Threshold Sports Limited (“Threshold Sports”, “Threshold”, “us”, “we”, “our”)
Last updated on 22nd April 2024.
Our commitment to care doesn’t stop with our events. We care about your personal data and ensuring you’re informed about how we use it. As data controller, protecting the confidentiality and integrity of personal data is a critical responsibility that Threshold takes seriously at all times. The processing of personal data shall always be in line with the UK General Data Protection Regulation (the “UK GDPR”), the Data Protection Act 2018 and in accordance with country-specific data protection regulations applicable to Threshold Sports. Threshold promises to protect your data, and to manage any information you share with us in full compliance with all applicable data protection laws.
This Privacy Policy will inform you as to the nature, scope and purpose of the personal data we collect, use, process and store, and our legal basis for this when you visit us at the below websites, regardless of where you visit them from, and will tell you about your privacy rights and how the law protects you:
It is important that you read this Privacy Policy together with any other privacy notice or fair processing notice we may provide from time to time when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This Privacy Policy supplements the other notices and is not intended to override them.
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We may collect, use, store and transfer different kinds of personal data about you which can include the following:
We also collect, use and share “Aggregated Data” such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data by law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific Site feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Privacy Policy.
Additionally, we may also collect personal data that includes “Sensitive” or “Special Categories” of personal data (also known as “Special Category Data”), such as dietary requirements, details about your race or ethnicity, information about your health, genetic and biometric data and certain medical and health information (including whether or not you are a wheelchair user) and where required to ensure a safe environment and adherence to government instructions and guidelines.
In circumstances where we need to collect personal data by law or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract which we have or which we are trying to enter into with you. In such a case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.
On rare occasions we may collect and process the personal data of children below the age of 13 for the purposes of administering the following areas of our business, in which case we will always ensure that consent is given or authorised by the holder of parental responsibility over that child: (i) events in which children may participate (we require the child’s details in order for them to participate), (ii) to televise, film and/or otherwise record our events and to take photographs and record footage of our events, and (iii) to facilitate and publish the results of our events.
Potentially, we receive your personal data from different direct and indirect sources:
The reasons for using your personal data may differ depending upon the purpose of the collection, however personal data will be collected only for specified, explicit and legitimate reasons in strict compliance with our legal obligations. On a general level, we will use your personal data for the following purposes and on the following legal grounds:
Unless otherwise provided for in this Privacy Policy or if you are under the age of 13, we do not generally rely on consent as a legal basis for processing your personal data other than in relation to such things as sending third party direct marketing communications to you via email or text message. Where we ask for your consent, you are free to deny that consent and the denial will have no negative consequences for you. You are also free to withdraw your consent at any time with respect to future use.
Please see Annex 1 for a detailed description of the purposes for which we use your personal data and the legal bases we rely on to do so. We have also included in Annex 1 the clear and specific benefits or outcomes constituting our legitimate interests.
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
We may have to disclose your personal data in the manner set out below dependent upon how we use it:
We will always get your express opt-in consent before we share your personal data with any company outside of Threshold for marketing purposes. You can ask us or third parties to stop sending you marketing messages at any time by logging into the Site and checking or unchecking relevant boxes to adjust your marketing preferences or by following the opt-out links on any marketing message sent to you.
Please note that your event registration is conducted by third-party event registration service providers (“Registration Partners”), which will give us access to the registration information after the registration form has been submitted. This Privacy Policy applies only to our processing of your personal data after access has been granted. Our Registration Partners process the payment for our events independently. For this reason, this Privacy Policy does not apply to the payment processing by our Registration Partners, and we encourage you to check the privacy policy of our Registration Partners to learn about its privacy practices.
Further to the above, the Sites may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave the Sites, we encourage you to read the privacy policy of every website you visit.
Where we use third parties residing outside of the European Economic Area (EEA) for the purposes of data processing, in order to ensure appropriate safeguards are in place we only select those third parties that exist in a territory deemed compliant with relevant legislation or, with respect to third parties based in the USA, that have certified to the Data Privacy Framework and provide adequate protection.
We implement a variety of appropriate security measures to maintain the safety of your data and to prevent it from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a strict duty of confidentiality.
