We are committed to respecting your privacy. This notice is to explain how we may use personal information we collect before, during and after your engagement with us. It also explains how we use your data if you are named next of kin for a service-user. This notice applies to you if you have visited our website and/or engaged our business for services and/or goods. This notice explains how we comply with the law on data protection, what your rights are and for the purposes of data protection we will be the controller of any of your personal information.
We have not appointed a Data Protection Officer to oversee our compliance with data protection laws. Sue Holden has overall responsibility for data protection compliance in our organisation. Contact details are set out in the “Contacting us” section at the end of this privacy notice.
Personal information we may collect from you
Depending on who you are and our relationship with you , you may initially provide us with or we may obtain personal information about you, such as information regarding your:
- Identity Data includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth gender, images in video and/or photographic form and voice recordings.
- Contact Data includes billing address, delivery address, email address and telephone numbers.
- Financial Data includes bank account and payment card details.
- Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us.
- Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.
- Profile Data includes your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses.
- Usage Data includes information about how you use our website, products and services.
- Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
- Next of Kin Data details of next of kin, family members, coaches and emergency contacts.
Special categories of personal information
We may also collect, store and use the following “special categories” of more sensitive personal information regarding you:
- information about your health, principally from the PARQ questionnaire
We may not collect all of the above types of special category personal information about you. In relation to the special category personal data that we do process we do so on the basis that
- it is necessary for the establishment, exercise or defence of legal claims;
- it is necessary for the purposes of carrying out the obligations and exercising our or your rights in the field of employment and social security and social protection law; or
- based on your explicit consent.
In the table below’ we refer to these as the “special category reasons for processing of your personal data”.
This website is not intended for children and we do not knowingly collect data relating to children.
Where we collect your information
We typically collect personal information about our members when you express and interest in our goods or services using our website ExeNordicWalking.co.uk, by telephone, by email or in some other way.
If you are providing us with Next of Kin Data they have a right to know and to be aware of how what personal information we hold about them, how we collect it and how we use and may share that information. Please share this privacy notice with those of them whom you feel are sufficiently mature to understand it. They also have the same rights as set out in the “Your rights in relation to personal information” section below.
Notwithstanding Next of Kin Data, we do not envisage collecting personal data from any third-party sources.
If you fail to provide personal data
Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.
Uses made of the information
The table below describes the main purposes for which we process your personal information, the categories of your information involved and our lawful basis for being able to do this.
|Purpose||Personal information used||Lawful basis|
|To register you as a new customer||Identity Contact||Performance of a contract with you|
|To process and deliver your order including: (a) Manage payments, fees and charges (b) Collect and recover money owed to us||Identity Contact Financial Transaction Marketing and Communications||(a) Performance of a contract with you (b) Necessary for our legitimate interests (to recover debts due to us)|
|To manage our relationship with you including dealing with payments and any support, service or product enquiries made by you, complaints or queries raised by you.||Identity Contact Profile Marketing and Communications||(a) Performance of a contract with you (b) Necessary to comply with a legal obligation (c) Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services)|
|To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)||Identity Contact Technical||(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise) (b) Necessary to comply with legal obligation|
|To make suggestions and recommendations to you about goods or services that may be of interest to you||Identity Contact Technical Usage Profile Marketing and Communications||Necessary for our legitimate interests (to develop our products/services and grow our business)|
|To send you marketing material where you are not a former or existing customer of the business.||Identity Contact Marketing and Communications ||Express consent – withdrawable at any time.|
|To use data analytics to improve our website, products/services, marketing, customer relationships and experiences||Technical Usage||Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)|
|The security of our IT systems||Usage||Necessary for our legitimate interest to ensure that our IT systems are secure.|
|Promoting the business, our events and packages.||Identity – specifically, Images in video and/or photographic form.||Necessary for our legitimate interests (to effectively market our products and services). We will inform you of any schedule photography / video prior and during the service and give you the opportunity to withdraw from participation in the photography / filming.|
|To comply with health and safety requirements||Usage Identity Sensitive Personal Data –(Health)||We have a legal obligation and a legitimate interest to provide you and other members of our organisation with a safe environment in which to participate in sport. We process special category personal data on the basis of the “special category reasons for processing of your personal data” referred to in section 2 above.|
|To use information about your physical or mental health (including any injuries) or disability status, to ensure your health and safety and to assess your fitness to participate in any events or activities we host and to provide appropriate adjustments to our sports facilities.||Identity Sensitive Personal Data (Health)||We process special category personal data on the basis of the “special category reasons for processing of your personal data” referred to in section 2 above.|
|To contact you in the event of an emergency with a services participant||Identity of Participant Sensitive Personal Data – (Health) of participant Next of Kin Data||Necessary for our legitimate interests (to maintain the safety and wellbeing of our participants)|
For some of your personal information you will have a legal, contractual or other requirement or obligation for you to provide us with your personal information.
