PRIVACY POLICY

Data Privacy Notice

Personal data we collect and why we collect it

1. Your personal data – what is it?

Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller's possession or likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulation 2018 (the "GDPR").

The privacy and security of our customers personal data is important to us. This privacy notice explains how we use the information we collect about you, how you can instruct us if you prefer to limit the use of that information, and the procedures that we have in place to safeguard your privacy.

Our privacy policy relates only to information that we obtain from you, primarily through our event websites 13valleysultra.com and through our online entry platform (referred to as the "Websites"). If you visit a website operated by a third party through a link included on the Websites, your information might be used differently by the operator of the linked website.

2. Who we are and contact details

Nova International Ltd (trading as The Great Run Company) is the data controller and responsible for deciding how your personal data is processed and for what purposes (collectively referred to as "Nova", "we", "us", or "our" in this privacy notice).

Our full details are:

Full name of legal entity: Nova International Limited Role: Data Protection Manager Email address: dataprotection@greatrun.org Postal address:Newcastle House, Monarch Road, Newcastle upon Tyne, NE4 7YB

You have the right to make a complaint at any time to the Information Commissioner's Office (ICO). We would however appreciate the chance to deal with your concerns before you approach the ICO so please get in touch with us in the first instance.

3. How we process your personal data

Nova complies with its obligations under the GDPR by keeping your personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access, and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.

Any information that we collect about you is stored electronically on our database. It may also be printed and stored in our filing system.

4. The information we collect

We may collect personal information about you via our own entry system when we use it to take your event entry.

We may also receive personal information about you (your entry details) from Let's Do This with whom we have entered into an agreement to provide online entry management services on our behalf. Let's Do This has its own privacy policy and you should refer to it for any questions you may have about how your personal information is used by Let's Do This when you enter our events via the Let's Do This entry platform.

We may collect and use different kinds of personal data about you which we have grouped together as follows:

In nearly all cases, we collect your personal data directly from you when you enter and event or purchase merchandise from us, by completing an online form.

We will not collect or store any other sensitive information about you without your explicit consent.

Where we need to collect personal information from you in order to fulfil your event entry or to fulfil a purchase of merchandise, if you do not provide us with the data requested, we may not be able to provide the goods or services you are attempting to purchase.

5. How we protect your information

We will keep your personal information confidential except to the extent that we are compelled to disclose it by law (for example where fraud or other crime is involved) or to comply with an instruction of a regulatory body of competent jurisdiction. To comply with the GDPR we follow strict security procedures for storing data.

The personal information that we hold will be held securely to ensure no unauthorised disclosure or access. The internet is not a secure medium. We have put in place various security measures but you are advised to treat the internet as an insecure medium in all of your communications with us.

6. Purposes for which we will use your personal data

We will only use your personal details where we are allowed to by law. There are three main circumstances where we use your data:

Generally, we do not rely on consent as a legal basis for processing your personal data other than in relation to sending certain forms of marketing communications. You can ask us to stop sending you marketing communications at any time.

We have set out below a description of all the ways we plan to use your personal data, and which of the lawful bases under GDPR that we rely on to do so. We have also identified what our legitimate interests are where appropriate.

Purpose/Activity

Type of data

Lawful basis for processing including basis of legitimateinterest

To register you as a new customer

i) Identity
ii) Contact

i) Performance of a contract with you

To allocate your entry into an event and to record and publish yourfinish time alongside you name, gender and age group on our website

i) Identity
ii) Contact
iii)Transaction
iv) Health
v)Financial

i) Performance of a contract with you
ii) Necessary for ourlegitimate interests (to keep our records updated)

To process any products or services that we may provide to you as part ofyour entry and fulfil any merchandise orders you may have placed with us

i) Identity
ii) Contact
iii) Transaction
iv)Financial

i) Performance of a contract with you
ii) Necessary for ourlegitimate interests (to keep our records updated)

To contact your next of kin in the event of an emergency

i) Contact

i) Necessary to protect your vital interests

To personalise your online experience across our websites

i) Identity
ii) Contact
iii)Transaction
iv) Health
v) Financial

i) Necessary for our legitimate interests (to develop our events/services and grow our business)

To send you health and safety and other relevant event information forany Great Run Company event that you are participating in

i) Identity
ii) Contact
iii)Transaction
iv) Health
v)Financial

i) Performance of a contract with you
ii) Necessary to comply with alegal obligation
iii) Necessary for our legitimate interests (to keep our recordsupdated)

To process any request for advice or information supplied by us or tocontact you should there be any changes to the event which are likely to affect you

i) Identity
ii) Contact
iii)Transaction
iv) Health
v)Financial

i)Performance of a contract with you
ii) Necessary to comply with alegal obligation
iii) Necessary for our legitimate interests (to keep our recordsupdated)

To send you our e-newsletter and make suggestions and recommendations toyou about our events and services that may be of interest to you

i) Identity
ii) Contact
iii)Transaction
iv)Marketing

i) Where you have given consent for us to do so – for customersbetween Jan 9, 2018 and April 17, 2023
ii) Necessary for our legitimate interests (todevelop our events/services and grow our business) – for all other customers

To monitor, develop and improve our events, products and services and/or your experience

i) Identity
ii) Contact
iii)Transaction
iv) Health
v) Financial

i) Necessary for our legitimate interests (to develop our events/services and grow our business)

To make suggestions and recommendations to you about our partners’products and services that may be of interest to you

i) Identity
ii) Contact
iii)Transaction
iv)Marketing

i) Where you have given consent for us to do so

To send you reminders about the opening of an event

i) Identity
ii) Contact
iii) Marketing

i) Where you have given consent for us to do so

To comply with our statutory and regulatory obligations

i) Identity
ii) Contact
iii)Transaction
iv)Financial

i) Necessary to comply with a legal obligation

To register you as a volunteer for an event and send you informationrelated to your role

i) Identity
ii) Contact
iii) Health

i) Necessary for out legitmate interests (to communicate with you regarding your application to volunteer)

 

7. Special Category Data

Special category data is personal data which the GDPR says is more sensitive, and so needs more protection. We collect this information for some of our events only.

