1.1 The National Heritage Centre for Horseracing and Sporting Art (“we” or “us”) are a data controller of the personal information we receive from or collect about you. We are registered as a data controller with the Information Commissioner’s Office and our registration number is Z2432787.
1.2 We are committed to protecting the privacy and security of your personal information.
1.3 This privacy notice describes how we collect and use personal information about you during and after your relationship with us.
2. The Kind of Information We Hold About You
Via our website:
2.1 We will collect your personal contact details such as name, title, address, telephone number(s) and email address. You may give us information about you by filling in forms on our site www.palacehousenewmarket.co.uk (our website) or by corresponding with us by phone, e-mail or otherwise. This includes information you provide when you make a donation, leave a legacy, express an interest in volunteering, participate in discussion boards or other social media functions on our website, enter a competition, promotion or survey, report a problem with our website, place an order in our online shop or fill in a membership form. The information you give us may include your name, address, e-mail address and phone number, financial and credit card information and personal description.
2.2 With regard to each of your visits to our site we may automatically collect the following information; technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform.
2.3 Information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our website (including date and time); products you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call our customer service number.
2.4 We may also collect some information about you as you use our website (including your IP address), as described further in the ‘Cookies’ section below.
Visiting the Venue:
2.5 We may record CCTV footage of you when you visit us.
2.6 We will collect your personal contact details such as name, title, address, telephone number(s) and email address whilst administering Gift Aid donations, including admissions.
3. How is Your Personal Information Collected?
3.1 We collect personal information about you when event tickets, shop products or general admission tickets are purchased from us, either using our website or by phone or in person. We may collect further information from you if you otherwise correspond with us by phone or email.
3.2 If you purchase tickets at the site, we will collect personal information from you as part of that purchase process for our annual passes and for the administration of Gift Aid but otherwise the only details that you provide would be your credit or debit card information which is provided directly to the payment services provider and is not collected or stored by us.
3.3 We may also collect your name and email address if you register to use the free wi-fi network at the site.
3.4 Please note that our website may, from time to time, contain links to and from the websites of advertisers and other partner organisations. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
3.6 You can set your browser not to accept cookies and the above websites tell you how to remove cookies from your browser. However, in a few cases some of our website features may not function as a result.
3.7 We use different types of Cookies:
(a) First party cookies: First party cookies are set by our website and can only be read by us and our web developer.
(b) Third party cookies: Third party cookies are set by a different organisation. For example, we use a third party analytics company e.g. Google, who set their own cookies to perform this service. Our website may also contain content embedded from other sites for example YouTube, Flickr or Facebook, which each set their own cookies. On occasion we use a third party advertising network to deliver targeted advertising to you based on the content you have viewed on our site. These may also have the capability to track your browsing across different sites.
(c) Session cookies: Session Cookies are stored temporarily during a browsing session and are deleted from your device when the browser is closed.
(d) Persistent cookies: This type of cookie is saved on your computer for a fixed period (usually a year or longer) and is not deleted when the browser is closed. Persistent cookies are used where we need to know who you are for more than one browsing session. For example, this type of cookie is used to store your preferences or details e.g. your email address that you may have entered in a form, so that they are remembered for your next visit.
(e) Flash cookies: On occasion we may use Adobe Flash Player to display video content to users. Adobe utilise their own cookies, which are not manageable through your browser settings but are used by the Flash Player for similar purposes, such as storing preferences or tracking users. Flash Cookies work in a different way to web browser cookies (the cookie types listed above are all set via your browser); rather than having individual cookies for particular jobs, a website is restricted to storing all data in one cookie.
You can control how much data can be stored in that cookie but you cannot choose what type of information is allowed to be stored.
4. How We Will Use Information About You
4.1 We will collect,store, use and share information about you in order to administer our relationship with you as our customer, or volunteer, and to manage our business more generally.
Information you provide to us
4.2 We will use this information to perform the contract we have entered into with you – i.e. to contact you (including as necessary to send you tickets you have booked through us) and to verify your identity when you visit the site.
