Chelmsford City Racecourse (the Racecourse) is based in Essex, England. This Privacy Notice explains how we collect and process your personal data, and our lawful basis for doing so.
We retain our right to update this Privacy Notice at any time and will contact you when we do so.
If you have any questions or want to exercise your data protection rights, please contact our Data Protection Lead:
Our contact details
Name: Chelmsford City Racecourse
Address: Chelmsford City Racecourse, Great Leighs, Chelmsford, CM3 1QP
Email: firstname.lastname@example.org Phone Number: 01245 360300
The personal data we collect
When you use our services, we collect and process some or all the following personal data:
Identity information including name, and photo identification.
Contact information including telephone number, email, and postal addresses.
Special category data (when it is relevant to supporting accessibility requirements) proof of disabilities and eligibility for related benefits.
Purchase and payment details including your purchase history and only the last four digits of your chosen payment card.
Website use including how you found our website, what pages you visit and the actions you perform.
Usually, we collect this data directly from you via our website, telephone, email or in person.
We use the information that you have given us to:
Facilitate your Racecourse membership
Process event and hospitality bookings and payments
Support your accessibility requirements
Market our products and services to you
Improve and make enhancements to our website
We carry out this processing using the following lawful bases:
Performing a public task
How we share your personal data
We never share or sell your personal data to another company for commercial gain. We only ever share your personal data with organisations that help us to deliver our services. These organisations are known as our data processors.
We require all data processors to respect the security of your personal data and to treat it in accordance with the law. Data processors are not allowed to use your personal data for their own purposes; we only permit them to process your personal data in accordance with our instructions.
Some of our data processors will store your personal data in the UK. This means that it will be fully protected under the UK GDPR. Some of our data processors will store your personal data within the European Economic Area (the “EEA”), where your personal data will be fully protected under the EU GDPR and/or to equivalent standards by law.
Some of our data processors store your personal data in countries outside of the UK and EEA. In these cases, we take additional steps to ensure that your personal data is treated just as safely and securely as it would be within the UK as follows:
We will store or transfer personal data in or to countries that are deemed to provide an adequate level of protection for personal data
We will use standard contractual clauses or specifically approved contracts, or other approved measures
Please contact us for a list of our data processors or for further information about the data protection safeguards used when transferring your personal data to a third country.
How we store and retain your personal data
Records of your personal data and communications are stored securely in our database, shared filing, and e-mail.
By law, we must keep a record of any communications or requests relating to your data protection rights. We retain this information for seven years.
We also need to keep certain records for tax or other legal reasons. Where applicable, this information is retained for seven years.
How your data is kept secure
We implement a wide range of techniques and measures to keep your personal data safe and protected including but not limited to:
Putting appropriate security measures in place, to prevent your personal data from being accidentally lost, used, altered, disclosed, or accessed in an unauthorised way
Limiting access to your personal data on a ‘need to know’ only basis
Ensuring our staff are trusted and trained in data protection compliance and confidentiality
Following due process to deal with any suspected personal data breach
Only transferring your data outside of the UK and EEA with the required safeguards and guarantees in place
Only retaining your personal data for as long as necessary to fulfil the purpose we collected it for
Your data protection rights
We fully support your rights and will always seek to uphold them. At any point you can also contact us to exercise your:
Right of access – contact us for a copy of the data we hold about you
Right of rectification – let us know if the data we hold is out of date or inaccurate and we will update it
Right to erasure – please contact us and we will delete the data we are able to. We may need to retain certain information for legal or taxation purposes
Right to restrict processing – in certain circumstances you can ask us to restrict our processing
Right to portability – we will support reasonable requests to transfer your data to another party should you require it
Right to object to automated decision making and profiling – we do not undertake any form of automated decision making or profiling
When you submit a request to us, we have one month to respond to you. You will not have to pay to exercise your rights unless your request becomes unfounded or excessive.
How to make a complaint
If you are unhappy with the way we have processed your data, please contact us using the details provided. If we ever refuse to uphold your rights, we will explain why.
If this does not resolve your issue to your satisfaction, you have the right to lodge a complaint with the UK’s Supervisory Authority, the Information Commissioner’s Office.
Information Commissioner’s Office
Wycliffe House Water Lane Wilmslow