Threshold Sports Limited (“Threshold Sports”, “Threshold”, “us”, “we”, “our”)

Last updated on 22nd April 2024.

Our commitment to care doesn’t stop with our events. We care about your personal data and ensuring you’re informed about how we use it. As data controller, protecting the confidentiality and integrity of personal data is a critical responsibility that Threshold takes seriously at all times. The processing of personal data shall always be in line with the UK General Data Protection Regulation (the “UK GDPR”), the Data Protection Act 2018 and in accordance with country-specific data protection regulations applicable to Threshold Sports. Threshold promises to protect your data, and to manage any information you share with us in full compliance with all applicable data protection laws.

This Privacy Policy will inform you as to the nature, scope and purpose of the personal data we collect, use, process and store, and our legal basis for this when you visit us at the below websites, regardless of where you visit them from, and will tell you about your privacy rights and how the law protects you:

It is important that you read this Privacy Policy together with any other privacy notice or fair processing notice we may provide from time to time when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This Privacy Policy supplements the other notices and is not intended to override them.

TYPES OF PERSONAL DATA WE COLLECT

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

We may collect, use, store and transfer different kinds of personal data about you which can include the following:

  • “Identity Data” includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth, photographs, vehicle registration number(s), bib/race number, age, gender, qualifications, professional membership details and insurance details, your event history (if you have taken part in our Events before)
  • “Contact Data” includes billing address, residential address, delivery address, email address, social media handles and telephone numbers.
  • “Financial Data” includes bank account and payment card details.
  • “Transaction Data” includes details about payments to and from you and other details of products and services you have purchased from us.
  • “Technical Data” includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, full ‘Uniform Resource Locators clickstream to, through and from the Sites (including date and time) and other technology on the devices you use to access the Sites.
  • “Profile Data” includes your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses, performance, results and times at our events, products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, mouse-overs and methods used to browse away from the page).
  • “Usage Data” includes information about how you use the Sites, products and services.
  • “Marketing and Communications Data” includes your preferences in receiving marketing from us and our third parties and your communication preferences.

We also collect, use and share “Aggregated Data” such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data by law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific Site feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Privacy Policy.

Additionally, we may also collect personal data that includes “Sensitive” or “Special Categories” of personal data (also known as “Special Category Data”), such as dietary requirements, details about your race or ethnicity, information about your health, genetic and biometric data and certain medical and health information (including whether or not you are a wheelchair user) and where required to ensure a safe environment and adherence to government instructions and guidelines.

In circumstances where we need to collect personal data by law or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract which we have or which we are trying to enter into with you. In such a case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.

On rare occasions we may collect and process the personal data of children below the age of 13 for the purposes of administering the following areas of our business, in which case we will always ensure that consent is given or authorised by the holder of parental responsibility over that child: (i) events in which children may participate (we require the child’s details in order for them to participate), (ii) to televise, film and/or otherwise record our events and to take photographs and record footage of our events, and (iii) to facilitate and publish the results of our events.

HOW WE COLLECT YOUR PERSONAL DATA

Potentially, we receive your personal data from different direct and indirect sources:

  • Direct interactions: you may provide us with your Identity Data, Contact Data and Financial Data by filling in forms, attending our premises or events (including upon the unlikely occurrence of an incident at an event) or by corresponding with us by post, phone, email or otherwise, for example when you (i) apply for our products or services, (ii) create an account on a Site, (iii) subscribe to our services or publications, including newsletters and the like, (iv) request marketing to be sent to you, (v) apply to participate in, volunteer in some capacity at or apply to provide casual labour at one of our Events, (vi) enter a competition, promotion or survey, or (vii) provide us with feedback.
  • Automated technologies or interactions: upon interaction with the Sites, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. We may also receive Technical Data about you if you visit other websites. Cookies and similar tracking technologies are used to enhance your user experience and to gather information about your interactions with our website. You can set your browser to refuse all or some cookies, or to alert you when websites set or access cookies, however please note that if you disable or refuse cookies, some parts of the Sites may become inaccessible or their functionality affected. For more information about the cookies we use, please see our Cookie Policy.
  • Third parties or publicly available sources: we may receive personal data about you from various third parties and public sources such as analytics providers, advertising networks, technical, payment and delivery services, data brokers or aggregators and publicly availably sources such as Companies House and the Electoral Register based inside the UK.