4.3 We may also use this information in other ways when it is in our legitimate interests to do so – i.e. so we can respond to your enquiries or to process your requests in relation to your information or to manage our volunteer programme. Where we don’t need (under applicable data protection law) to gain your express consent to send you marketing materials or other information about our site or events, we reserve the right to do so again in order to achieve our legitimate interests.
4.4 We may also process the personal information that you provide to us in order to comply with our legal obligations, where we need to protect your interests (or someone else’s interests) or where it is needed in the public interest.
4.5 We may (in circumstances where we do not have another legal basis on which to do so) ask you to consent to us processing your information – e.g. when sending you marketing materials from time to time. If we do so, we will provide you with details of the information that we would like and the reason(s) we need it, so that you can consider whether you wish to consent. As we will explain at the time we collect any such consent, you have the right to withdraw the consent you have provided at any time.
4.6 If you fail to provide certain information when requested, we may not be able to perform the contract we have entered into with you (such as selling you tickets), or we may be prevented from complying with our legal obligations. If you withdraw your consent to us processing your personal information (where consent has been provided), that might also have an impact on our ability to permit you to visit our site.
4.7 Please note that we may process your personal information without your knowledge or consent where this is required or permitted by law.
Information we collect from you
4.8 As described above, we may collect certain information from you when you use our site. We will use this to ensure that content from our site is presented in the most effective manner for you and for your computer, making the site easier for you to use and providing you with access to all parts of the site.
4.9 We also use this information to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you.
4.10 We do not envisage that any decisions will be taken about you using automated means. We will notify you in writing if this position changes.
5. Data Sharing
5.1 We will share your personal information with third parties where required by law, where it is necessary to administer the working relationship with you or where we have another legitimate interest in doing so.
5.2 “Third parties” includes third-party service providers (including contractors and designated agents), and other entities within our group. The following activities are carried out by third-party service providers: administering payments made over the website and assisting with our marketing campaigns, including the sending of email communications.
5.3 Our third-party service providers and other entities in the group are required to take appropriate security measures to protect your personal information in line with our policies.
We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.
5.4 We may share your personal information with other entities in our group, for example as part of our regular reporting activities on company performance and business planning, for system maintenance support and for hosting of data.
5.5 We may share your personal information with other third parties, for example if our business or assets are acquired by another company. We may also need to share your personal information with a regulator or otherwise to comply with the law.
5.6 We may transfer personal information about you outside of the European Economic Area (EEA). To ensure that your personal information receives an adequate level of protection we will put in place appropriate measures to ensure that your personal information is treated by those third parties in a way that is consistent with and which respects the EU and UK laws on data protection.
5.7 For the exclusion of doubt, we will not pass on or sell your data to a Third-party for any other purpose unless required to do so by law as outlined above.
6. Data Security
6.1 We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we aim to limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know.
7. Data Retention
7.1 We will only retain your personal information for as long as we consider it necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, the applicable legal requirements and other factors that we consider relevant.
7.2 We retain CCTV footage for a period of one month.
7.3 In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.
8. Your Rights in Connection with Personal Information
8.1 Under certain circumstances and subject to certain conditions, by law you have the right to:
• Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you.
• Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
• Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
• Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
• Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
• Request the transfer of your personal information to another party.
8.2 You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
8.3 We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
8.4 In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing. To withdraw your consent, please contact us using the contact details at the top of this privacy notice. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
9.1 If you are unhappy about our use of your data and wish to raise this with the organisation, you can contact our Data Protection Officer who is: Derek Lewis by emailing: firstname.lastname@example.org
9.2 If having raised a matter with our data Protection Manager, you are unsatisfied with our response to any data protection issues you raise with us, you have the right to make a complaint to the Information Commissioner’s Office (ICO). The ICO is the authority in the UK which is tasked with the protection of personal data and privacy.
10. Changes to this Privacy Notice
10.1 We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about