This privacy policy explains how UK Horse Racing Non-Runners (“we”, “us”, “our”) collects, uses, and protects personal data when you visit our website. We are committed to handling your information responsibly and in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
What Data We Collect
When you visit our website, we may collect the following types of data:
Automatically collected data. Our web server and analytics tools record technical information about your visit, including your IP address, browser type and version, operating system, referring page, pages viewed, time spent on each page, and the date and time of your visit. This data is collected through server logs and analytics cookies.
Cookies and similar technologies. We use cookies to understand how visitors interact with our content. A full description of the cookies we use and how to manage them is available in our Cookie Policy.
We do not collect names, email addresses, phone numbers, payment information, or any other directly identifying personal data unless you voluntarily provide it through a contact form or email correspondence.
How We Use Your Data
We use the data we collect for the following purposes:
Website analytics. We analyse aggregated visitor data to understand which pages and topics are most useful, to identify technical issues, and to improve the quality and structure of our content. This processing is based on our legitimate interest in operating and improving the website.
Technical operation. Server logs are used to maintain the security and stability of the website, to detect and prevent misuse, and to diagnose technical problems. This processing is necessary for our legitimate interest in keeping the website functional and secure.
Legal Basis for Processing
Under UK GDPR, we rely on the following legal bases for processing your personal data:
Legitimate interests (Article 6(1)(f)) — for website analytics, security monitoring, and content improvement, where those interests are not overridden by your rights and freedoms.
Consent (Article 6(1)(a)) — for the use of non-essential cookies, which you may accept or decline through the cookie consent mechanism on our website.
Data Sharing
We do not sell, rent, or trade your personal data to third parties.
We may share data with the following categories of service providers who process data on our behalf and under our instructions:
Hosting providers — the company that hosts our website and stores server log data.
Analytics providers — third-party analytics services that help us understand website traffic patterns. These providers may process data outside the United Kingdom, in which case appropriate safeguards (such as Standard Contractual Clauses) are in place.
We may also disclose data where required by law, regulation, or legal process.
Data Retention
Server log data is retained for a maximum of 90 days before being automatically deleted. Analytics data is retained in aggregated, non-identifiable form and is not subject to a fixed deletion schedule. If you contact us by email, we retain correspondence for as long as reasonably necessary to address your enquiry and for our records, after which it is deleted.
Your Rights
Under UK GDPR, you have the following rights in relation to your personal data:
Right of access — you may request a copy of the personal data we hold about you.
Right to rectification — you may request correction of inaccurate or incomplete data.
Right to erasure — you may request deletion of your personal data in certain circumstances.
Right to restrict processing — you may request that we limit how we use your data.
Right to data portability — you may request a copy of your data in a structured, machine-readable format.
Right to object — you may object to processing based on legitimate interests at any time.
Right to withdraw consent — where processing is based on consent (such as non-essential cookies), you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal.
To exercise any of these rights, please contact us using the details provided below. We will respond within one calendar month, as required by UK GDPR.
International Transfers
Where personal data is transferred outside the United Kingdom, we ensure that appropriate safeguards are in place in accordance with UK GDPR requirements. These may include transfers to countries recognised by the UK government as providing adequate protection, or transfers subject to Standard Contractual Clauses approved by the Information Commissioner’s Office.
Children’s Privacy
Our website is not directed at children under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected data from a child, we will take steps to delete it promptly.
Security
We implement appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction. These measures include encrypted connections (HTTPS), access controls on server infrastructure, and regular review of our data handling practices.
Changes to This Policy
We may update this privacy policy from time to time to reflect changes in our practices or in applicable law. When we make changes, we will update the “Last updated” date at the top of this page. We encourage you to review this policy periodically.
Supervisory Authority
If you believe that our processing of your personal data infringes UK GDPR, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO). You can contact the ICO through their website at ico.org.uk or by telephone on 0303 123 1113.