We have set out below a description of the ways we plan to use your special category personal data, if applicable to you, and which of the lawful bases under the GDPR that we rely on to do so.

Purpose/Activity

Type of Special Category data

Lawful basis for processing including basis of legitimate interest (Article 6)

Condition for processing special category data under Article 9

To process your event entry

Health (e.g. wheelchair or visually impaired participant)

Necessary for our legitimate interests (to keep our records updated and to ensure your safe participation in the event)

Where you have given us explicit consent to do so

To gather statistical information in the public interest

Ethnic Origin

Where you have given consent for us to do so

For archiving purposes in the public interest

To process your application to volunteer for an event

Health

Necessary for our legitimate interests (to keep our records updated and to ensure your safe participation in the event)

Where you have given us explicit consent to do so

8. Sharing your personal data

We keep your personal information confidential, but may disclose it to our personnel, suppliers or subcontractors as is reasonably necessary for the purposes set out in this privacy policy and for which you might reasonably expect. We make sure that these third parties do not make independent use of the information and that they have agreed to adhere to the rules set out in this privacy policy.

Categories of third parties are listed below

From time to time we pass your personal information to carefully selected media partners for the purposes of information and publicity, but we will only do this if you have provided your information on the entry form in the Interesting Stories section which clearly states that you are providing your information for this purpose.

We never pass your personal information on to any third parties for marketing purposes.

9. International data transfers

Our servers are located in the European Union and the information that we collect directly from you will be stored in these servers. We may also transfer parts of your personal data, where reasonably necessary, to our third-party service providers who may be located outside of the EU or who may engage sub-processors located outside of the EU.

There are agreements in place to ensure that all of our third-party suppliers or service providers process personal information using appropriate safeguards that meet the requirements of EU data protection laws.

If you would like to find out more about these safeguards or if you have any other queries or comments in relation to this policy, please let us know by emailing dataprotection@greatrun.org .

10. How long we keep your personal data

In accordance with the GDPR and good commercial practice we keep data in a form that permits identification of the person to whom it relates for no longer than reasonably necessary.

Where you have taken part in an event, we are obligated by law to keep certain personal details for a minimum of three years so that we can maintain sufficient records. After this period we will either permanently delete your personal information or remove all identifiers within it so that it is no longer personal data. We may use such anonymised data for research and/or business analysis purpose.

Where you have given us your consent to send you marketing communications we will hold this consent as valid for two years. You can ask us to stop contacting you at any time.

11. Automated decision making

Where you have consented for us to do so, or where we have a legitimate interest to send you communications about our events and services, we may from time to time use automated decision making in order to minimize the chance of emailing you with information about our events and services that may less relevant or not relevant to you. For example if you have entered and event but subsequently did not take part, we will not email you with a post event results email. Another example is that we will use your postcode to ensure that you are emailed about Great Run Company events closer to where you live, rather than events that are far away.

12. Targeted marketing

Where you have consented for us to do so, or where we have a legitimate interest to send you marketing communications about our events and services, we may from time to time use the information we collect about you to serve you targeted advertisements in order to provide you with more relevant advertising content. This targeted marketing may be accomplished via our own channels (e.g. our website) and third party channels, including across multiple devices or browsers, using some or all of the following platforms:

13. Your rights and your personal data

Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data:

If you wish to exercise any of the rights set out above please contact us at dataprotection@greatrun.org

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data. This is a security measure to ensure that personal data is not disclosed to any person who does not have right to receive it.

14. Updating Your Details and Marketing Preferences

If any of the information that you have provided to us when you enter an event changes, for example if you change your email address, please update your Profile section on our website.

You can also update your marketing preferences by logging into your Profile section on our website, or by clicking on the unsubscribe link at the bottom of all our marketing emails.

15. Further processing

If we wish to use your personal data for a new purpose, not covered by this data privacy notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.

16. Cookies and Website Analytics

Our website uses cookies and other mechanisms to collect analytical information, to help us analyse how visitors use the site and to compile statistical reports on website activity. To find out more please view our Cookies Policy.

17. Your Consent

By submitting your information to us on the account registration form, you consent to the use of that information as set out in this policy. If we change this privacy policy we will post the changes on this page, and may place notices on other pages of the Websites, so that you may be aware of the information we collect and how we use it at all times. We may also email you should we make any changes so that you may consent to our use of your information in that way. Continued use of our Websites will signify that you agree to any such changes.

Owing to the global nature of the internet's infrastructure the information you provide may be temporarily transferred to and stored in countries outside the European Economic Area, for example if the location of the Internet service provider hosting our Websites is outside of this area. By agreeing to our terms and conditions of use of our Websites you consent to any transfer of your personal information outside the European Economic Area.

18. Contact Details

To exercise all relevant rights, queries or complaints please in the first instance contact our customer services team at dataprotection@greatrun.org.

If we cannot able to resolve your query or complaint satisfactorily you can contact the Information Commissioners Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.

This privacy notice was updated on 21 April 2023.