Tour de Forth Charities – Privacy Policy

Tour de Forth has been created to encourage cycling in Scotland and raise money for charity. Our registered charity number is: SCO45762 whose registered office is: Tour de Forth, Caledonian Exchange, 19A Canning Street, Edinburgh, EH3 8HE.

Please scroll down to see the details of our Privacy Policy:

1. Our Data Promise to you

2. What personal data do we collect?

3. How we use your information

4. Do we Process ‘Sensitive’ Personal Data?

5. How do we keep it secure?

6. How do we collect and use your Personal Data?

7. Do we share that data with any other companies?

8. How do we handle direct debit and/or credit card information?

9. How long do we keep your Personal Data?

10. How can I opt out of marketing?

11. Leaving our website and moving on to third party websites

12. Cookies and how we use them

13. What are your rights

14. Logging in using social networking

15. Questions regarding this Privacy Policy

16. Changes to this Privacy Policy

Our Data Promise to you

Tour de Forth Charity is absolutely committed to respecting and protecting your data whilst it is in our care. We have strict policies and procedures in place to protect your data and abide by the requirements of the Information Commissioner’s Office, the regulator of the General Data Protection Regulations and the Privacy and Electronic Communications (EC Directive) Regulations 2003.

Tour de Forth processing of your Personal Data as described in this policy is allowed by one or more lawful grounds including:

• With your consent. For example, we only use your information to send you marketing communications by email or text with your consent. We also may ask for your explicit consent if you share sensitive personal information with us.

• To perform our contractual obligations to you. For example if you are a party or to take steps at your request prior to entering a contract. We may rely on this basis where you apply to work for us.

• To comply with our legal obligations. For example, we may rely on this basis where we are obliged to share your personal information with a regulator or HMRC.

• To pursue our legitimate interests. Where the processing is reasonably necessary for the purpose of a legitimate interest pursued by us or a third party and your privacy rights do not override the legitimate interest. Our “legitimate interests” include pursuing the aims and ideals of Tour de Forth through our work and fundraising through direct marketing campaigns and special events. However, “legitimate interests” can also include your interests, such as when you have requested information from us, and those of third parties, such as our beneficiaries.

What personal data do we collect?

Depending on your activity (i.e. if you are volunteering; applying for a grant or donating) the information we collect from you directly or from third parties whom we work with, may include:

• Name

• Email address

• Postal address

• Telephone number

• Contact preference

• Emergency contact name and telephone number

• Estimated time to complete the sportive

• Credit card details for processing a payment

• Date of birth

• Gender, where appropriate

• Taxpayer status for Gift Aid

• Letters of support from doctors

• If you are a minor, we may collect the name and contact details of a parent or guardian and, where appropriate the name and location of your school

How we use your information

We will use your information for a number of purposes, including the following:

• To register you in the event

• To call your emergency contact if required

• To process your donations including to Claim Gift Aid (if applicable)

• To tell your story to promote our fundraising and charity aims, if you have agreed

• To send you fundraising packs

• To help us run and fulfil prize draws, competitions, auctions or events

• To reply to any questions, suggestions, issue or complaints you have contacted us about

Do we process ‘Sensitive’ Personal Information?

Under data protection law, certain categories of personal information is clause as sensitive. This includes health information, information regarding race, religious beliefs, and political opinion (‘Sensitive Persons Data’). We only collect this information if there is a clear reason for us doing so, such as in relation to a grant application and this will be made clear on the grant application form.

How do we keep it secure?

Our servers and laptops are protected using HTTP and SSL technology, so whilst your data is in our care we know it’s as secure as it can be. Our staff are trained in data security, and our staff policies and procedures help our staff to understand what is required of them under their obligations to us, and also their responsibilities under the General Data Protection Regulation and other privacy legislation. When we ask another organisation to provide a service for us, we ensure that they have appropriate security measures in place. If we or our service providers transfer any information out of the European Economic Area (EEA), it will only be transferred on the basis of an agreement with the service provider, designed to protect your data in the appropriate form in accordance with data protection laws.

How do we collect and use your Personal Data?

We may collect information about you directly when you interact with us such as collect when you register on one of our websites; make a donation to us via our online fundraising platforms or text donate facilities, or in person at one of our events. Or indirectly when you interact with a third party who we work with, for example using British Cycling to manage sportive entries or where you have made a donation to us through a third-party website (e.g. Just Giving or Virgin Money Giving) and have given them permission to share your information with us.

With regard to each of your visits to our website we may automatically collect technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform; to process personal information for the purposes of customer analysis and direct marketing to help us with our activities and to provide you with the most relevant information.

We are legally required to hold some personal information to fulfil statuary obligations, for example the collection of Gift Aid or to support certain financial transactions. We also hold information about your details so that we can respect your preferences for being contacted by us.

Do we share that data with any other companies?

We do not rent or sell your personal information to other organisations for use by them in their own direct marketing activities.

Except as otherwise stated in this Privacy Policy or in the data collection statements that will always be visible when we collect your information and where we give you the opportunity to select your preferences, we may release your data to external companies such as donation and payment services companies; event organisers when you participate in an event; companies who help us send out our fundraising packs.

Every supplier we use has to go through a rigorous up-front process to ensure that their processes are at least as good as our own, and they are required to sign a contract that defines what their responsibilities and liabilities.