Nonetheless, no security system is guaranteed to be 100% secure and we have therefore put in place robust procedures to deal with any suspected personal data breach. We will notify you and any applicable regulator of a breach where we are legally required to do so and will take steps to investigate the matter thoroughly.
We will only store and retain your personal data for as long as necessary to fulfil the purposes for which we collected it, in accordance with our legal obligations and legitimate business interests. When personal data is no longer needed for specified purposes, it will be deleted or anonymised.
Details of retention periods for different aspects of your personal data are set out in the table in Annex 1. For the avoidance of doubt, please be aware that where we use a specific type of personal data for more than one reason and there is a conflict between the retention period for each such use in the table below, the longest retention period shall prevail.
Under the UK GDPR, you have rights in relation to your personal data, in particular:
Ordinarily, you are not required to pay a fee to exercise your rights. However, if your request is clearly unfounded, repetitive or excessive, we may charge a reasonable fee in such circumstances or, alternatively, we may refuse to comply with your request. If you make a request, we have one month to respond to you. Please note that we may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response. Please contact us if you wish to make a request.
This Privacy Policy may change from time to time. For example, we will continue to update it to reflect new legal requirements. Please visit this website page to keep up to date with the changes to our Policy, as updated Privacy Policies will apply to future events.
If you have any questions about this Privacy Policy, concerns regarding the management or use of your personal data, or wish to exercise any of your rights, please feel free to contact us directly:
Threshold Sports Limited
1st Floor Edge House
42 Bond Street
Brighton
East Sussex
BN1 1RD
Phone: (+44) (0)1273093970
Email: info@thresholdsports.co.uk
Data Protection Officer: Penny Welch
Online query form: https://www.thresholdsports.co.uk/your-data
Company number: 6430519
You also have the right to make a complaint at any time to the Information Commissioner’s Office (the “ICO”), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
Purpose/Activity | Type of data | Lawful basis for processing including basis of Legitimate Interest | Retention period (not exceeding) |
To enable you to apply to participate, or participate, or to organise a team, in any of Our | (a) Identity Data (b) Contact Data (c) Transaction Data(e) Profile Data (f) Marketing and Communications Data |
(a) Performance of a Contract with you (b) Necessary for Our Legitimate Interests (We need this data to be able to allow you to participate in Our events and to stage Our events) |
Five years from last application to participate |
To enable you to apply to participate in Our events if you are under 13 years of age | (a) Identity Data (b) Contact Data |
(a) Consent (parental consent either obtained by Us or via a third party) (b) Necessary for Our Legitimate Interests (to allow minors to participate in Our events. |
Five years from last application to participate or until you reach the age of 13, whichever occurs sooner |
To enable us to make the following automated decisions:
1. Event entries ballot: All applications for an entry to one of Our events received via one of Our ballots are processed electronically. Each application is uploaded to Our database, and Our database then automatically assigns a hidden, protected reference number; 2.Start times: Start times or wave times at Our events may be dependent upon estimated finishing time. In this case each participant’s personal data is uploaded to Our database and a participant’s starting place/group is selected by automated means. |
(a) Identity Data (b) Contact Data (c) Profile Data |
(a) Performance of a Contract with you (b) Necessary for Our Legitimate Interests (We need this data to be able to allow you to participate in Our events and to stage Our events) |
Five years from last application to participate |
To allow the administration of medical attention or treatment either from the event medical staff, St John Ambulance, other medical services providers to the event as contracted by Threshold, or any doctor or hospital, and to provide details (including details of medical treatment) to the Medical Director of the applicable event or others authorised by her/him. | (a) Identity Data
(b) Contact Data (c) Special Category Data |
(a) Performance of a Contract with you (b) Necessary for Our Legitimate Interests (We need this data to be able to allow you to participate in Our events and to stage Our events and to provide and procure the provision of medical assistance and/or medical care in the case of illness, injury or an emergency situation). |
Six years from the date of the applicable event |
To facilitate and publish the results of Our events through Results / timing services providers to the events as contracted by Threshold | (a) Identity Data (b) Profile Data |
