Privacy Policy

AWOL ADVENTURE LIMITED

Data Protection Policy

(Rev 3.1 1 January 2020)

1. INTRODUCTION

We, AWOL Adventure Limited (“AWOL”) are “data controllers” of the information which we collect from or about you – “Personal Data”. As controllers, we are responsible for the security and processing of your Personal Data. This Privacy Notice explains why and how we process your data.

 

The word ‘process’ covers most things that can be done with personal data, including collection, storage and destruction of that data. AWOL is a Private Limited Company based in the United Kingdom and our contact details are:

 

Address:    

Registered Head Office: The Old Printworks, Birley Street, Kirkham, Preston PR4 2AT

Email:

photos@awoladventure.com


Our Data Protection Officer (DPO) is Mr R Burnett who you can contact at the above registered address or through photos@awoladventure.com if you have any queries about this notice or anything related to data protection.

 

You have certain rights in relation to your personal data including the right to object to processing of your data in certain circumstances. All of these rights are set out in Section 12 of this privacy notice.

2. YOUR PERSONAL DATA

‘Personal data’ is any information that relates to a living, identifiable person. This data can include your name, contact details, and other information we gather as part of our relationship with you.

 

It can also include ‘special categories’ of data, which is information about a person’s race or ethnic origin, religious, political or other beliefs, physical or mental health, trade union membership, genetic or biometric data, sex life or sexual orientation. The collection and use of these types of data is subject to strict controls. Similarly, information about criminal convictions and offences is also limited in the way it can be processed.

 

We are committed to protecting your personal data, whether it falls into ‘special categories’ or not, and we only process data if we need to for a specific purpose, as explained below.

 

We collect your personal data mostly through our contact with you, and the data is usually provided by you, but in some instances we may receive data about you from other people/organisations. We will explain when this might happen in this Notice.

3. DATA, WHY IT WILL BE PROCESSED AND OUR LEGAL BASIS FOR PROCESSING

Personal Data Description

Processing reason

Legal Condition or Basis for processing

Customer’s (or prospective customer’s) name and email address.

 

Informing the Customer about specific products that we would like to offer them

 

 

Protection of the business from financial risk; provision of applicable discounts and benefits; keeping of mandatory financial records.

Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract

Art 6 (1) b)

 

Processing is necessary for compliance with a legal obligation to which the controller is subject (for example, contractual obligations, or financial and auditing regulations)

Art 6 (1) c)

 

Processing is necessary for the purposes of our legitimate interests -in providing services including customer service, protecting the business and maintaining and providing a secure environment

Art 6 (1) f)

Processing is necessary for the purposes of our legitimate interests - training development and quality purposes

Art 6 (1) f)

Personal appearance and behaviour (all customers and users of and other visitors to a facility)

 

Collection and monitoring of sporting event related images for the purpose of delivering digital and physical products related to event photography, as well as for the monitoring of staff when carrying out work duties; to facilitate in the management and support of staff, and for security / crime prevention purposes

Maintaining and providing a secure environment

Art 6 (1) f)

 

Processing is necessary for the purposes of our legitimate interests - protection and management of business risks and the legitimate interests of third parties

Art 6 (1) f)

 

Consequence of not providing the above data:

AWOL will be unable to enter into a contract with you for the provision of services or facilities, and you will not be permitted to use the website.

 

Name, email address, gender, phone number, preferred method of contact and marketing preferences

For receiving promotions and marketing, including newsletters, bulletins and mailouts.

Consent – you have given consent to the processing of your personal data for one or more specific purpose

Art 6 (1) a)

Name, contact details, event details and services required

To pass to our preferred suppliers of event services for the Customer to contract with if they wish.

Consent – you have given consent to the processing of your personal data for one or more specific purpose

Art 6 (1) a)

Photograph, location, name

Publicity, competition result, promotion to be published in hard format or online or on social media

Consent – you have given consent to the processing of your personal data for one or more specific purpose

Art 6 (1) a)

You may withdraw your consent to the processing of the personal data in this section at any time. Please see s12.

 

Special Category Data                          

Processing

Legal Condition or Basis for processing – Article 9 condition required

Biometric data – facial images (participants and spectators at mass participation sports events)

 

 

 

 

 

 

 

 

Used to uniquely identify an individual, in order to deliver the services to them

Processing is necessary for the purposes of the legitimate interests pursued by the AWOL – to provide quick, safe and efficient product delivery

Art 6 (1) f)

Explicit consent will be requested at the point of use

Art 9 (2) a)

 

4. COOKIES

AWOL’s websites collect and use cookies as set out below. None of the cookies collect or store personally identifiable information. Please note - if you use your browser settings to block the cookies you may not be to access all or parts of our website.

 

Essential Cookies

For the full functional use of our websites we use essential cookies to
1. record the user's permission (if given) to allow cookies
2. record whether the user has seen the pop-up inviting them to take our customer survey

Performance Cookies

For Web statistic analysis – to track usage patterns and deliver customised content to our users

 

 

5. DATA RECEIVED FROM THIRD PARTIES

Data and from whom/where

Processing

Legal Condition or Basis for processing

Data

Name, Address, Contact details (telephone number(s)), date of birth, bank details, photographic images, marketing preferences, detail of event entry/ies

 

For the purposes of identifying customers and notifying them of offers or products

 

Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract

Art 6 (1) b)

 

Processing is necessary for the purposes of our legitimate interests - in providing services including customer service

Art 6 (1) f)

 

 

6. WHO WE MAY SHARE YOUR DATA WITH

Section removed

7. TRANSFER OF DATA OUTSIDE OF THE EU – STATEMENT

AWOL generally does not share or transfer any customer visitor or supplier personal data outside of the EEA. However some software providers are located, or store customer data, in the U.S. In such instances, the EU-US Privacy Shield is engaged. The European Commission has decided this provision ensures adequate protection to allow personal data to be transferred to the United States.

