1.1 Musselburgh Racecourse, part of Chester Race Company Limited, (“we” or “us”) are a data controller of the personal information we receive from or collect about you. We are registered as a data controller with the Information Commissioner's Office and our registration number is ZB352517. We can be contacted at the following email@example.com or calling 0131 665 2859.
1.2 We are committed to protecting the privacy and security of your personal information.
1.3 This privacy notice describes how we collect and use personal information about you during and after your relationship with us.
1.4 The contents of this privacy notice are overseen by our Data Protection Officer/Sarah Montgomery, whose details are as follows: firstname.lastname@example.org or by calling 0131 665 2859.
2. THE KIND OF INFORMATION WE HOLD ABOUT YOU
2.1 We will collect your personal contact details such as name, title, address, telephone number(s) and email address.
2.2 When booking we also ask how you heard about us, your date of birth, whether or not you are new to racing and whether or not you would like to subscribe to our mailing list. Additionally, during booking we log certain non-personal information to help improve the purchasing flow. These logs are rotated on a frequent basis.
2.3 We may also collect details of any disabilities or other health issues that you have if we need them to administer your visit to our racecourse.
2.4 We may also collect some information about you as you use our website (including your IP address), as described further in the ‘Cookies’ section below.
2.5 We will record CCTV footage of you when you visit our racecourse.
3. HOW IS YOUR PERSONAL INFORMATION COLLECTED?
3.1 We collect personal information about you when event tickets or hospitality are purchased from us, either using our website or by phone. We may collect further information from you if you otherwise correspond with us by phone or email.
3.2 The website booking process collects address data, your email address, a contact telephone number, how you heard about us, your data of birth, whether you are new to racing and whether you would like to sign up for our mailing list. This is collected during the purchasing process and is stored in our database. We also ask you to supply a password, should you wish to log-in to the website at a later date. This password is securely encrypted in our database.
3.3 If you purchase tickets at the racecourse on a race day, we will not generally collect any personal information from you as part of that purchase process (the only details that you provide would be your credit or debit card information (which is provided directly to the payment services provider and is not collected or stored by us) and any contact details collected by us as part of public health test and protect efforts).
3.4 We will also collect your name and email address if you register to use the free wi-fi network at our racecourse.
3.5 Please note that our website may, from time to time, contain links to and from the websites of advertisers and other partner organisations. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
3.7 You can set your browser not to accept cookies and the above websites tell you how to remove cookies from your browser. However, in a few cases some of our website features may not function as a result.
4. HOW WE WILL USE INFORMATION ABOUT YOU
4.1 We will collect, store, use and share information about you in order to administer our relationship with you as our customer and to manage our business more generally.
Information you provide to us
4.2 We will use this information to perform the contract we have entered into with you – i.e. to contact you (including as necessary to send you tickets you have booked through us) and to verify your identity when you visit our racecourse.
4.3 We may also use this information in other ways when it is in our and your legitimate interests to do so – i.e. so we can respond to your enquiries, process your requests in relation to your information and / or fulfil our collective responsibilities in relation to public health track and trace efforts. Where we don’t need (under applicable data protection law) to gain your express consent to send you marketing materials or other information about our racecourse or events, we will do so again in order to achieve our legitimate interests.
4.4 We may also process the personal information that you provide to us in order to comply with our legal obligations (such as if we are under a statutory or equivalent obligation to disclose contact details to public health authorities), where we need to protect your interests (or someone else’s interests) or where it is needed in the public interest.
4.5 We may (in circumstances where we do not have another legal basis on which to do so) ask you to consent to us processing your information – e.g. when sending you marketing materials from time to time or to process your health data in order to administer your visit to our racecourse. If we do so, we will provide you with details of the information that we would like and the reason(s) we need it, so that you can consider whether you wish to consent. As we will explain at the time we collect any such consent, you have the right to withdraw the consent you have provided at any time.
4.6 If you fail to provide certain information when requested, we may not be able to perform the contract we have entered into with you (such as selling you tickets), or we may be prevented from complying with our legal obligations (such as to ensure the health and safety of visitors to our racecourse). If you withdraw your consent to us processing your personal information (where consent has been provided), that might also have an impact on our ability to permit you to visit our racecourse.
4.7 Please note that we may process your personal information without your knowledge or consent where this is required or permitted by law.
Information we collect from you
4.8 As described above, we may collect certain information from you when you use our site. We will use this to ensure that content from our site is presented in the most effective manner for you and for your computer, making the site easier for you to use and providing you with access to all parts of the site.
4.9 We also use this information to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you.
4.10 We do not envisage that any decisions will be taken about you using automated means. We will notify you in writing if this position changes.
5. DATA SHARING
5.1 We will share your personal information with the following third parties where required by law, where it is necessary to administer the working relationship with you or where we have another legitimate interest in doing so.
5.2 “Third parties” includes third-party service providers (including contractors and designated agents), and other entities within our group. The following activities are carried out by third-party service providers: administering CCTV, administering payments made over the website, distributing tickets, assisting with our marketing campaigns.
5.3 Our third-party service providers and other entities in the group are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.
5.4 We will share your personal information with other entities in our group, for example for example as part of our regular reporting activities on company performance and business planning, for system maintenance support and for hosting of data.
5.5 We may share your personal information with other third parties, for example if our business or assets are to acquired by another company. We may also need to share your personal information with a regulator, governmental (e.g. public health) authority or otherwise to comply with the law.
5.6 We may transfer personal information about you outside of the European Economic Area (EEA). To ensure that your personal information receives an adequate level of protection we will put in place appropriate measures to ensure that your personal information is treated by those third parties in a way that is consistent with and which respects the EU and UK laws on data protection.
6. DATA SECURITY
6.1 We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we aim to limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know.
7. DATA RETENTION
7.1 We will only retain your personal information for as long as we consider it necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, the applicable legal requirements and other factors that we consider relevant. Our retention policy can be obtained by emailing email@example.com
7.2 We retain CCTV footage for a period of time. This can be obtained by contacted the office firstname.lastname@example.org.
7.3 In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.
8. YOUR RIGHTS IN CONNECTION WITH PERSONAL INFORMATION
8.1 Under certain circumstances and subject to certain conditions, by law you have the right to:
• Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you.
• Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
• Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
• Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
• Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
• Request the transfer of your personal information to another party.
8.2 You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
8.3 We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
8.4 In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing. To withdraw your consent, please contact us using the contact details at the top of this privacy notice. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
9. If you are unsatisfied with our response to any data protection issues you raise with us, you have the right to make a complaint to the Information Commissioner’s Office (ICO). The ICO is the authority in the UK which is tasked with the protection of personal data and privacy.
10. CHANGES TO THIS PRIVACY NOTICE
10.1 We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.