Data Privacy Notice

Scope
This document provides you with information about how we are handling, or are intending to
handle, your personal information:

If you are aged 16 or under, please get your parent/guardian’s permission before you provide any
personal information to us.

About us
Broughton Cycling Group is committed to protecting and respecting your privacy and complying with
the principles of applicable data protection laws. This notice sets out the basis on which any
personal data we collect from you, or that you provide to us, will be processed by us. Please read the
following carefully to understand our views and practices regarding your personal data and how we
will treat it. The data controller of the personal data referred to in this policy is the Broughton
Cycling Group, 10 Littlestone Gate, Broughton, MK10 7DH.

Collection of personal data
Broughton Cycling Group may collect and/or create or otherwise obtain and process the following
data about you:

Information about you that you provide by filling in forms while registering for activities and making
purchases on our websites

member of Broughton Cycling Group, subscribing to our communications, posting material, booking
onto rides, entering, attending and volunteering at events, joining events or requesting further
services.

Information from your social media accounts but only where you have given us permission to use it.
For example, posts, pictures and video footage you share on sites such as Facebook and Twitter.

We may also ask you for information when you report a problem or make a complaint and, if you
contact us, we may keep a record of that correspondence.

We may also ask you to complete optional surveys that we use for research purposes and to provide
you with a more relevant customer experience.

Details of when you digitally interact with Broughton Cycling Group via our websites and other
digital channels and the resources that you access which may include the use of cookies (subject to
our Cookie policy).

Information about emails and other communications we have sent to you and your interaction with
them.

Information from third parties where you consent to those other organisations sharing information
they hold on you with us, and where those other organisations lawfully share your information with
us.

Uses made of your information and the basis of processing

Broughton Cycling Group will use your personal information to:
Ensure that content from our websites is presented in the most effective manner;
Authenticate you when you register;

Carry out our obligations arising from any contracts entered into between you and Broughton
Cycling Group;

Provide you with information, products or services that you request from Broughton Cycling Group
or which we feel may interest you, where we are legally entitled to do so;

Enable cyclists to join and interact with each other;

Allow you to participate in interactive features of Broughton Cycling Group’s service, when you
choose to do so;

Notify you about changes to our service;

To gather statistics about memberships and people interested in cycling; or

To segment your personal data to make sure that you only receive information that is relevant to
you. For example, if you are ride with Category A, to make sure that you do not receive information
about events from Category C.

Broughton Cycling Group will not use any of the personal information we collect from you to make
automated business decisions.

The legal basis on which we collect and process the personal data described above depends on the
personal information concerned and the specific context in which we collect it. However, we will
only use your personal information where we:

Have your consent to do so;

Need the personal data to perform a contract with you;

Need to process your personal information for our legitimate interests and only where our
legitimate interests are not overridden by your data protection interests or fundamental rights and
freedoms;

Have a legal obligation to collect personal information from you; or

Need the personal information protect your vital interests or those of another person.
If we ask you to provide personal information to comply with a legal requirement or to perform a
contract with you, we will make this clear at the relevant time, and advise you whether the provision
of your personal information is mandatory or not (as well as the possible consequences if you do not
provide your personal information).

Information security
Broughton Cycling Group will take all steps reasonably necessary including policies, procedures and
security features to ensure that your data is treated securely and protected from unauthorised and
unlawful access and/or use, and in accordance with this notice. Unfortunately, the transmission of
information via the internet is not completely secure and, although we will do our best to protect
your personal data transmitted to us via the internet, we cannot guarantee the security of your data
transmitted to our website from your device. Any transmission is at your own risk.

Where we have given you (or where you have chosen) a password which enables you to access
certain parts of the website, you are responsible for keeping this password confidential. We ask you
not to share such a password with anyone.

Where any payments are being collected on our behalf, we require our payment providers to be
compliant with the Payment Card Industry’s Data Security standards (PCI-DSS).

Recipients of personal data
We will share information about you with some of our suppliers who process data on our behalf to
help us to provide services to you. We undertake this data sharing on the basis of our legitimate
interests.

Categories of organisation and purpose
Marketing agencies - to provide relevant digital content to our customers
Database hosting companies - to host Broughton Cycling Group digital platforms (e.g. Broughton
Cycling Group website) and associated customer databases to enable customers to log in and
interact with the website
Email broadcasting companies - to send emails to our customers
SMS broadcasting companies - to send SMS and text messages to our customers
Mailing houses - to send products and benefits to our members that are not directly produced by
Broughton Cycling Group (e.g., publications)
Market research companies - to undertake research of our own customers
Social media companies (e.g. Facebook/Twitter) - to verify your identity when you register on our
web site using 'register with' functions
Online learning hosting companies - to enable our customers to take part in online training and
learning
Governing bodies of cycling - to assist in event management, disciplinary issues and maintenance of
competition licences (UCI and other federations)
Broughton Cycling Group event organisers - to enable event organisers to manage Broughton Cycling
Group events and communicate with participants

International transfer of personal data
We do not envisage transferring any information about or relating to individuals to anyone who is
located outside of the European Economic Area.
However, on some occasions, the information we collect may be transferred to organisations who
may store and use such data at premises in other countries. Where we allow an organisation to
process your personal information outside of the European Economic Area, we will ensure that we
create and maintain appropriate safeguards with those organisations so that your personal
information is subject to the same standards and protections as when we are processing your
personal information inside the European Economic Area.
If you choose to sign-up with Facebook/Twitter when you register on our website, Broughton Cycling
Group may access your personal data in your Facebook/Twitter account, depending on your settings,
and we may post information submitted on our websites to Facebook/Twitter who will store such
information in the United States. The EU has not endorsed the privacy laws of the United States but
has approved a framework for the transfer of personal data called the EU:US Privacy Shield under
which Facebook/Twitter has a valid certificate enabling us to lawfully transfer your personal data to
Facebook. You may review Facebook/Twitter’s Privacy Shield certificate here.