HOW WE USE PERSONAL DATA AND THE LEGAL BASIS ON WHICH WE COLLECT IT

The reasons for using your personal data may differ depending upon the purpose of the collection, however personal data will be collected only for specified, explicit and legitimate reasons in strict compliance with our legal obligations. On a general level, we will use your personal data for the following purposes and on the following legal grounds:

  • where we need to perform the contract we are about to enter into or have entered into with you;
  • where it is necessary for our legitimate interests (or those of a third party), except where your interests and fundamental rights may override those interests; or
  • where we need to comply with our legal or regulatory obligations.

Unless otherwise provided for in this Privacy Policy or if you are under the age of 13, we do not generally rely on consent as a legal basis for processing your personal data other than in relation to such things as sending third party direct marketing communications to you via email or text message. Where we ask for your consent, you are free to deny that consent and the denial will have no negative consequences for you. You are also free to withdraw your consent at any time with respect to future use.

Please see Annex 1 for a detailed description of the purposes for which we use your personal data and the legal bases we rely on to do so. We have also included in Annex 1 the clear and specific benefits or outcomes constituting our legitimate interests.

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

SHARING YOUR PERSONAL DATA

We may have to disclose your personal data in the manner set out below dependent upon how we use it:

  • Service providers: third party vendors and other providers of services, which include services related to event registration, event organisation, payment processing, hotel groups regarding accommodation, virtual event platforms, flight bookings, marketing and communications campaigns, customer relationship management, digital marketing, medical support, time-keeping, event photography and videography, graphical representation of results, data analysis, publication of race results and IT and system administration, survey providers.
  • Advisors: professional advisors acting as processors or joint controllers, including lawyers, bankers, auditors and insurers based in the UK who provide consultancy, banking, legal, insurance and accounting services
  • Our partners: where you have consented to pass your personal data to our partners, for example by agreeing to receive emails, training tips, offers, or for the purpose of entering into prize draws and competitions. We provide the opportunity at registration, and via your profile, to opt-in to these kinds of communications. You can opt out at any time.
  • Charities and fundraising: Where you have selected to take part on a charity entry and have consented to pass your personal data to our charities, for example by consenting to receive fundraising emails & reminders, training tips, support on your fundraising in relation to the event or other Threshold events & further information about the charitable cause.
  • Third parties in connection with a business transaction: personal data may be disclosed to third parties in connection with a potential sale or transfer of our business or all or part of our assets, or a re-organisation or financing. We may also seek to acquire a new business, with the consequent need for disclosure of personal data in some cases. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this Privacy Policy.
  • Public: results of our events may be disclosed to visitors to those events and on our Sites.

We will always get your express opt-in consent before we share your personal data with any company outside of Threshold for marketing purposes. You can ask us or third parties to stop sending you marketing messages at any time by logging into the Site and checking or unchecking relevant boxes to adjust your marketing preferences or by following the opt-out links on any marketing message sent to you.

Please note that your event registration is conducted by third-party event registration service providers (“Registration Partners”), which will give us access to the registration information after the registration form has been submitted. This Privacy Policy applies only to our processing of your personal data after access has been granted. Our Registration Partners process the payment for our events independently. For this reason, this Privacy Policy does not apply to the payment processing by our Registration Partners, and we encourage you to check the privacy policy of our Registration Partners to learn about its privacy practices.

Further to the above, the Sites may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave the Sites, we encourage you to read the privacy policy of every website you visit.

INTERNATIONAL TRANSFERS

Where we use third parties residing outside of the European Economic Area (EEA) for the purposes of data processing, in order to ensure appropriate safeguards are in place we only select those third parties that exist in a territory deemed compliant with relevant legislation or, with respect to third parties based in the USA, that have certified to the Data Privacy Framework and provide adequate protection.

SAFEGUARDING YOUR DATA

We implement a variety of appropriate security measures to maintain the safety of your data and to prevent it from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a strict duty of confidentiality.

Nonetheless, no security system is guaranteed to be 100% secure and we have therefore put in place robust procedures to deal with any suspected personal data breach. We will notify you and any applicable regulator of a breach where we are legally required to do so and will take steps to investigate the matter thoroughly.

