Data Privacy Notice
1. Your personal data – what is it?
Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulation 2018 (the “GDPR”).
The privacy and security of our customers personal data is important to us. This privacy notice explains how we use the information we collect about you, how you can instruct us if you prefer to limit the use of that information, and the procedures that we have in place to safeguard your privacy.
2. Who we are and contact details
Nova International Ltd (trading as The Great Run Company) is the data controller and responsible for deciding how your personal data is processed and for what purposes (collectively referred to as “Nova”, “we”, “us”, or “our” in this privacy notice).
Our full details are:
Full name of legal entity: Nova International Limited
Role: Data Protection Manager
Email address: firstname.lastname@example.org
Postal address: Newcastle House, Monarch Road, Newcastle upon Tyne, NE4 7YB
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO). We would however appreciate the chance to deal with your concerns before you approach the ICO so please get in touch with us in the first instance.
3. How we process your personal data
Nova complies with its obligations under the GDPR by keeping your personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.
Any information that we collect about you is stored electronically on our database. It may also be printed and stored in our filing system.
4. The information we collect
We may collect and use different kinds of personal data about you which we have grouped together as follows:
e.g. your name, gender, date of birth, video and photography;
e.g. your address, phone number, e-mail address; also details of a next of kin contact for use in the event of an emergency;
e.g. details about the events you enter, services you specifically request and/or products or merchandise you purchase from us;
e.g. whether or not you have a medical condition (although we do not usually ask what type of condition), whether or not you are a wheelchair user;
e.g. a username and password for your online account; a security question and answer for your online account;
We do not hold your payment data. We use JP Morgan Merchant Services to process all payments. When you pay for an event or product you enter your details directly onto an online form hosted by JP Morgan Merchant Services.
e.g. if you have entered a child/minor into our events we will hold details about the child/minor as well as the parent/guardian.
e.g. your preferences in relation to whether or not you want to receive marketing information from us
about our events and services, or
about our partners products and services
In nearly all cases, we collect your personal data directly from you when you enter and event or purchase merchandise from us, by completing an online form.
We will not collect or store any other sensitive information about you without your explicit consent.
Where we need to collect personal information from you in order to fulfil your event entry or to fulfil a purchase of merchandise, if you do not provide us with the data requested we may not be able to provide the goods or services you are attempting to purchase.
5. How we protect your information
We will keep your personal information confidential except to the extent that we are compelled to disclose it by law (for example where fraud or other crime is involved) or to comply with an instruction of a regulatory body of competent jurisdiction. To comply with the GDPR we follow strict security procedures for storing data.
The personal information that we hold will be held securely to ensure no unauthorised disclosure or access. The internet is not a secure medium. We have put in place various security measures but you are advised to treat the internet as an insecure medium in all of your communications with us.
6. Purposes for which we will use your personal data
We will only use your personal details where we are allowed to by law. There are three main circumstances where we use your data:
Where we have entered (or are about to enter) into a contract with you most usually related to your entry into an event, and sometimes when you buy merchandise from us.
Where it is necessary for our legitimate interests (or those of a third party) and your interests and rights do not override our legitimate interests.
Where we need to comply with a regulatory obligation.
Generally we do not rely on consent as a legal basis for processing your personal data other than in relation to sending certain forms of marketing communications. You can ask us to stop sending you marketing communications at any time.
We have set out below a description of all the ways we plan to use your personal data, and which of the lawful bases under GDPR that we rely on to do so. We have also identified what our legitimate interests are where appropriate.
7. Special Category Data
Special category data is personal data which the GDPR says is more sensitive, and so needs more protection. We collect this information for some of our events only.
We have set out below a description of the ways we plan to use your special category personal data, if applicable to you, and which of the lawful bases under the GDPR that we rely on to do so.