AWOL will not share, disclose or transfer your personal data outside the EEA or the US without ensuring the relevant contract includes the standard data protection clauses adopted by the European Commission; in this way, AWOL is providing adequate safeguards for the transfer of this data outside of the EEA.

Our software provider Freshdesk Inc uses data storage centres some of which are located in the Asia Pacific region.

8. HOW WE STORE YOUR DATA

Data

How it is stored

Paper / hard copy personal data

In an appropriately secure manner and location with appropriately controlled access

Electronic personal data

On an appropriately secure server with appropriately controlled access or in a cloud storage facility within the UK managed by an approved third party contractor.

 

9. DATA RETENTION

Data

Retention Principle

All personal data

Data is processed and stored only as long as it is needed for the purpose for which it was collected, subject to the following overriding principles:

1.where legal obligations require us to keep the information for longer or for a specified period

2.until the expiry of any limitation period in relation to potential claims against AWOL

3.until the expiry of a reasonable period of time in relation to potential complaints or claims against AWOL

AWOL has set out an internal protocol in relation to retention periods which takes account of the obligation to keep data only for as long as it is needed as well as all statutory or other legal obligations regarding the retention of such records.

 

 

10. RIGHTS OF THE DATA SUBJECT

You have the following rights in respect of your data:

 

1.   The right to be informed about who is controlling your data, how, and for what purpose they intend to process the data, with whom they may share the data, and for how long they will keep the data. Full information is at :

RIGHT TO BE INFORMED

All of these are summarised within this Privacy Notice and full details are available on the ICO website here:

RIGHT TO BE INFORMED

2.   The right of access – you have the right to receive confirmation that your data is being processed. You also have the right to access your personal data in order to verify the lawfulness of the processing.

You can contact us at photos@awoladventure.com to request access to your data.

 

3.   The right to rectification – you can ask for inaccurate or incomplete personal data to be rectified.

 

If we decline to meet your request, we will explain why, and remind you of your right to complain to the Information Commissioner’s Office or ultimately seek a judicial remedy.

4.   The right to erasure or the right to be forgotten – you can ask for your personal data to be deleted or removed in specific circumstances.

 

We will only store and process data that is specifically required for genuine and proper business reasons and for the protection of our business from financial risk and only for the appropriate length of time.

5.   The right to restrict processing – you can ask us to “block” or suppress the processing of your personal data circumstances.

We will restrict processing of your personal data as requested unless we cannot do so for legal reasons

6.   The right to data portability – this allows you to obtain and re-use certain elements of your personal data for your own purposes across different services; it allows you to move copy or transfer your data easily from one IT environment to another in a safe and secure way, without hindering its usability.

If we are going to decline your request, we will within one month of the request explain to you why not and will inform you of your right to complain to the Information Commissioner’s Office, and your right to a judicial remedy.

7.   The right to object – you have the right to object to certain types of processing, or processing for specific reasons.

           i.       processing based on “legitimate interests” or “the performance of a task in the public interest/exercise of official authority (including profiling) on grounds relating to your particular situation;

 

          ii.       to direct marketing (including profiling);

 

         iii.       and to processing for purposes of scientific/historical research and statistics on grounds relating to your particular situation;

We will comply with your request to stop processing your data in accordance with the requirements and provisions set out here:

 

 

  i.       if you notify us of the grounds of objection specific to your situation we will stop processing the personal data unless:

a.   we can demonstrate compelling legitimate grounds for the processing, which override your interests, rights and freedoms; or

b.   the processing is for the establishment, exercise or defence of legal claims.

 ii.       We will, without delay and free of charge, stop processing personal data for direct marketing purposes as soon as we receive an objection.

iii.       if you notify us of the grounds of objection specific to your situation we will stop processing the personal data unless we are conducting research where the processing of personal data is necessary for the performance of a public interest task.

8.   Rights in relation to automated decision making and profiling – you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects, or which similarly significantly affects you. 

We use or may use in the future automated decision making in the form of Facial Recognition Software for controlling access to our facilities and services. We may profile personal data and sometimes special category data for the purposes of marketing and promotion where individuals have opted into receiving this. You can ask for us to stop sending you marketing information by contacting photos@awoladventure.com

 

11. WITHDRAWING CONSENT

For personal data where we are relying upon your consent as the legal basis for processing (please refer to section 3. Above) you may withdraw your consent at any time by altering your preferences in your online portal, or by notifying us at photos@awoladventure.com.  

12. MAKING A COMPLAINT

If you feel you have a complaint regarding the processing of your personal data, please contact the Data Protection Officer at photos@awoladventure.com

13. HOW TO CONTACT AWOL’S DATA PROTECTION OFFICER

If you wish to contact AWOL’s Data Protection Officer, please write to the address or the email at the top of this privacy notice.

14. IF YOU STILL HAVE A CONCERN REGARDING YOUR PERSONAL DATA

You may report your concern to the Information Commissioner’s Office – contact details may be found on the ICO website https://ico.org.uk/for-organisations/

 

15. IMPLEMENTATION OF POLICY

This Policy shall be deemed effective as of 1st January 2020. No part of this Policy shall have retroactive effect and shall thus apply only to matters occurring on or after this date.

This Policy has been approved and authorised by:

 

Position:

Director. Data Protection Officer

Date:

1st January 2020

Due for Review by:

1st January 2021