Hillside Outside – Privacy Policy

Scope

This document provides you with information about how we are handling, or are intending to handle, your personal information.

If you are aged 16 or under, please get your parent/guardian’s permission before you provide any personal information to us.

About us

We’re Hillside Outside, a Scottish Borders based events company. Hillside Outside is a company limited by guarantee (no. SC420470). The registered address is Unit 1 Copperbeech Court, Calavry Park, Peebles, EH45 8EU. Hillside Outside produces events including but not limited to, Tweedlove Bike Festival, Tour o the Borders, Tunnel Trial Run, Peebles Torchlight Procession.

At Hillside Outside Ltd, we’re committed to protecting and respecting your privacy and complying with the principles of applicable data protection laws.

This Policy explains when and why we collect personal information, how we use it, the conditions under which we may disclose it to others and how we keep it secure. This notice sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.We may change this Policy from time to time so please check this page occasionally to ensure that you’re happy with any changes.
Any questions regarding this Policy and our privacy practices should be sent by email to office@hillsideoutside.com or by writing to Hillside Outside Ltd, Unit 1, Copperbeech Court, Cavalry Park, Peebles, EH45 8EU Alternatively, you can telephone 01721 588050

Collection of personal data

Hillside Outside may collect and/or create or otherwise obtain and process the following data about you:

  • Information about you that you provide by filling in forms while registering for activities and making purchases on our websites. Hillside Outside websites include but are not limited to:
    • tweedlove.com
    • tourotheborders.com
    • tunneltrailrun.com
    • peeblestorchlight.com

    This includes information provided at the time of entering our events, subscribing to our communications, posting material, attending and volunteering at events or requesting further services.

  • Information from your social media accounts but only where you have given us permission to use it. For example, posts, pictures and video footage you share on sites such as Facebook and Twitter.
  • We may also ask you for information when you report a problem or make a complaint and, if you contact us, we may keep a record of that correspondence.
  • We may also ask you to complete optional surveys that we use for research purposes and to provide you with a more relevant customer experience.
  • Details of when you digitally interact with Hillside Outside Ltd via our websites and other digital channels and the resources that you access which may include the use of cookies (subject to our Cookie policy).
  • Information about emails and other communications we have sent to you and your interaction with them.
  • Information from third parties where you consent to those other organisations sharing information they hold on you with us, and where those other organisations lawfully share your information with us.

Uses made of your information and the basis of processing

Hillside Outside Ltd will use your personal information to:

  • Carry out our obligations arising from any contracts entered into between you and Hillside Outside
  • Provide you with information, products or services that you request from Hillside Outside or which we feel may interest you, where we are legally entitled to do so
  • Enable people to join events, rides and groups and communicate with each other via the Hillside Outside system as part of that activity
  • Allow you to participate in interactive features of Hillside Outside service, when you choose to do so
  • Notify you about changes to our service
  • To gather statistics about our events
  • Publish and maintain a comprehensive set of results and rankings for Hillside Outside events
  • dealing with entries into competitions
  • processing job applications and staff details
  • Ensure that content from our websites is presented in the most effective manner

Hillside Outside will not use any of the personal information we collect from you to make automated business decisions.
The legal basis on which we collect and process the personal data described above depends on the personal information concerned and the specific context in which we collect it. However, we will only use your personal information where we:

  • Have your consent to do so
  • Need the personal data to perform a contract with you
  • Need to process your personal information for our legitimate interests and only where our legitimate interests are not overridden by your data protection interests or fundamental rights and freedoms
  • Have a legal obligation to collect personal information from you
  • Need the personal information protect your vital interests or those of another person

If we ask you to provide personal information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time, and advise you whether the provision of your personal information is mandatory or not (as well as the possible consequences if you do not provide your personal information).

Recipients of personal data

We may pass your information to our third party service providers, agents subcontractors and other associated organisations for the purposes of completing tasks and providing services to you on our behalf (including but not limited to processing race results, first aid providers). However, when we use third party service providers, we disclose only the personal information that is necessary to deliver the service and not to use it for their own direct marketing purposes. We undertake this data sharing on the basis of our legitimate interests.