(a) Necessary for Our Legitimate Interests (We need the ability to publish and store the results, rank individuals, challenge results after the specific event and keep a historic log of this data all for the purpose of staging the event(s) and for archival and historic research. This also allows participants to rank themselves against other participants) | In perpetuity |
For event logistics and operational purposes (including emergency service access routes, personal care plans, safety and security and public access routes) | (a) Identity Data (b) Contact Data |
(a) Necessary for Our Legitimate Interests (for ensuring that the event logistics are in place and safety and security is maintained to ensure successful staging of Our events) (b) Necessary to Comply with a Legal or Regulatory Obligation (safety and security and insurance) |
Three years from the event to which the data relates |
To enable you to access and/or remain in Our premises or events or ensuring the safety of you and others with the aim of: (a) creating a safe environment (including observing protocols around limiting the number of visitors and staff within Our spaces, and other measures which have the aim of keeping people safe; (b) adhering to the most up-to-date government instructions and guidelines; and (c) maintaining and monitoring facilities for health and safety purposes |
(a) Identity Data (b) Contact Data (c) Special Category Data |
(a) Necessary to Comply with a Legal or Regulatory Obligation (b) Necessary for Our Legitimate Interests (to keep Our records updated and to keep people and premises safe) |
For as long as necessary to fulfil the purposes We collected it for, including for the purposes of satisfying any legal requirements |
To enable you to be contacted by a charity who you may be fundraising for or wish to hear from, and to enable a fundraising platform to collect your funds associated with our Event, or to enable a partner, sponsor or third party to contact you after you have given your consent
|
(a) Identity Data (b) Contact Data (c) Marketing and Communications Data |
(a) Performance of a Contract with you
(b) Necessary for Our Legitimate Interests (to develop Our products/services and grow Our business and to provide you with the opportunity to hear about subjects of interest to you |
Five years from the collection of data, accessing your account, or from your last interaction with us (such as interacting with email communications) |
To form a view on what We think you may want or need, or what may be of interest to you. This is how We decide which products, services and offers may be relevant for you (marketing). You will receive marketing communications from Us if you have requested information from Us or purchased goods or services from Us or if you provided Us with your details when you entered a competition or registered for a promotion and, in each case, you have not opted out of receiving that marketing. | (a) Identity Data (b) Contact Data(d) Usage Data (e) Profile Data |
(a) Performance of a Contract with you (b) Necessary to Comply with a Legal or Regulatory Obligation (c) Necessary for Our Legitimate Interests (to keep Our records updated and to study how customers use Our products/services) |
Five years from the collection of data, accessing your account, or from your last interaction with us (such as interacting with email communications) |
To enable you to partake in a prize draw, competition or complete a survey | (a) Identity Data (b) Contact Data (c) Profile Data (d) Usage Data (e) Marketing and Communications Data |
(a) Performance of a Contract with you (b) Necessary for Our Legitimate Interests (to study how customers use Our products/services, to develop them and grow Our business) |
Three years from prize draw, competition or survey |
To make suggestions and recommendations to you about goods or services that may be of interest to you (including where you have applied via the ballot for a place at one of Our events or where your image is captured by our official photographer at one of Our events) | (a) Identity Data (b) Contact Data (c) Technical Data (d) Usage Data (e) Profile Data |
(a) Necessary for Our Legitimate Interests (to develop Our products/services and grow Our business and to provide you with the opportunity to purchase goods that commemorate your participation in one of Our events (such as an official photograph)) | Three years from last unsuccessful ballot application or three years from last participation in one of Our events, whichever is later |
To televise, film, photograph and/or otherwise record Our events | (a) Identity Data | (a) Necessary for Our Legitimate Interests (We need the ability to publish, display, sell and distribute Our events by means of film, television, radio, print media, internet, publicity material or any other media now or in the future) | In perpetuity |
To enable you to volunteer at Our events | (a) Identity Data (b) Contact Data (c) Profile Data (d) Marketing and Communications Data |
(a) Performance of a Contract with you (b) Necessary for Our Legitimate Interests (We need this data to be able to allow you to participate in Our events as a volunteer) (c) Necessary to Comply with a Legal or Regulatory Obligation (including security and safety at Our events and for tax purposes) |