8. Sharing your personal data
Categories of third parties are listed below
Event related fulfilment (e.g. timing company, mailing house)
Results (e.g. local and specialist media, participant photography services company)
Charities (Individual charities as selected by you on the entry form)
Television / Media broadcast (e.g. BBC)
From time to time we pass your personal information to carefully selected media partners for the purposes of information and publicity, but we will only do this if you have provided your information on the entry form in the Interesting Stories section which clearly states that you are providing your information for this purpose.
We never pass your personal information onto any third parties for marketing purposes.
9. International data transfers
Our servers are located in the European Union and the information that we collect directly from you will be stored in these servers. We may also transfer parts of your personal data, where reasonably necessary, to our third party service providers who may be located outside of the EU or who may engage sub-processors located outside of the EU.
There are agreements in place to ensure that all of our third party suppliers or service providers process personal information using appropriate safeguards that meet the requirements of EU data protection laws.
If you would like to find out more about these safeguards or if you have any other queries or comments in relation to this policy, please let us know by emailing email@example.com.
10. How long we keep your personal data
In accordance with the GDPR and good commercial practice we keep data in a form that permits identification of the person to whom it relates for no longer than reasonably necessary.
Where you have taken part in an event, we are obligated by law to keep certain personal details for a minimum of three years so that we can maintain sufficient records. After this period we will either permanently delete your personal information or remove all identifiers within it so that it is no longer personal data. We may use such anonymised data for research and/or business analysis purpose.
Where you have given us your consent to send you marketing communications we will hold this consent as valid for two years. You can ask us to stop contacting you at any time.
11. Automated decision making
Where you have consented for us to do so, or where we have a legitimate interest to send you communications about our events and services, we may from time to time use automated decision making in order to minimize the chance of emailing you with information about our events and services that may less relevant or not relevant to you. For example if you have entered and event but subsequently did not take part, we will not email you with a post event results email. Another example is that we will use your postcode to ensure that you are emailed about Great Run Company events closer to where you live, rather than events that are far away.
12. Targeted marketing
Where you have consented for us to do so, or where we have a legitimate interest to send you marketing communications about our events and services, we may from time to time use the information we collect about you to serve you targeted advertisements in order to provide you with more relevant advertising content. This targeted marketing may be accomplished via our own channels (e.g. our website) and third party channels, including across multiple devices or browsers, using some or all of the following platforms:
13. Your rights and your personal data
Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data:
The right to request a copy of your personal data which we hold;
The right to request that we correct any personal data if it is found to be inaccurate or out of date;
The right to request your personal data is erased where it is no longer necessary for us to retain such data;
The right to withdraw your consent to the processing of your personal information for the purposes of sending marketing communications at any time;
The right to request that the we provide you with your personal data and where possible, to transmit that data directly to another data controller, (known as the right to data portability);
The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
The right to object to the processing of personal data, where applicable
The right to lodge a complaint with the Information Commissioners Office.
If you wish to exercise any of the rights set out above please contact us at firstname.lastname@example.org
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data. This is a security measure to ensure that personal data is not disclosed to any person who does not have right to receive it.
14. Updating Your Details and Marketing Preferences
If any of the information that you have provided to us when you enter an event changes, for example if you change your email address, please update your Profile section on our website.
You can also update your marketing preferences by logging into your Profile section on our website, or by clicking on the unsubscribe link at the bottom of all our marketing emails.
15. Further processing
If we wish to use your personal data for a new purpose, not covered by this data privacy notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
16. Cookies and Website Analytics
17. Your Consent
Owing to the global nature of the internet's infrastructure the information you provide may be temporarily transferred to and stored in countries outside the European Economic Area, for example if the location of the Internet service provider hosting our Websites is outside of this area. By agreeing to our terms and conditions of use of our Websites you consent to any transfer of your personal information outside the European Economic Area.
18. Contact Details
To exercise all relevant rights, queries or complaints please in the first instance contact our customer services team at email@example.com.
If we cannot able to resolve your query or complaint satisfactorily you can contact the Information Commissioners Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.
This privacy notice was updated on 07 June 2019.