Last updated 5 November 2019
This document provides you with information about how we are handling, or are intending to handle, your personal information.
If you are aged 16 or under, please get your parent / guardian’s permission before you provide any personal information to us.
British Cycling is committed to protecting and respecting your privacy and complying with the principles of applicable data protection laws. This notice sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. The data controller of the personal data referred to in this policy is the British Cycling Federation of Stuart Street, Manchester, Lancashire, M11 4DQ.
Collection of personal data
British Cycling may collect and/or create or otherwise obtain and process the following data about you:
Uses made of your information and the basis of processing
British Cycling will use your personal information to:
British Cycling will not use any of the personal information we collect from you to make automated business decisions.
The legal basis on which we collect and process the personal data described above depends on the personal information concerned and the specific context in which we collect it. However, we will only use your personal information where we:
If we ask you to provide personal information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time, and advise you whether the provision of your personal information is mandatory or not (as well as the possible consequences if you do not provide your personal information).
British Cycling will take all steps reasonably necessary including policies, procedures and security features to ensure that your data is treated securely and protected from unauthorised and unlawful access and/or use, and in accordance with this notice. Unfortunately, the transmission of information via the internet is not completely secure and, although we will do our best to protect your personal data transmitted to us via the internet, we cannot guarantee the security of your data transmitted to our website from your device. Any transmission is at your own risk.
Where we have given you (or where you have chosen) a password which enables you to access certain parts of the website, you are responsible for keeping this password confidential. We ask you not to share such a password with anyone.
Where any payments are being collected on our behalf, we require our payment providers to be compliant with the Payment Card Industry’s Data Security standards (PCI-DSS).
When you sign up to letsride.co.uk we will create a publicly available profile for you which allows you interact with other Let’s Ride users.
If you would prefer limited details to be displayed or if you would like your profile to be hidden altogether you can amend your privacy settings under the ‘Age and Family Information’ section of your profile.
Recipients of personal data
We will share information about you with some of our suppliers who process data on our behalf to help us to provide services to you. We undertake this data sharing on the basis of our legitimate interests.
Marketing agencies – to provide relevant digital content to our customers
Database hosting companies – to host British Cycling digital platforms (e.g. British Cycling website) and associated customer databases to enable customers to log in and interact with the website
Email broadcasting companies – to send emails to our customers
SMS broadcasting companies – to send SMS and text messages to our customers
Mailing houses – to send products and benefits to our customers that are not directly produced by British Cycling (e.g. publications)
Market research companies – to undertake research of our own customers
Social media companies (e.g. Facebook / Twitter) – to verify your identify when you register on our web site using ‘register with’ functions and to provide you with relevant social media posts
Online learning hosting companies – to enable our customers to take part in online training and learning
Governing bodies of cycling – to assist in event management, disciplinary issues and maintenance of competition licences (UCI and other federations)
British Cycling registered event organisers, ride leaders and officials – to enable event organisers, ride leaders and officials to manage British Cycling registered activities and communicate with participants and appointed volunteers.
British Cycling affiliated cycling club officials and group leaders – to enable clubs and group leaders to communicate with and administer activities for belonging to their club or group
Home Country cycling federations (Scottish Cycling / Welsh Cycling) – to manage cycling events, rides, clubs, groups, volunteers and participants registered through British Cycling’s systems
Sports results agencies – to collate results and reports for the British Cycling website on behalf of British Cycling.
International transfer of personal data
We do not envisage transferring any information about or relating to individuals to anyone who is located outside of the European Economic Area.
However, on some occasions, the information we collect may be transferred to organisations who may store and use such data at premises in other countries. Where we allow an organisation to process your personal information outside of the European Economic Area, we will ensure that we create and maintain appropriate safeguards with those organisations so that your personal information is subject to the same standards and protections as when we are processing your personal information inside the European Economic Area.
If you choose to sign-up with Facebook / Twitter when you register on our website, British Cycling may access your personal data in your Facebook / Twitter account, depending on your settings, and we may post information submitted on our websites to Facebook / Twitter who will store such information in the United States. The EU has not endorsed the privacy laws of the United States but has approved a framework for the transfer of personal data called the EU:US Privacy Shield under which Facebook / Twitter has a valid certificate enabling us to lawfully transfer your personal data to Facebook. You may review Facebook / Twitter’s Privacy Shield certificate here.
Data retention period
We will hold information about you in our data systems only for as long as we need it for the purpose for which we collected it, which is as follows:
IP addresses and cookies
We may collect information about your computer, including where available your IP address, operating system and browser type, for system administration and to report aggregate information to our advertisers. This is statistical data about our users' browsing actions and patterns, and does not identify any individual.
For the same reason, we may obtain information about your general internet usage by using a cookie file which is stored on the hard drive of your computer. Cookies contain information that is transferred to your computer's hard drive.
In addition to the above we use third party cookies and pixels to advertise British Cycling and our products across the internet (for example via Google AdWords Remarketing and other services). Remarketing will display relevant adverts tailored to you based on what parts of the British Cycling website you have viewed by placing a cookie on your machine. This does not in any way identify you or give access to your computer. Remarketing allows us to tailor our marketing to better suit your needs and only display adverts that are relevant to you.
In addition to cookies, British Cycling records the activity of users signed in to our websites in order to help us improve your customer experience and provide you with support.
You can view a list of all cookies used on this site Cookies list for Let's Ride website.
The data subject’s rights
Data protection laws grant you, as a Data Subject, certain ‘information rights’, which are summarised below:
Right of access: you have the right to obtain a copy of information we hold about you.
Right of rectification or erasure: if you feel that any data that we hold about you is inaccurate, you have the right to ask us to correct or rectify it. You also have a right to ask us to erase information about you where you can demonstrate that the data we hold is no longer needed by us, or if you withdraw the consent upon which our processing is based, or if you feel that we are unlawfully processing your data. Please note that we may be entitled to retain your personal data despite your request, for example if we are under a separate legal obligation to retain it.
Your right of rectification and erasure extends to anyone we have disclosed your personal information to and we will take all reasonable steps to inform those with whom we have shared their data about your request for erasure.
Right to restriction of processing: you have a right to request that we refrain from processing your data where you contest its accuracy, or the processing is unlawful and you have opposed its erasure, or where we do not need to hold your data any longer but you need us to in order to establish, exercise or defend any legal claims, or we are in dispute about the legality of our processing your personal data.
Right to portability: you have a right to receive any personal data that you have provided to us in order to transfer it onto another data controller where the processing is based on consent and is carried out by automated means. This is called a data portability request.
Right to object: you have a right to object to our processing your personal data where the basis of the processing is our legitimate interests including but not limited to direct marketing and profiling.
Right to withdraw consent: you have the right to withdraw your consent for the processing of your personal data where the processing is based on consent.
Right of complaint: you also have the right to lodge a complaint about any aspect of how we are handling your data with the UK Information Commissioner’s Office, which can be contacted at ico.org.uk.
Right to opt-out of marketing communications: you have the right to opt-out of marketing communications we send to you at any time. You can exercise this right by clicking on the “unsubscribe” or “opt-out” link in the marketing emails we send you. To opt out of other forms of marketing (such as postal marketing or telemarketing), then please contact us using the contact details provided below.
Changes to our privacy notice
Any changes we may make to our privacy notice in the future will be posted on this page and, where appropriate, notified to you by date-stamped communication.
How to contact us
If you wish to contact us about your personal data or exercise any of the rights described above, please contact:
The Data Protection Officer
British Cycling Federation
Lancashire M11 4DQ