We are Enduro Sports Organisation Limited, registered in Scotland with company number SC437697 whose registered office is at 60 High Street, Innerleithen, Scotland, EH44 6HF and we are the data controller of the personal information that we collect from you.
Our EU Representative is Discovery Communications Benelux B.V. whose registered office is at Kraanspoor 20, 1033 SE, Amsterdam, Netherlands.
As of June 2021, we launched a series of races called EWS Kids which is open to riders aged between 2 and 16.
Outside of our EWS Kids series, we do not and will not knowingly collect information from any unsupervised child under the age of 13 (or the relevant age for giving valid consent in your jurisdiction, if different). Our Services are not directed at children and we do not knowingly collect any personal information from children.
Information from your online interactions
We collect the following information from your interaction with the Services:
Information that you share with us
This includes personal information you submit to us through data entry fields required as part of your use of a Service including, without limitation, when you:
When you submit personal information to us through any of the above Services, we may collect the following information from you:
Third parties or publicly available sources
We may receive personal information about you from various third parties as set out below:
For further information about how each of these parties collect and use your data, please see the 'Third-Party advertising companies' section below;
We do not collect any Special Categories of Personal Data about you (which includes details about race or ethnicity, religious or philosophical beliefs, political opinions etc).
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
We store and use your personal information for the following reasons:
Where we need to collect personal information by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (in this case, to provide you with the Services). In this case, we may have to cancel the Services but we will notify you if this is the case at the time.
Necessary for us to fulfil our contract with you
Our legitimate interests
Sometimes, our use of your personal information is for purposes which are ancillary to the provision of the Services. In those circumstances, we believe we have a legitimate interest in handling your personal information and believe that the benefits of this storage and use of your personal information will outweigh any potential impact on you and not unduly prejudice your rights or freedoms. The relevant circumstances are:
If we rely on our (or another person's) legitimate interests for using your personal information, we will undertake a balancing test to ensure that our (or the other person's) legitimate interests are not outweighed by your interests or fundamental rights and freedoms which require protection of the personal information.
When you have provided consent to us
Where you have given us consent, we or relevant third parties may contact you by e-mail and/or text message with products and Services which we or relevant third parties think may interest you.
You can ask us to stop sending you marketing or newsletter messages at any time by following the easy to use opt-out or ‘unsubscribe’ links in any marketing message sent to you, by changing your preferences in your account settings (in respect of certain Services) or by contacting us at any time at email@example.com. Where you opt out of receiving such messages, this will not apply to personal data provided to us as a result of a product/service purchase, warranty registration, product/service experience or other transactions.For legal reasons
We will use your personal information in order to comply with our legal obligations. These obligations include:
We collect anonymised or aggregated details about visitors to and users of our Services for the purposes of aggregating statistics or reporting purposes. However, no single individual will be identifiable from the anonymised details we collect for these purposes.
Third-party advertising companies
We want to make sure that our advertising and marketing is relevant and interesting to you and our other users. To achieve this, we use third-party advertising and technology companies to serve ads and/or provide aggregated data to assist in serving ads when you visit or use our Services. This may include third-party technology companies which collect data about you in order to build a profile of your preferences based on your activities when you visit or use our Services. We may also use these companies to automatically collect data from you when you use our Services in order to help us identify the ads that are served to you and what you do after seeing those ads. In addition, we also share data with providers of web analytics tools, such as Google, which we use to analyse your use of the Services.
We might also share your data with social media or other similar platforms, so that you and other people can see relevant content on that platform. For example, we may use the Facebook Custom Audiences service and share your e-mail address in a protected format with Facebook so that we can:
When transferring personal information outside the EEA and the UK, we will:
You can find out further information about the rules on data transfers outside the EEA and the UK, including the mechanisms that we rely upon, on the European Commission website here and on the Information Commissioner's Office website here.
We have put in place appropriate security measures to protect your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Whilst we take appropriate technical and organisational measures to safeguard the personal information that you provide to us, no transmission over the Internet can ever be guaranteed secure. Consequently, please note that we cannot guarantee the security of any personal information that you transfer over the Internet to us.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. By law we may have to keep certain basic information about our customers for six years after they cease being customers for tax or other compliance purposes.
In some circumstances, we may anonymise your personal information (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
You have certain rights in relation to your personal information. If you would like further information in relation to these or would like to exercise any of them, please contact our DPO at firstname.lastname@example.org.
You have the right to request that we:
If you are a French resident then you have the right to provide us with instructions on the management (e.g., retention, erasure and disclosure) of your personal information after your death. You can change or revoke your instructions at any time.
