The General Data Protection Regulation (EU) 2016/679 (the GDPR) will directly apply in EU member states from 25 May 2018. The GDPR will govern how organisations use personal data and increase the protection of individual’s privacy. There will also be a new UK Act to replace the Data Protection Act 1998.
For all races entered via SiEntries, they act as a Data Processor, while we are a Data Contoller. SiEntries have updated their T&Cs on their website to cover the new GDPR regulations.
We publish race start lists and results on our website as well as our social media accounts. This falls under the GDPR category of “legitimate business interests” – i.e. the running and administration of the events we organise.
When you enter one of our events, as per the T&Cs found on the event entry system, you agree that we may publish your Personal Information as part of the entry list and / or results of the Event and may pass such information to the governing body or any affiliated organisation* for the purpose of insurance, licences or for publishing results either for the event alone or combined with or compared to other events. Entry Lists / Results may include (but not be limited-to) name, any club affiliation, race times and age category.
There are two common circumstances where we will share your personal information with specific third parties. Due to the nature of our involvement with these third parties, the information shared with them requires to include some information we will not share publicly – specifically information from which an individual can be identifed. This is necessary for the administration of race levies and the allocation of qualifying points for UTMB events. These two bodies are:
- The governing body for our races, Scottish Athletics.
- The International Trail Running Association, for the purposes of qualifying points for associated events like the UTMB.
When we receive entrant information from SiEntries, this is downloaded for the purpose of race planning and timing setup. This information is stored on computers which are password protected, with encrypted local storage and are regularly updated with manufacturer software (and security) patches. All individuals working for Out-Run Trail Running Limited are aware of their obligations when dealing with personal data.
Following conclusion of a race, we will delete any personal information other than the results and start lists which you see published on the website. Any paper records from an event with other personal information – for example, medical conditions – will be destroyed a short period after the race.
When you visit our website, we do not track your activity with cookies or by any other means. We have no interest in collecting your personal data. No data we receive from race entries leaves our organisation.
Please note that for the purposes of EU data protection legislation, Out-Run Trail Running acts as a data controller of your personal information.
In short (and in plain English) we really don’t care who you are, why you’ve chosen to visit our website or what your browsing habits are, so we have no interest in tracking you in any way. We don’t collect any data on you, your browsing habits or your IP address. This website and any associated social media accounts are wholly owned and funded by us, so no third parties have any interest or say in what we do or how we do it. We don’t need to run adverts on the sites.
If you have any questions or concerns regarding the use or disclosure of your personal information, you can contact us by sending an email to email@example.com.