Privacy Policy

image

Our privacy statement applies to all Motorsport UK Rally UK activities, services, products and platforms

We take our responsibility to look after personal data very seriously and we ensure that respecting privacy is at the heart of all we do.

Like all organisations who collect and use personal data, Motorsport UK Rally UK is subject to the requirements set out in the General Data Protection Regulation (‘GDPR’).

Our privacy statement explains how we collect, use and look after personal data.  Personal data is any information relating to an identified or identifiable living person. The definition of this may be found in the Data Protection Act 2018.

We have robust policies and procedures in place, including a Data Protection Policy and File Retention Schedule. We have also adopted a ‘Privacy by Design’ approach across the organisation and this helps to ensure that we consider the privacy implications of all our projects, IT systems, and day-to-day work. In addition, we have appointed a Data Protection Officer to oversee our approach to data protection and privacy. Ours can be contacted by emailing privacy@motorsportuk.org

 

The Data Protection Principles

At Motorsport UK Rally UK, we are bound by the GDPR which includes six principles that we must apply when collecting and using your personal data. These are:

  • To process your personal data in a manner which is lawful, fair and transparent. This means that when we collect and use your personal information, we must have a lawful basis for doing so, we must consider the rights and interests of the data we collect about you and provide clear information about our use of your data
  • Collecting your data for a specified and legitimate purposes and not used in any ways which are incompatible with those. When we collect your personal data, we must be very clear about why we need it and what we will do with it. If we do collect personal data for one purpose, then rightly, we may not use it for an unconnected purpose.
  • Your personal data we collect must be adequate, relevant and limited to what is necessary for the purposes for which it is. This means we must make sure that we only collect and use personal data that is strictly necessary for our stated purpose or purposes.
  • Personal data must be accurate, and where necessary, kept up to date. We are required to take all reasonable steps to ensure that the personal data held is correct and kept up to date. This means that from time to time, we will review the personal data we hold and may contact you to make sure the personal data we have about you is current
  • Personal data must be kept for no longer than is necessary for the purposes for which it is. In some cases, it may only be necessary for us to be able to directly identify you for a short period of time perhaps if you join us for an event. When we no longer need to be able to identify you, we will anonymise your personal data and consequently, it will no longer be personal data.
  • Personal data must be used in a manner that ensures appropriate security of the data. This means that our policies, procedures, systems and working practices must ensure you’re your personal data is kept secure at all times.

 

The lawful basis for collecting and storing your Information

At Motorsport UK Rally UK, we collect, use and are responsible for certain personal data about you. The data we collect is strictly regulated by law and we take full responsibility as ‘controller’ of that personal data.

There are six bases for processing personal data that we abide by:

  • We will always seek your consent when you have explicitly told us that we may collect and use your personal data – for example by asking us to add you to one of our mailing lists.
  • When we need to collect and use personal data to enter into or perform a contract – for example if you receive funding.
  • When we need to collect and use personal data to carry out our legal duties – for example to respond to a request for information under the Freedom of Information Act.
  • When we need to collect and use personal data to protect your vital interests or the vital interests of another person – for example by contacting the relevant authorities if we believe an individual is likely to come to immediate harm.
  • When we need to collect and use personal data to carry out one of our official tasks, or a task that is in the public interest – for example when we carry out surveys about sports participation
  • When we need to collect and use personal data to pursue the legitimate interests of Motorsport UK Rally UK, or a third party, unless doing so would interfere with your rights and freedoms – for example, when we are dealing with complaints about an organisation we have funded.

Our lawful basis for collecting and using personal data varies depending on why we have collected it and what we will do with it.

Whenever Motorsport UK Rally UK collects personal data directly from you, we aim to set out our reasons for doing so as clearly as we can using pop-up messages, or links to the information you need. If we receive personal data about you from a third party, we will use reasonable efforts to identify the reasons why and to inform you of this where it is possible and practical for us to do so.

 

Why we need to collect personal data

Motorsport UK Rally UK collects and uses personal data for a variety of purposes including:

  • Staff selection and recruitment.
  • Licence application submissions and assessment.
  • Medical submissions for licence and competition applications.
  • Grant monitoring and evaluation.
  • Responding to correspondence from members.
  • Managing requests to be added to a Motorsport UK Rally UK mailing list.
  • Complying with regulatory and financial requirements including any other regulatory body connected to Motorsport.
  • Promoting and encouraging participation in sport and physical.

When we collect personal data directly from you, we will provide specific and detailed information about why we need to do so.

 

About your personal data we collect and use

Motorsport UK Rally UK collects a range of personal data including:

  • Names and contact details (including postal and email addresses and telephone numbers).
  • Biographical information such as participation in sport, membership of sports clubs and interest in, or
  • Data recorded by our website which allows us to recognise you and your preferred settings.
  • Information about ethnicity, sexual orientation, health related data or other special category personal data where it is necessary and relevant for a specific purpose.
  • Photographs, including for publicity or promotional.

When we collect and use personal data directly from you, we aim to provide specific and detailed information about the categories of personal data involved.

 

Collecting Personal Data from Children

We take our responsibilities very seriously when it comes to collecting data about minors who wish to participate with any of our interests or activities at Motorsport UK Rally UK. We will only collect data from children aged 17 or under where the child is an applicant for a Competition Licence, and which is signed by the applicant’s Parent of Guardian. In these instances, the only information recorded by Motorsport UK Rally UK is the child’s name and date of birth and a record of any medical conditions listed under the medical self-declaration.

If the child does have a medical condition, we will ask for details of those medical issues or surgical procedures as well as the name of any medication and/or treatment the child has received or is currently receiving. This information is kept strictly in accordance with our policies below.

