Privacy policy

Privacy Policy

Dated: 22nd February 2022

Chelmsford City Racecourse (the Racecourse) is based in Essex, England. This Privacy Notice explains how we collect and process your personal data, and our lawful basis for doing so.

We retain our right to update this Privacy Notice at any time and will contact you when we do so.

If you have any questions or want to exercise your data protection rights, please contact our Data Protection Lead:

Our contact details

Name: Chelmsford City Racecourse
Address: Chelmsford City Racecourse, Great Leighs, Chelmsford, CM3 1QP
Email: info@chelmsfordcityracecourse.com
Phone Number: 01245 360300

The personal data we collect

When you use our services, we collect and process some or all the following personal data:

• Identity information including name, and photo identification.
• Contact information including telephone number, email, and postal addresses.
• Special category data (when it is relevant to supporting accessibility requirements) proof of disabilities and eligibility for related benefits.
• Purchase and payment details including your purchase history and only the last four digits of your chosen payment card.
• Website use including how you found our website, what pages you visit and the actions you perform.

Usually, we collect this data directly from you via our website, telephone, email or in person.

We use the information that you have given us to:

• Facilitate your Racecourse membership
• Process event and hospitality bookings and payments
• Support your accessibility requirements
• Market our products and services to you
• Improve and make enhancements to our website

We carry out this processing using the following lawful bases:

• Consent
• Legitimate interest
• Contractual obligation
• Vital interest
• Performing a public task
• Legal obligation

How we share your personal data

We never share or sell your personal data to another company for commercial gain. We only ever share your personal data with organisations that help us to deliver our services. These organisations are known as our data processors.

We require all data processors to respect the security of your personal data and to treat it in accordance with the law. Data processors are not allowed to use your personal data for their own purposes; we only permit them to process your personal data in accordance with our instructions.

Some of our data processors will store your personal data in the UK. This means that it will be fully protected under the UK GDPR. Some of our data processors will store your personal data within the European Economic Area (the “EEA”), where your personal data will be fully protected under the EU GDPR and/or to equivalent standards by law.

Some of our data processors store your personal data in countries outside of the UK and EEA. In these cases, we take additional steps to ensure that your personal data is treated just as safely and securely as it would be within the UK as follows:

• We will store or transfer personal data in or to countries that are deemed to provide an adequate level of protection for personal data
• We will use standard contractual clauses or specifically approved contracts, or other approved measures

Please contact us for a list of our data processors or for further information about the data protection safeguards used when transferring your personal data to a third country.

How we store and retain your personal data

Records of your personal data and communications are stored securely in our database, shared filing, and e-mail.

By law, we must keep a record of any communications or requests relating to your data protection rights. We retain this information for seven years.

We also need to keep certain records for tax or other legal reasons. Where applicable, this information is retained for seven years.

How your data is kept secure

We implement a wide range of techniques and measures to keep your personal data safe and protected including but not limited to:

• Putting appropriate security measures in place, to prevent your personal data from being accidentally lost, used, altered, disclosed, or accessed in an unauthorised way
• Limiting access to your personal data on a ‘need to know’ only basis
• Ensuring our staff are trusted and trained in data protection compliance and confidentiality
• Following due process to deal with any suspected personal data breach
• Only transferring your data outside of the UK and EEA with the required safeguards and guarantees in place
• Only retaining your personal data for as long as necessary to fulfil the purpose we collected it for

Your data protection rights

We fully support your rights and will always seek to uphold them. At any point you can also contact us to exercise your:

• Right of access – contact us for a copy of the data we hold about you
• Right of rectification – let us know if the data we hold is out of date or inaccurate and we will update it
• Right to erasure – please contact us and we will delete the data we are able to. We may need to retain certain information for legal or taxation purposes
• Right to restrict processing – in certain circumstances you can ask us to restrict our processing
• Right to portability – we will support reasonable requests to transfer your data to another party should you require it
• Right to object to automated decision making and profiling – we do not undertake any form of automated decision making or profiling

When you submit a request to us, we have one month to respond to you. You will not have to pay to exercise your rights unless your request becomes unfounded or excessive.

How to make a complaint

If you are unhappy with the way we have processed your data, please contact us using the details provided. If we ever refuse to uphold your rights, we will explain why.

If this does not resolve your issue to your satisfaction, you have the right to lodge a complaint with the UK’s Supervisory Authority, the Information Commissioner’s Office.

Information Commissioner’s Office

Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Tel: 0303 123 1113
Web: https://ico.org.uk/make-a-complaint/