Where you have given us your consent to use your personal information in a particular manner, you have the right to withdraw this consent at any time, which you may do by contacting us as described in the “Contacting us” section below.
Please note however that the withdrawal of your consent will not affect any use of the data made before you withdrew your consent and we may still be entitled to hold and process the relevant personal information to the extent that we are entitled to do so on bases other than your consent. Withdrawing consent may also have the same effects as not providing the information in the first place, for example we may no longer be able to provide certain member benefits to you.
Email, post and SMS marketing: from time to time, we may contact you by email, post or SMS with information about products and services we believe you may be interested in.
We will only send marketing messages to you in accordance with the marketing preferences you set. You can then let us know at any time that you do not wish to receive marketing messages by contacting firstname.lastname@example.org. You can also unsubscribe from our marketing by clicking on the unsubscribe link in the marketing messages we send to you.
Disclosure of your personal information
We may share personal information with the following parties:
- Any party approved by you;
- To British Nordic Walking or other Sports Governing bodies: to allow them to properly administer the sports on a local, and national level;
- Other service providers: for example, insurers, marketing specialists, payment processors, promotional advisors, contractors or suppliers and IT services (including CRM, website, video- and teleconference services);
- Our professional advisors: for example, solicitors and accountants.
- The Government or our regulators: where we are required to do so by law or to assist with their investigations or initiatives;
- Police, law enforcement and security services: to assist with the investigation and prevention of crime and the protection of national security; or
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
Transferring your personal information internationally
The personal information we collect may be transferred to and stored in countries outside of the UK and the European Union. Some of these jurisdictions require different levels of protection in respect of personal information and, in certain instances, the laws in those countries may be less protective than the jurisdiction you are typically resident in. We will take all reasonable steps to ensure that your personal information is only used in accordance with this privacy notice and applicable data protection laws and is respected and kept secure and where a third part processes your data on our behalf we will put in place appropriate safeguards as required under data protection laws. For further details please contact us by using the details set out in the “Contacting us” section below.
How long do we keep personal information for?
The duration for which we retain your personal information will differ depending on the type of information and the reason why we collected it from you. However, in some cases personal information may be retained on a long-term basis: for example, personal information that we need to retain for legal purposes will normally be retained in accordance with usual commercial practice and regulatory requirements. Generally, where there is no legal requirement we retain all physical and electronic records for a period of 6 years after your last contact with us or the end of your engagement with us.
It is important to ensure that the personal information we hold about you is accurate and up-to-date, and you should let us know if anything changes, for example if you change your phone number or email address. You can contact us by using the details set out in the “Contacting us” section below.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Your rights in relation to personal information
You have the following rights in relation to your personal information:
- the right to be informed about how your personal information is being used;
- the right to access the personal information we hold about you;
- the right to request the correction of inaccurate personal information we hold about you;
- the right to request the erasure of your personal information in certain limited circumstances;
- the right to restrict processing of your personal information where certain requirements are met;
- the right to object to the processing of your personal information;
- the right to request that we transfer elements of your data either to you or another service provider; and
- the right to object to certain automated decision-making processes using your personal information.
You should note that some of these rights, for example the right to require us to transfer your data to another service provider or the right to object to automated decision making, may not apply as they have specific requirements and exemptions which apply to them and they may not apply to personal information recorded and stored by us. For example, we do not use automated decision making in relation to your personal data. However, some have no conditions attached, so your right to withdraw consent or object to processing for direct marketing are absolute rights.
Whilst this privacy notice sets out a general summary of your legal rights in respect of personal information, this is a very complex area of law. More information about your legal rights can be found on the Information Commissioner’s website at https://ico.org.uk/for-the-public/.
To exercise any of the above rights, or if you have any questions relating to your rights, please contact us by using the details set out in the “Contacting us” section below.
If you are unhappy with the way we are using your personal information you can also complain to the UK Information Commissioner’s Office or your local data protection regulator. We are here to help and encourage you to contact us to resolve your complaint first.
Accessing the personal data we hold about you
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
Changes to this notice
We may update this privacy notice from time to time. When we change this notice in a material way, we will update the version date at the bottom of this page. For significant changes to this notice we will try to give you reasonable notice unless we are prevented from doing so. Where required by law we will seek your consent to changes in the way we use your personal information.
In the event of any query or complaint in connection with the information we hold about you, please email email@example.com or telephone us 07799 413 237.
Legitimate Interest means the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us.
Performance of Contract means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.
Comply with a legal obligation means processing your personal data where it is necessary for compliance with a legal obligation that we are subject to.
Your legal rights
You have the right to:
Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:
- If you want us to establish the data’s accuracy.
- Where our use of the data is unlawful but you do not want us to erase it.
- Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims.
- You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
Version dated 14th October 2019