DATA RETENTION

We will only store and retain your personal data for as long as necessary to fulfil the purposes for which we collected it, in accordance with our legal obligations and legitimate business interests. When personal data is no longer needed for specified purposes, it will be deleted or anonymised.

Details of retention periods for different aspects of your personal data are set out in the table in Annex 1. For the avoidance of doubt, please be aware that where we use a specific type of personal data for more than one reason and there is a conflict between the retention period for each such use in the table below, the longest retention period shall prevail.

YOUR DATA PROTECTION RIGHTS

Under the UK GDPR, you have rights in relation to your personal data, in particular:

  • right of access: you have the right to ask us for copies of your personal information;
  • right to rectification: you have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete;
  • right to erasure: you have the right to ask us to erase your personal information in certain circumstances;
  • right to restriction of processing: you have the right to ask us to restrict the processing of your personal information in certain circumstances;
  • right to object to processing: you have the right to object to the processing of your personal information in certain circumstances; and
  • right to data portability: you have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.

Ordinarily, you are not required to pay a fee to exercise your rights. However, if your request is clearly unfounded, repetitive or excessive, we may charge a reasonable fee in such circumstances or, alternatively, we may refuse to comply with your request. If you make a request, we have one month to respond to you. Please note that we may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response. Please contact us if you wish to make a request.

CHANGES TO THIS PRIVACY POLICY

This Privacy Policy may change from time to time. For example, we will continue to update it to reflect new legal requirements. Please visit this website page to keep up to date with the changes to our Policy, as updated Privacy Policies will apply to future events.

HOW TO CONTACT US

If you have any questions about this Privacy Policy, concerns regarding the management or use of your personal data, or wish to exercise any of your rights, please feel free to contact us directly:

Threshold Sports Limited
1st Floor Edge House
42 Bond Street
Brighton
East Sussex
BN1 1RD

Phone: (+44) (0)1273093970

Email: info@thresholdsports.co.uk

Data Protection Officer: Penny Welch

Online query form: https://www.thresholdsports.co.uk/your-data

Company number: 6430519

You also have the right to make a complaint at any time to the Information Commissioner’s Office (the “ICO”), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

Annex 1

 

Purpose/Activity Type of data Lawful basis for processing including basis of Legitimate Interest Retention period (not exceeding)
To enable you to apply to participate, or participate, or to organise a team, in any of Our (a) Identity Data
(b) Contact Data
(c) Transaction Data(e) Profile Data
(f) Marketing and Communications Data
(a) Performance of a Contract with you
(b) Necessary for Our Legitimate Interests (We need this data to be able to allow you to participate in Our events and to stage Our events)
Five years from last application to participate
To enable you to apply to participate in Our events if you are under 13 years of age (a) Identity Data
(b) Contact Data
(a) Consent (parental consent either obtained by Us or via a third party)
(b) Necessary for Our Legitimate Interests (to allow minors to participate in Our events.
Five years from last application to participate or until you reach the age of 13, whichever occurs sooner
To enable us to make the following automated decisions:

1. Event entries ballot: All applications for an entry to one of Our events received via one of Our ballots are processed electronically. Each application is uploaded to Our database, and Our database then automatically assigns a hidden, protected reference number;

2.Start times: Start times or wave times at Our events may be dependent upon estimated finishing time. In this case each participant’s personal data is uploaded to Our database and a participant’s starting place/group is selected by automated means.

(a) Identity Data
(b) Contact Data
(c) Profile Data
(a) Performance of a Contract with you
(b) Necessary for Our Legitimate Interests (We need this data to be able to allow you to participate in Our events and to stage Our events)
Five years from last application to participate
To allow the administration of medical attention or treatment either from the event medical staff, St John Ambulance, other medical services providers to the event as contracted by Threshold, or any doctor or hospital, and to provide details (including details of medical treatment) to the Medical Director of the applicable event or others authorised by her/him. (a) Identity Data

