmission of personal data via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your personal data transmitted to or via our websites and digital products; any transmission is at your own risk. If you have any questions about the international data transfer of your personal data, please contact us using the details below in section 12.
We may collect and manage personal data about children in some circumstances, such as where children participate in events through Challenge Finder, or have requested to receive certain communications from us, such as newsletters. Those aged under 13 are not permitted to receive our newsletters, or enter any competitions or prize draws with us. We will not knowingly have any other direct contact with those aged under 13.
Where consent is required to process children’s personal data and the child is under 13 years, where appropriate we shall seek consent from a parent or guardian, or shall ensure such consent is in place before any data is shared with us. We shall only hold personal data about children that is absolutely necessary for the purpose of the event/programme that they are applying for or participating in.
Where a parent or guardian gives consent on behalf of a child, we may contact that child after their 16th birthday, to check if they wish to maintain their relationship with us.
We are committed to ensuring that there are appropriate technical controls in place to protect your personal data including protection from misuse and unauthorised access. For example our network is protected and routinely tested.
Your information is only accessible by staff, volunteers and contractors who are bound by appropriate policies and procedures to protect your information
Please note that you may only use/ benefit from some of the following rights in limited circumstances. For more information, we suggest that you consult guidance from the Information Commissioner’s Office (ICO) – https://ico.org.uk/for-organisations/guide-to-the-general-data-protectio... - or please contact us using the details below.
Right to restrict processing:
In certain circumstances as outlined in the ICO guidance referred to above, you have a right to require us to stop processing your personal data in a particular way.
Right to erasure:
You have the right to request that your personal data is erased from our records in certain circumstances.
Right of access:
You have a right to ask for a copy of the personal data we hold about you. If you want to access your personal data, please send a description of the personal data you want to see and proof of your identity by post to The [email protected]
Right to rectification:
We also want to make sure that your personal data is accurate and up to date. Please let us know if your details change. You may also ask us to correct or remove personal data which is inaccurate.
Right to data portability:
In certain circumstances you have a right to data portability which means we will provide you (or a third party you nominate) with your personal data in a structured, commonly used and machine-readable format.
We keep personal data for as long as there is a need to keep it in connection with the purposes for which it was collected. We may keep your personal data after a particular matter or exchange has concluded but purely for record keeping purposes and to be able to respond to queries. In some cases, we are also obliged to retain your personal data to comply with legal or statutory obligations (for example, to keep records of contractual or financial matters).
Whilst the specific time periods vary depending on the circumstances, in general we will not keep records that include personal data for more than 10 years after a particular matter or exchange has concluded. In the event that you ask us to stop sending you marketing communications, we will retain certain details, such as your name and email address, but only to ensure that you are not contacted again.