Three years since your last application to volunteer, accessing your account, or from your last interaction with us (such as interacting with email communications) |
To enable you to provide your services on a casual labour basis to Us | (a) Identity Data (b) Contact Data (c) Financial Data (d) Transaction Data (e) Profile Data (f) Marketing and Communications Data |
(a) Performance of a Contract with you (b) Necessary for Our Legitimate Interests (We need this data to be able to contact you about becoming a service provider to Our event(s)) (c) Necessary to Comply with a Legal or Regulatory Obligation (including security and safety at Our events and tax purposes) |
Seven years since you applied for your last role |
To enable you to be included on Our media lists | (a) Identity Data (b) Contact Data (c) Marketing and Communications Data |
Necessary for Our Legitimate Interests (We need this data to be able to enable Our events to be covered in the media) | Three years |
To enable you to be a partner, sponsor or supplier or potential partner, sponsor or supplier of or to Us or Our events | (a) Identity Data (b) Contact Data (c) Financial Data (d) Transaction Data (e) Marketing and Communications Data |
(a) Performance of a Contract with you (as Our partner, sponsor or supplier) (b) Necessary for Our Legitimate Interests (We need this data to be able to contact you about becoming a partner, sponsor or supplier to allow you to become officially associated with Us or Our event(s)) (c) Necessary to Comply with a Legal or Regulatory Obligation (including for tax purposes) |
Six years after the end of any contract (if any) or six years from the last correspondence about being a potential partner, sponsor or supplier |
To enable you to be a medical professional including doctor, podiatrist and physiotherapist at one of Our events | (a) Identity Data (b) Contact Data (c) Marketing and Communications Data |
(a) Performance of a Contract with you (b) Necessary for Our Legitimate Interests (We need this data to be able to allow you to provide your services at Our events, to ensure that you are adequately qualified and to ensure that We have the requisite number of medical professionals at Our events) (c) Necessary to Comply with a Legal or Regulatory Obligation (including for tax and insurance purposes) |
Six years from the date of the last event you assisted with |
To register you as a new customer (not otherwise dealt with in this table) | (a) Identity Data (b) Contact Data |
(a) Performance of a Contract with you (b) Necessary for Our Legitimate Interests (to provide you with customer services) |
Five years from last registration as a customer or last interaction with Us as a customer, whichever is later |
To process and deliver your order including: (a) Managing payments, fees and charges; and (b) Collecting and recover money owed to Us |
(a) Identity Data (b) Contact Data (c) Financial Data (d) Transaction Data (e) Marketing and Communications Data |
(a) Performance of a Contract with you (b) Necessary for Our Legitimate Interests (to recover debts due to Us) (c) Necessary to Comply with a Legal or Regulatory Obligation (including for tax and consumer protection purposes) |
Six years from order completion |
To manage Our relationship with you which will include: (a) Notifying you about changes to Our terms or Privacy Policy (b) Asking you to leave a review or take a survey; and (c) dealing with any complaints and responding to feedback |
(a) Identity Data (b) Contact Data (c) Profile Data (d) Marketing and Communications Data |
(a) Performance of a Contract with you (b) Necessary to Comply with a Legal or Regulatory Obligation (c) Necessary for Our Legitimate Interests (to keep Our records updated and to study how customers use Our products/services) |
Six years from last correspondence |
To administer and protect Our business and the Sites (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) | (a) Identity Data (b) Contact Data (c) Technical Data |
(a) Necessary for Our Legitimate Interests (for running Our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise) (b) Necessary to Comply with a Legal or Regulatory Obligation |
Three years from collection of data |
To deliver relevant Site content and advertisements to you and measure or understand the effectiveness of the advertising We serve to you | (a) Identity Data (b) Contact Data (c) Profile Data (d) Usage Data (e) Marketing and Communications Data (f) Technical Data |
(a) Necessary for Our Legitimate Interests (to study how customers use Our products/services, to develop them, to grow Our business and to inform Our marketing strategy) | Five years from the collection of data, accessing your account, or from your last interaction with us (such as interacting with email communications) |
To use data analytics to improve the Site and Our products/services, marketing, customer relationships and experiences | (a) Technical Data (b) Usage Data |
(a) Necessary for Our Legitimate Interests (to define types of customers for Our products and services, to keep the Site updated and relevant, to develop Our business and to inform Our marketing strategy) | Three years from collection of data |