(b) Contact Data

(c) Special Category Data

(a) Performance of a Contract with you
(b) Necessary for Our Legitimate Interests (We need this data to be able to allow you to participate in Our events and to stage Our events and to provide and procure the provision of medical assistance and/or medical care in the case of illness, injury or an emergency situation).
Six years from the date of the applicable event
To facilitate and publish the results of Our events through Results / timing services providers to the events as contracted by Threshold (a) Identity Data
(b) Profile Data
(a) Necessary for Our Legitimate Interests (We need the ability to publish and store the results, rank individuals, challenge results after the specific event and keep a historic log of this data all for the purpose of staging the event(s) and for archival and historic research. This also allows participants to rank themselves against other participants) In perpetuity
For event logistics and operational purposes (including emergency service access routes, personal care plans, safety and security and public access routes) (a) Identity Data
(b) Contact Data
(a) Necessary for Our Legitimate Interests (for ensuring that the event logistics are in place and safety and security is maintained to ensure successful staging of Our events)
(b) Necessary to Comply with a Legal or Regulatory Obligation (safety and security and insurance)
Three years from the event to which the data relates
To enable you to access and/or remain in Our premises or events or ensuring the safety of you and others with the aim of:
(a) creating a safe environment (including observing protocols around limiting the number of visitors and staff within Our spaces, and other measures which have the aim of keeping people safe;
(b) adhering to the most up-to-date government instructions and guidelines; and
(c) maintaining and monitoring facilities for health and safety purposes
(a) Identity Data
(b) Contact Data
(c) Special Category Data
(a) Necessary to Comply with a Legal or Regulatory Obligation
(b) Necessary for Our Legitimate Interests (to keep Our records updated and to keep people and premises safe)
For as long as necessary to fulfil the purposes We collected it for, including for the purposes of satisfying any legal requirements
To enable you to be contacted by a charity who you may be fundraising for or wish to hear from, and to enable a fundraising platform to collect your funds associated with our Event, or to enable a partner, sponsor or third party to contact you after you have given your consent

 

(a) Identity Data
(b) Contact Data
(c) Marketing and Communications Data
(a) Performance of a Contract with you

(b) Necessary for Our Legitimate Interests (to develop Our products/services and grow Our business and to provide you with the opportunity to hear about subjects of interest to you

Five years from the collection of data, accessing your account, or from your last interaction with us (such as interacting with email communications)
To form a view on what We think you may want or need, or what may be of interest to you. This is how We decide which products, services and offers may be relevant for you (marketing). You will receive marketing communications from Us if you have requested information from Us or purchased goods or services from Us or if you provided Us with your details when you entered a competition or registered for a promotion and, in each case, you have not opted out of receiving that marketing. (a) Identity Data
(b) Contact Data(d) Usage Data