Data retention period
We will hold information about you in our data systems only for as long as we need it for the
purpose for which we collected it, which is as follows:
As long as you continue to log into our website or use our services (including engaging with emails,
entering cycling events, making purchases, entering prize draws or downloading content) we will
retain and process information about you. In such cases, you will be considered to be an ‘active’
customer. If you have not been ‘active’ as a customer for a period of three years, Broughton Cycling
Group will deactivate your customer account and anonymise any personal data relating to you.
Any data relating to the obligations of Broughton Cycling Group to maintain a comprehensive,
published index of results as a National Governing Body for sport will be retained. This would not
include more than name, age category and gender alongside details of the event in which an
individual took part.
Personal data linked to the processing of insurance claims, subject access requests, disputes,
safeguarding investigations, disciplinary or police matters will only be kept for as long as it necessary
for those purposes, as each is applicable.

IP addresses and cookies
We may collect information about your computer, including where available your IP address,
operating system and browser type, for system administration and to report aggregate information
to our advertisers. This is statistical data about our users' browsing actions and patterns, and does
not identify any individual.
For the same reason, we may obtain information about your general internet usage by using a
cookie file which is stored on the hard drive of your computer. Cookies contain information that is
transferred to your computer's hard drive.
In addition to the above we use third party cookies and pixels to advertise Broughton Cycling Group
and our products across the internet (for example via Google AdWords Remarketing and other
services). Remarketing will display relevant adverts tailored to you based on what parts of the
Broughton Cycling Group website you have viewed by placing a cookie on your machine. This does
not in any way identify you or give access to your computer. Remarketing allows us to tailor our
marketing to better suit your needs and only display adverts that are relevant to you.
You may refuse to accept cookies by activating the setting on your browser which allows you to
refuse the setting of cookies. However, if you select this setting you may be unable to access certain
parts of the Site. Unless you have adjusted your browser setting so that it will refuse cookies, our
system will issue cookies when you log on to the Site. You can see a full list of cookies used on our
websites here.
Please note that our advertisers may also use cookies, over which we have no control.
In addition to cookies, Broughton Cycling Group records the activity of users signed in to our
websites in order to help us improve your customer experience and provide you with support.

The data subject’s rights
Data protection laws grant you, as a Data Subject, certain ‘information rights’, which are
summarised below:

Right of access - You have the right to obtain a copy of information we hold about you

Right of rectification or erasure - If you feel that any data that we hold about you is inaccurate, you
have the right to ask us to correct or rectify it. You also have a right to ask us to erase information
about you where you can demonstrate that the data we hold is no longer needed by us, or if you
withdraw the consent upon which our processing is based, or if you feel that we are unlawfully
processing your data. Please note that we may be entitled to retain your personal data despite your
request, for example if we are under a separate legal obligation to retain it. Your right of rectification
and erasure extends to anyone we have disclosed your personal information to and we will take all
reasonable steps to inform those with whom we have shared their data about your request for
erasure.

Right to restriction of processing - You have a right to request that we refrain from processing your
data where you contest its accuracy, or the processing is unlawful and you have opposed its erasure,
or where we do not need to hold your data any longer but you need us to in order to establish,
exercise or defend any legal claims, or we are in dispute about the legality of our processing your
personal data.

Right to Portability - You have a right to receive any personal data that you have provided to us in
order to transfer it onto another data controller where the processing is based on consent and is
carried out by automated means. This is called a data portability request.

Right to Object - You have a right to object to our processing your personal data where the basis of
the processing is our legitimate interests including but not limited to direct marketing and profiling.

Right to Withdraw Consent - You have the right to withdraw your consent for the processing of your
personal data where the processing is based on consent.

Right of Complaint - You also have the right to lodge a complaint about any aspect of how we are
handling your data with the UK Information Commissioner’s Office, which can be contacted at
www.ico.org.uk.

Right to Opt-out of Marketing Communications - You have the right to opt-out of marketing
communications we send to you at any time. You can exercise this right by clicking on the
“unsubscribe” or “opt-out” link in the marketing emails we send you. To opt out of other forms of
marketing (such as postal marketing or telemarketing), then please contact us using the contact
details provided below.

Changes to our privacy policy
Any changes we may make to our privacy policy in the future will be posted on this page and, where
appropriate, notified to you by date-stamped communication.

How to contact us
If you wish to contact us about your personal data or exercise any of the rights described above
please contact: info@broughtoncyclinggroup.org

Legal and Compliance, Broughton Cycling Group, 10 Littlestone Gate, Broughton, MK10 7DH