 

Collecting Medical Data

We take our data protection responsibilities extremely seriously and even more so when it comes to processing and storing your medical information. In line with the GDPR and the Caldicott Medical principles, we will always store and process your information with your confidentiality in mind.

 

Only where required to enable us to grant you a license or to ensure that we meet your safety needs on track or at events.

With every single proposed use or transfer of your patient identifiable information within or from an organisation will be clearly defined and scrutinised and continuing uses regularly reviewed, by our appropriate Caldicott guardian here at Motorsport UK Rally UK.

 

We will never use your patient identifiable information unless it is absolutely necessary

Your patient identifiable information will never be included unless it is essential for the specified purpose in above. The need for you to be identified at any time to ensure that your safety needs are met on a track day or at an event, are paramount and the safe sharing of information will always be considered in satisfying this purpose.

 

We will always use the minimum necessary patient-identifiable information

Where use of your patient identifiable information is considered to be essential, the inclusion of each individual item of information relevant to you will be considered and justified so that the minimum amount of identifiable information is transferred or accessible as is necessary to enable us to make a decision on your licence and in relation to your safety needs whilst at an event or on track.

 

Access to your patient identifiable information will only ever be on a strict need-to-know basis

Only those individuals who need access to your patient identifiable information should have access to it, and they should only have access to the information items that they need to see. This means we have introduced access controls where we might need to share your information for the purposes we mention above.

 

Everyone with access to your patient identifiable information should be aware of their responsibilities

We train our staff whether they are medical or not, so we are fully able to handle your patient identifiable information and ensure above all that they are made fully aware of their responsibilities and obligations to respect your patient confidentiality.

 

We will always comply with the law

We abide by the law when protecting your patient identifiable information. Importantly, we appoint someone specifically at Motorsport UK Rally UK to handle your patient information and they are responsible for ensuring that we comply with our legal requirements.

 

Our duty to share information can be as important as the duty to protect your patient confidentiality

Our designated team will only share your information with medical professionals for your safety and always ever in your best interests. We have policies to support our staff in doing so without breaching our integrity.

 

How We Share Personal Data

Relevant Motorsport UK Rally UK colleagues, suppliers and subcontractors will have access to your personal data for the purpose(s) it was collected for. When suppliers and subcontractors have access to your personal data, Motorsport UK Rally UK will still be responsible for decisions about how your personal data is used.

In some cases, where there is a lawful reason for us to do so we may share personal data with third parties such as the Department for Digital Culture Media Sport, external auditors, the Information Commissioner’s Office, the Parliamentary and Health Service Ombudsman or other trusted partners, including NGBs and funded organisations. Where possible and practical to do so, we will tell you if your personal data will be shared, and the third parties the data be shared with, at the time we collect your personal data.

If we are required by law to disclose personal data we will do so, in keeping with our obligations.

We do not routinely transfer personal data outside to any third countries outside the European Economic Area (or ‘EEA’). However, if you have asked us to send you one of our newsletters, we use a third party to administer the mailouts. This third party is currently based in the USA.

Motorsport UK Rally UK never sells personal data to third parties for any purpose, and we do not collect or compile personal data for dissemination to third parties for marketing purposes.

 

How We Look after your Personal Data

We have a number of ICT and Information Governance procedures in place which set out the technical and organisational measures we take when collecting and using personal data. If you would like to find out more about these policies and procedures, please contact our Data Protection Officer.

Personal data is held securely within Sport England’s IT environment, or in our trusted third-party hosting providers’ secure systems. Where personal data is held on third party hosting providers’ secure systems it is stored according to our instructions and in accordance with the contracts we have in place.

 

How long we keep your personal data

All the personal data that we collect, and hold is kept in accordance with our File Retention Schedule. This Schedule is guided by the legislative and regulatory frameworks we are subject to and helps us to ensure that we do not keep personal data for longer than is necessary for the purpose(s) it was collected for.

The GDPR gives individuals a number of rights in relation to any personal data an organisation holds about them and it is Sport England’s policy to make it as easy as possible for people to exercise these rights.

 

Subject access

Under GDPR all individuals are entitled to be told what personal data an organisation holds about them, and to receive copies of that information, free of charge, within one month.

You  can  make  a  subject  access  request  to  Motorsport  UK  Rally UK by  contacting  our  Information Governance Manager at privacy@motorsportuk.org.

 

Rectification and erasure

If you believe that we are holding inaccurate information about you, you are entitled to ask us to rectify that data. In addition, if you believe that Motorsport UK Rally UK no longer has a lawful basis to use your personal data, you can ask us to delete it.

The right to rectification and erasure is not absolute, but we will consider any requests carefully and comply with such requests where it is appropriate for us to do so. You can ask to have your personal data rectified or erased by contacting the Information Governance Manager.

 

Withdrawing consent

If our lawful basis for collecting and using your personal data was consent, then you are entitled to withdraw that consent at any time. You do not need to give a reason for withdrawing your consent and we are required to comply promptly. You can inform us that you wish to withdraw consent by contacting the information Governance Manager.

 

Complaints

If you are in any way dissatisfied with the way we have handled your personal data, Motorsport UK Rally UK provides a Complaints Procedure. In addition, regardless of whether you make a complaint under our Procedure you are entitled to lodge a complaint about our data handling practices with the Information Commissioner by writing to:

 

The Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

https://ico.org.uk/

 

Updating our Privacy Policy

We keep our approach to privacy under close review, and this means we may update our Privacy Statement from time to time. Updates to the Privacy Statement are published on our website.

Latest News

Our partners

image
image
image

Technical

image
image
image