Categories of organisation and purpose

  • Ticket Processing companies – to host Hillside Outsides ticket booking system and associated customer databases to enable customers to log in and interact with their booking
  • Email broadcasting companies – to send emails to our customers and subscribers
  • SMS broadcasting companies – to send SMS and text messages to our customers
  • Social media companies (e.g. Facebook/Twitter) – to verify your identify when you register on our web site using ‘register with’ functions and to provide you with relevant social media posts
  • Governing bodies of cycling – to assist in event management, disciplinary issues and maintenance of competition licences (UCI and other federations)
  • Clubs and event organisers, ride leaders and officials working on behalf of Hillside Outisde – to enable event organisers, ride leaders and officials to manage Hillside Outside events, activities and communicate with participants, clubs, groups and volunteers.
  • Emergency Service providers, – to provide first aid and safety cover to our events. We work closely with various third party organisations including but not limited to Tweed Valley Mountain Rescue, Scottish Ambulance Service, Scottish Police Service. Information may need to be shared between ourselves and these organisations to ensure participant safety and provide effective incident management
  • Sports results agencies – to collate results and reports for the event website on behalf of Hillside Outside
  • Database hosting companies – to host Hillside Outside digital platforms (e.g. tweedlovemegademo.com website) and associated customer databases to enable customers to log in and interact with the website
  • Payment Processing companies – When you are using our secure online booking system, shop, your payment is processed by a third party payment processor, who specialises in the secure online capture and processing of credit/debit card transactions

Please be reassured that we will not release your information to third parties for them to use for their own direct marketing purposes, unless you have requested us to do so, or we are required to do so by law, for example, by a court order or for the purposes of prevention of fraud or other crime.

International transfer of personal data

We do not envisage transferring any information about or relating to individuals to anyone who is located outside of the European Economic Area.

However, on some occasions, the information we collect may be transferred to organisations who may store and use such data at premises in other countries. Where we allow an organisation to process your personal information outside of the European Economic Area, we will try and ensure that we create and maintain appropriate safeguards with those organisations so that your personal information is subject to the same standards and protections as when we are processing your personal information inside the European Economic Area.

If register for Hillside Outside events the tickets are processed by Eventbrite this company is based in the United States as such information may be stored outside the EU. The EU has not endorsed the privacy laws of the United States but has approved a framework for the transfer of personal data called the EU:US Privacy Shield. You may review Eventbrite privacy statement here.

Data retention period

We will hold information about you in our data systems only for as long as we need it for the purpose for which we collected it, which is as follows:

  • As long as you continue to use our services (including engaging with emails, entering cycling events, making purchases, entering prize draws or downloading content) we will retain and process information about you. In such cases, you will be considered to be an ‘active’ customer. If you have not been ‘active’ as a customer for a period of three years, Hillside Outside will deactivate your customer account and anonymise any personal data relating to you.
  • Any data relating to the obligations of Hillside Outside to maintain a comprehensive, published index of results. This would not include more than name, age category and gender alongside details of the event in which an individual took part.
  • Personal data linked to the processing of insurance claims, payment processing, subject access requests, disputes, safeguarding investigations, disciplinary or police matters will only be kept for as long as it necessary for those purposes, as each is applicable.

We review our retention periods for personal information on a regular basis. We are legally required to hold some types of information to fulfil our statutory obligations We will hold your personal information on our systems for as long as is necessary for the relevant activity, or as long as is set out in any relevant contract you hold with us.

IP addresses and cookies

We may collect information about your computer, including where available your IP address, operating system and browser type, for system administration and to report aggregate information to our advertisers. This is statistical data about our users’ browsing actions and patterns, and does not identify any individual.
For the same reason, we may obtain information about your general internet usage by using a cookie file which is stored on the hard drive of your computer. Cookies contain information that is transferred to your computer’s hard drive.
You may refuse to accept cookies by activating the setting on your browser which allows you to refuse the setting of cookies. However, if you select this setting you may be unable to access certain parts of the Site. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you log on to the Site. You can see a full list of cookies used on our websites here. ADD LINK
Please note that our advertisers may also use cookies, over which we have no control.
In addition to cookies, Hillside Outside records the activity of users signed in to our websites in order to help us improve your customer experience and provide you with support.