We may disclose your personal information to third parties if we are under a duty to disclose or share your personal data in order to comply with any legal obligation; or in order to enforce or apply our terms of use for our website. This includes exchanging information with other companies and organisations for the purposes of fraud detection and protection.

How do we handle direct debit and/or credit card information?

We ensure that when collecting sensitive information over our website such as debit cards, credit cards or personal information that this done so securely.

We are PCI compliant and use external Payment Card Industry (PCI) compliant providers to collect this data on our behalf. We do not store PCI data on our own systems.

To protect yourself when sending us sensitive information, please ensure that you use devices running supported operating systems that are regularly patched, and incorporate some form of malware protection and you only connect your devices to networks that you trust.

How long do we keep your personal information?

We will retain your Personal Data in accordance with our retention policy and will keep it no longer than reasonably necessary for the purposes for which we hold it, taking into account relevant legal, regulatory, tax and accounting requirements. Where personal data is no longer required we will ensure it is either securely deleted or stored in a way which means it will no longer be used by us on a day to day basis.

How can I opt out of Marketing?

Email

If you receive a marketing email from one of our brands, you will have the option to “opt-out” by clicking on the unsubscribe link provided at the bottom of each and every message we send you.

SMS

If you receive a marketing SMS text, please text “STOP” to any message received.

Phone

If you receive a marketing call from Tour de Forth, please let the call operator know you do not wish to receive any further calls.

If you have indicated that you do not wish to be contacted for marketing purposes we will maintain your details in a suppression list to ensure that we do not contact you again for marketing purposes. However, we may still need to contact you for administrative purposes, such as:

• Processing a donation you have made and any related Gift Aid.

• Providing you with information you need to relation to an event you have registered for.

Leaving our website and moving on to third party websites

When you click on advertisements or links on any of our sites, you will leave that site and go to a third party site, which is outside of our control. When we place an advertisement on one of our sites, it does not signify that we are endorsing that advertiser’s product or service. We do not accept responsibility for content, have no control over and our Privacy Policy does not apply to these companies, sites or content and if such third party sites collect Personal Data, we cannot control how this data is processed, stored or used. We advise that you read their data collection statements, which accompany any registration and their Privacy Policies before you submit your personal information.

Cookies and how we use them

“Cookies” are small pieces of information that a website sends to your computer’s hard drive while you are viewing a website. We use cookies for a number of reasons:

• To provide you with a more personal and interactive experience on our sites.

• For statistical purposes to track how many users we have and how often they visit our websites.

• We use organisations to collect anonymous user information so they can analyse how the website is being used and the number of visitors.

• We may use ‘Flash’ cookies to store your preference for your media player. If we do not use them, it may not be possible for you to watch some video content.

You have the ability to accept or decline cookies, but please be aware that for some parts of our sites to work, you will need to accept cookies. For more information please visit www.allaboutcookies.org and/or www.youronlinechoices.com.

Logging in using social networking

If you login to our sites using a Facebook login or a Google login, you are granting permission to Facebook and/or Google to share your user details with Tour de Forth. This will include your name, email address, date of birth and location which will then be used to form a Tour de Forth identity. This will also allow Tour de Forth and Facebook and/or Google to share your networks, user ID and any other information you choose to share according to your Facebook and/or Google account settings. If you remove the Tour de Forth app from your Facebook and or Google settings, we will no longer have access to this information.

What are your rights?

Under GDPR, you have a number of rights, which are aimed at giving you control about how your personal data is used by us.

Access your personal data

You have the right to see what information we hold about you and the purposes for which we are using it. This is known as a Subject Access Request. In responding to such a request, we may ask for proof of your identity, to ensure that we do not send you personal data to another person. We will respond to any requests as soon as possible, but at least within 30 days.

Please email info@tourdeforth.com to make a Subject Access Request

Amend your personal data

You may ask us to make any changes that you consider necessary to make the information accurate, please let us know and we will rectify this as soon as possible. Please write to or email:

info@tourdeforth.com

Tour de Forth

Caledonian Exchange

19A Canning Street

Edinburgh

EH3 8HE

We will require that you satisfactorily identify yourself to demonstrate your entitlement to view this data.

Delete your personal data

If you wish for your personal data to be deleted we will review any request on a case-by-case basis. We will respond to you as soon as possible, at least within 30 days of receiving your request.

Where we rely on legitimate interests to obtain and use your personal data then you have the right to object if you believe your fundamental rights and freedoms outweigh our legitimate interests.

Where processing is carried out based upon your consent, you have the right to withdraw this consent.

If you want to apply to see the data we hold about you, please email or write to: info@tourdeforth.com or Tour de Forth, Caledonian Exchange, 19A Canning Street, Edinburgh, EH3 8HE. We may require that you satisfactorily identify yourself to demonstrate your entitlement to view this data.

Questions regarding this Privacy Policy

If you have comments or questions related to this Privacy Policy please email info@tourdeforth.com and we will respond as promptly and as fully as we can.

Complaints will be dealt with by the Data Protection Officer and will be responded to within 30 days. If you are not satisfied with the response you should refer your complaint to the ICO https://ico.org.uk/concerns/

Changes to this Privacy Policy

This Privacy Policy will be amended from time-to-time if we make any important changes in the way that we collect, store and use personal data. We may notify you by sending an email to your last known email address or writing to your last known postal address to direct you to the Privacy Policy if the changes are material. Our dispatch of a communication to you will, in any event, constitute notification. Any changes will be effective immediately.

This Privacy Policy was last revised in October 2019.