(e) Profile Data

(a) Performance of a Contract with you
(b) Necessary to Comply with a Legal or Regulatory Obligation
(c) Necessary for Our Legitimate Interests (to keep Our records updated and to study how customers use Our products/services)
Five years from the collection of data, accessing your account, or from your last interaction with us (such as interacting with email communications)
To enable you to partake in a prize draw, competition or complete a survey (a) Identity Data
(b) Contact Data
(c) Profile Data
(d) Usage Data
(e) Marketing and Communications Data
(a) Performance of a Contract with you
(b) Necessary for Our Legitimate Interests (to study how customers use Our products/services, to develop them and grow Our business)
Three years from prize draw, competition or survey
To make suggestions and recommendations to you about goods or services that may be of interest to you (including where you have applied via the ballot for a place at one of Our events or where your image is captured by our official photographer at one of Our events) (a) Identity Data
(b) Contact Data
(c) Technical Data
(d) Usage Data
(e) Profile Data
(a) Necessary for Our Legitimate Interests (to develop Our products/services and grow Our business and to provide you with the opportunity to purchase goods that commemorate your participation in one of Our events (such as an official photograph)) Three years from last unsuccessful ballot application or three years from last participation in one of Our events, whichever is later
To televise, film, photograph and/or otherwise record Our events (a) Identity Data (a) Necessary for Our Legitimate Interests (We need the ability to publish, display, sell and distribute Our events by means of film, television, radio, print media, internet, publicity material or any other media now or in the future) In perpetuity
To enable you to volunteer at Our events (a) Identity Data
(b) Contact Data
(c) Profile Data
(d) Marketing and Communications Data
(a) Performance of a Contract with you
(b) Necessary for Our Legitimate Interests (We need this data to be able to allow you to participate in Our events as a volunteer)
(c) Necessary to Comply with a Legal or Regulatory Obligation (including security and safety at Our events and for tax purposes)
Three years since your last application to volunteer, accessing your account, or from your last interaction with us (such as interacting with email communications)
To enable you to provide your services on a casual labour basis to Us (a) Identity Data
(b) Contact Data
(c) Financial Data
(d) Transaction Data
(e) Profile Data
(f) Marketing and Communications Data
(a) Performance of a Contract with you
(b) Necessary for Our Legitimate Interests (We need this data to be able to contact you about becoming a service provider to Our event(s))
(c) Necessary to Comply with a Legal or Regulatory Obligation (including security and safety at Our events and tax purposes)
Seven years since you applied for your last role
To enable you to be included on Our media lists (a) Identity Data
(b) Contact Data
(c) Marketing and Communications Data
Necessary for Our Legitimate Interests (We need this data to be able to enable Our events to be covered in the media) Three years
To enable you to be a partner, sponsor or supplier or potential partner, sponsor or supplier of or to Us or Our events (a) Identity Data
(b) Contact Data
(c) Financial Data
(d) Transaction Data
(e) Marketing and Communications Data
(a) Performance of a Contract with you (as Our partner, sponsor or supplier)
(b) Necessary for Our Legitimate Interests (We need this data to be able to contact you about becoming a partner, sponsor or supplier to allow you to become officially associated with Us or Our event(s))
(c) Necessary to Comply with a Legal or Regulatory Obligation (including for tax purposes)
Six years after the end of any contract (if any) or six years from the last correspondence about being a potential partner, sponsor or supplier
To enable you to be a medical professional including doctor, podiatrist and physiotherapist at one of Our events (a) Identity Data
(b) Contact Data
(c) Marketing and Communications Data
(a) Performance of a Contract with you
(b) Necessary for Our Legitimate Interests (We need this data to be able to allow you to provide your services at Our events, to ensure that you are adequately qualified and to ensure that We have the requisite number of medical professionals at Our events)
(c) Necessary to Comply with a Legal or Regulatory Obligation (including for tax and insurance purposes)
Six years from the date of the last event you assisted with
To register you as a new customer (not otherwise dealt with in this table) (a) Identity Data
(b) Contact Data
(a) Performance of a Contract with you
(b) Necessary for Our Legitimate Interests (to provide you with customer services)
Five years from last registration as a customer or last interaction with Us as a customer, whichever is later
To process and deliver your order including:
(a) Managing payments, fees and charges; and
(b) Collecting and recover money owed to Us
(a) Identity Data
(b) Contact Data
(c) Financial Data
(d) Transaction Data
(e) Marketing and Communications Data
(a) Performance of a Contract with you
(b) Necessary for Our Legitimate Interests (to recover debts due to Us)
(c) Necessary to Comply with a Legal or Regulatory Obligation (including for tax and consumer protection purposes)
Six years from order completion
To manage Our relationship with you which will include:
(a) Notifying you about changes to Our terms or Privacy Policy
(b) Asking you to leave a review or take a survey; and
(c) dealing with any complaints and responding to feedback
(a) Identity Data
(b) Contact Data
(c) Profile Data
(d) Marketing and Communications Data
(a) Performance of a Contract with you
(b) Necessary to Comply with a Legal or Regulatory Obligation
(c) Necessary for Our Legitimate Interests (to keep Our records updated and to study how customers use Our products/services)
Six years from last correspondence
To administer and protect Our business and the Sites (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) (a) Identity Data
(b) Contact Data
(c) Technical Data
(a) Necessary for Our Legitimate Interests (for running Our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)
(b) Necessary to Comply with a Legal or Regulatory Obligation
Three years from collection of data
To deliver relevant Site content and advertisements to you and measure or understand the effectiveness of the advertising We serve to you (a) Identity Data
(b) Contact Data
(c) Profile Data
(d) Usage Data
(e) Marketing and Communications Data
(f) Technical Data
(a) Necessary for Our Legitimate Interests (to study how customers use Our products/services, to develop them, to grow Our business and to inform Our marketing strategy) Five years from the collection of data, accessing your account, or from your last interaction with us (such as interacting with email communications)
To use data analytics to improve the Site and Our products/services, marketing, customer relationships and experiences (a) Technical Data
(b) Usage Data
(a) Necessary for Our Legitimate Interests (to define types of customers for Our products and services, to keep the Site updated and relevant, to develop Our business and to inform Our marketing strategy) Three years from collection of data
Companies we've worked with
Charities we've worked with