The data subject’s rights

Data protection laws grant you, as a Data Subject, certain ‘information rights’, which are summarised below:

  • Right of access – You have the right to obtain a copy of information we hold about you
  • Right of rectification or erasure – If you feel that any data that we hold about you is inaccurate, you have the right to ask us to correct or rectify it. You also have a right to ask us to erase information about you where you can demonstrate that the data we hold is no longer needed by us, or if you withdraw the consent upon which our processing is based, or if you feel that we are unlawfully processing your data. Please note that we may be entitled to retain your personal data despite your request, for example if we are under a separate legal obligation to retain it. Your right of rectification and erasure extends to anyone we have disclosed your personal information to and we will take all reasonable steps to inform those with whom we have shared their data about your request for erasure.
  • Right to restriction of processing – You have a right to request that we refrain from processing your data where you contest its accuracy, or the processing is unlawful and you have opposed its erasure, or where we do not need to hold your data any longer but you need us to in order to establish, exercise or defend any legal claims, or we are in dispute about the legality of our processing your personal data.
  • Right to Portability – You have a right to receive any personal data that you have provided to us in order to transfer it onto another data controller where the processing is based on consent and is carried out by automated means. This is called a data portability request.
  • Right to Object – You have a right to object to our processing your personal data where the basis of the processing is our legitimate interests including but not limited to direct marketing and profiling.
  • Right to Withdraw Consent – You have the right to withdraw your consent for the processing of your personal data where the processing is based on consent.
  • Right of Complaint – You also have the right to lodge a complaint about any aspect of how we are handling your data with the UK Information Commissioner’s Office, which can be contacted at www.ico.org.uk.
  • Right to Opt-out of Marketing Communications – You have the right to opt-out of marketing communications we send to you at any time. You can exercise this right by clicking on the “unsubscribe” or “opt-out” link in the marketing emails we send you.

Changes to our privacy policy

Any changes we may make to our Privacy Notice in the future will be posted on this page and, where appropriate, notified to you by date-stamped communication.

How to contact us

If you wish to contact us about your personal data or exercise any of the rights described above please contact: office@hillsideoutside.com

Your choices

You have a choice about whether or not you wish to receive information from us. If you do not want to receive direct marketing communications from us about the Hillside Outside events, then you can select your choices by ticking the relevant boxes situated on the form on which we collect your information.
We will not contact you for marketing purposes by email, phone or text message unless you have given your prior consent. You can change your marketing preferences at any time by contacting us by email: office@hillsideoutside.com or telephone on 01721 588050.

How you can access and update your information

The accuracy of your information is important to us. We’re working on ways to make it easier for you to review and correct the information that we hold about you. In the meantime, if you change email address, or any of the other information we hold is inaccurate or out of date, please email us at: office@hillsideoutside.com, or write to us at: Alternatively, you can telephone 01721 588050.
You have the right to ask for a copy of the information Hillside Oustide Ltd hold about you (we may charge £10 for information requests) to cover our costs in providing you with details of the information we hold about you.

Information security

Hillside Outside will take all steps reasonably necessary to ensure that your data is treated securely and protected from unauthorised and unlawful access and/or use, and in accordance with this notice. Unfortunately, the transmission of information via the internet is not 100% secure and, although we will do our best to protect your personal data transmitted to us via the internet, we cannot guarantee the security of your data transmitted to our website from your device. Any transmission is at your own risk.
Where we have given you (or where you have chosen) a password which enables you to access certain parts of the website, you are responsible for keeping this password confidential. We ask you not to share such a password with anyone.

Links to other websites

Our website may contain links to other websites run by other organisations. This privacy policy applies only to our website‚ so we encourage you to read the privacy statements on the other websites you visit. We cannot be responsible for the privacy policies and practices of other sites even if you access them using links from our website.
In addition, if you linked to our website from a third party site, we cannot be responsible for the privacy policies and practices of the owners and operators of that third party site and recommend that you check the policy of that third party site.

Review of this Policy

We keep this Policy under regular review. This Policy was last updated in April 2018.