GDPR Policy

Introduction

We take the privacy and security of our customer information seriously and we are committed to safeguarding your privacy online. The following provides you with details of our Privacy Policy. Please take a moment to read this so you know what choices you have about the information we may ask you for.

Any personal data relating to you will only be used by us in accordance with current data protection legislation. Such personal data will be collected, processed and used by us or our agents for the purpose of registering you on-line, providing the Website to you and facilitating any transactions which you may enter into with us through your use of the Website. We may also make use of such data for administration purposes and future enhancing of the Website to meet your needs as well as our marketing, advertising and promotional purposes. You are able to state your preference on Registration, and for details on how to unsubscribe read on and see end of Privacy section.

PRA GDPR Policy
Background
The General Data Protection Regulation, commonly referred to as GDPR, replaces the Data Protection Act 1988, and is a new regulation within EU law relating to data protection and privacy of contact information for individuals. It aims to give control of personal data to the individual. GDPR becomes enforceable on 25th May 2018 and is directly binding and enforceable with strict data compliance requirements and severe penalties.
Consent must now be given or gained for holding personal data, which must be removed / deleted if if an individual requests that they no longer wish you to be in possession of their details. Once a request is made there will be a time period of a month to erase the data.
Clear consent must be given for any personal data that is to be collected and processed. This will need to be consent from a child’s parents if they are under 16 years of age and the consent can be withdrawn at any time, and must be actioned accordingly.
GDPR gives increased protection of personal data and requires a change in consent for marketing purposes.

PRA Data

Data held by the PRA includes:
PRA Membership
Pony Racing Training Days
Charles Owen Series Entries
PRA Academies
Point-to-Point Pony Racing Entries
Sponsors
Rider Medical Record Books
Newsletter Subscriptions
Website Enquiry Forms
Competition Entries

PRA GDPR Policy
The PRA commits to undertake the following policy to ensure GDPR compliance:
1. Consent will be obtained for holding and using any personal data; historical, current and future. Historical contacts will be communicated with prior to 25th May 2018.
2. The PRA will ensure that all forms of data collection include an OPT IN option from 25th May 2018; online and hard copies.
3. Any data shared by the PRA or its nominated volunteers will be password protected.
4. Any hard copies of data help by the PRA or its nominated volunteers will be locked in a secure cabinet.
5. GDPR compliant data that is held by the PRA but not used / communicated from within five years will automatically be removed from the database after this time period.

Hotjar
We use Hotjar in order to better understand our users’ needs and to optimize this service and experience. Hotjar is a technology service that helps us better understand our users experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our service with user feedback. Hotjar uses cookies and other technologies to collect data on our users’ behavior and their devices (in particular device’s IP address (captured and stored only in anonymized form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), preferred language used to display our website). Hotjar stores this information in a pseudonymized user profile. Neither Hotjar nor we will ever use this information to identify individual users or to match it with further data on an individual user. For further details, please see Hotjar’s privacy policy by clicking on this link.

You can opt-out to the creation of a user profile, Hotjar’s storing of data about your usage of our site and Hotjar’s use of tracking cookies on other websites by following this opt-out link.

Payments via Stripe

When you make a payment  on Our Site, we will collect the necessary financial information from you (such as the name on your credit or debit card, type of card, card number, start date, expiry date, security code and/or issue number) as well as any additional personal information. This information will be transferred to our nominated payment processor, which is currently Stripe Payments Europe Ltd. (‘Stripe’), a company registered in Ireland under company number 513174, registered office 1 Grand Canal Street Lower, Grand Canal Dock, Dublin. Stripe is a certified PCI Service Provider Level 1 who will process your payment to us. PRA does not store this financial information.

Consent

Upon registering your details with us you can consent to us collecting and using personal information about you as per your choices within the registration process, including email and SMS communication.

What does this Privacy Policy not cover?

Please note that this Privacy Policy only refers to this website, and not to the collection and use of personal information by any companies, individuals or organisations to which we provide links via our services. We are not responsible for the privacy policies of other websites, and encourage you to be aware when you leave our site, and to read all applicable terms and conditions and privacy policies when using other websites.

How do we use your information?

We will use any personal information relating to you only in accordance with current data protection legislation and this Privacy Policy.

We may use your personal information to communicate with you by email or telephone, for record keeping purposes, to personalise your visits to the website, for the purpose of providing any services you request or register for, fraud prevention and detection purposes, and for any other purposes we may notify to you and the relevant data protection authority from time to time.

We may also disclose your personal information to any entity who may take over the running of this website or who may purchase any or all of our assets including your personal information. We reserve the right to disclose your personal information to any law enforcement agencies requesting it in connection with the committing of any offence, once we are reasonably satisfied as to the circumstances surrounding the request. We also reserve the right to access and disclose your personal information to comply with applicable laws and lawful government requests, to operate our systems properly or to protect our users and ourselves.

How do we protect your Information?

We take every precaution to protect your personal information. When we ask you to submit sensitive personal financial information, such as your credit card number, we use industry standard Secure Sockets Layer (SSL) encryption technology, making these pages secure. In addition, we have strict security protocols in place to protect our customer database, and only allow access to it when absolutely necessary for the purposes outlined in the privacy policy, and then under strict guidelines as to what use may be made of such details. We may ask you for proof of identity before disclosing any personal information to you.

Safeguarding Children’s Privacy

Children should always ask a parent for permission before sending personal information to anyone online. When registering on the Pony Racing Authority website it is mandatory for the user to provide his or her age date of birth.. No information should be submitted to, or posted on the Website by visitors under the age of 18 without the consent of their parents.

What if you no longer wish us to hold your personal information?

We hope that you will enjoy using this website and the services we offer. However, you may request that your personal information is not used in the ways outlined above. This is called unsubscribing, and may be achieved by any of the following methods.

By Email to –
clarissa@ponyracingauthority.co.uk
Or write to us at: PRA, Lower Postons House, Cold Weston, Craven Arms SY7 9FE.

Changes to our Privacy Policy

We may occasionally modify our Privacy Policy as indicated on the ‘update’ date on the top. Please visit this Privacy Policy page regularly to check for updates. It is recommended that the prevailing terms and conditions, and privacy policy are printed and kept for future reference