We will consider all such requests and provide our response within a reasonable period (and in any event within any time period required by applicable law). Please note, however, that certain personal information may be exempt from such requests in certain circumstances.
If an exception applies, we will tell you this when responding to your request. We may request you provide us with information necessary to confirm your identity before responding to any request you make.
If we delete any personal information which are holding about you, this deletion may only relate to the Services and not any other service provided by us in other jurisdictions. You should make requests for each account that you may have set up to access the Services or any other service provided by us.
Like many organisations, we may target banners and ads to you when you are on other websites and apps. We do this using a variety of digital marketing networks and ad exchanges, and we use a range of advertising technologies like web beacons, pixels, ad tags, cookies, and mobile identifiers, as well as email and platform specific services offered by some sites and social networks, (for example Facebook’s Custom Audience service).
The banners and ads you see will be based on information we hold about you, or your previous use of our Services (for example, your search history whilst using one of our websites or the content you view whilst on our Services) or on our banners or ads you have previously clicked on.
We will collect and use your personal information for undertaking marketing by email.
We will send you certain marketing communications (including electronic marketing communications) if we have your consent to do so for marketing and business development purposes.
However, we will always obtain your consent to direct marketing communications where we are required to do so by law and if we intend to disclose your personal information to any third party for such marketing. If you wish to stop receiving marketing communications, you can click on the easy to use unsubscribe link in any marketing email from us, change your preferences in your account settings or contact us by email at email@example.com.
Where you provide data to a third party such as those outlined above, generally your sharing of data will be governed by the privacy terms of that third party, and unless otherwise stated we are not responsible for such sharing or for any additional personal information you may decide to provide to such third parties. You are strongly advised to read any relevant third party's privacy and cookie policies prior to any such sharing of data.
We have a Data Privacy Manager that can assist with all queries regarding our processing of personal information. Our Data Privacy Manager can be contacted by e-mailing firstname.lastname@example.org.
In the EEA, you may also make a complaint to our supervisory body for data protection matters (the Information Commissioner's Office in the UK) or seek a remedy through local courts if you believe your rights have been breached.
You have the right to lodge a complaint with local data protection authorities in the EEA if you believe we have not complied with applicable data protection laws. The local authority differs depending on the country. Please contact us in the first instance before exercising your right to make a complaint to any supervisory authority for data protection issues; we will do our best to resolve any concerns you may have. Please see the Annex for your local data protection authority.
You have the right to lodge a complaint with local data protection authorities in the UK or the EEA if you believe we have not complied with applicable data protection laws.
The local authority differs depending on the country. Please see below for details of the local data protection authorities in the UK and EEA countries in which we operate.
Commission de la protection de la vie privée
Rue de la Presse 35
Tel. +32 2 274 48 00
Fax +32 2 274 48 10
Commissioner for Personal Data Protection
1 Iasonos Street,
P.O. Box 23378, CY-1682 Nicosia
Tel. +357 22 818 456
Fax +357 22 304 565
The Office for Personal Data Protection
Urad pro ochranu osobnich udaju
Pplk. Sochora 27
170 00 Prague 7
Tel. +420 234 665 111
Fax +420 234 665 444
Borgergade 28, 5
1300 Copenhagen K
Tel. +45 33 1932 00
Fax +45 33 19 32 18
Commission Nationale de l'Informatique et des Libertés - CNIL
3 Place de Fontenoy - TSA 80715
75334 PARIS CEDEX 07
Tel. +33 1 53 73 22 22
Fax +33 1 53 73 22 00
The competence for complaints is split among different data protection supervisory authorities in Germany. Competent authorities can be identified according to the list provided under: https://www.bfdi.bund.de/bfdi_wiki/index.php/Aufsichtsbeh%C3%B6rden_und_Landesdatenschutzbeauftragte
Data Protection Commissioner of Hungary
Szilágyi Erzsébet fasor 22/C
Tel. +36 1 3911 400
Data Protection Commissioner
Lo-Call: 1890 25 22 31
Tel. +353 57 868 4800
Fax +353 57 868 4757
Data State Inspectorate
Director: Ms Signe Plumina
Blaumana str. 11/13-15
Tel. +371 6722 3131
Fax +371 6722 3556
Office of the Data Protection Commissioner
Data Protection Commissioner: Mr Joseph Ebejer
2, Airways House
High Street, Sliema SLM 1549
Tel. +356 2328 7100
Fax +356 2328 7198
Prins Clauslaan 60
P.O. Box 93374
2509 AJ Den Haag
Tel. +31 70 888 8500
Fax +31 70 888 8501
The Bureau of the President of the Personal Data Protection Office – PUODO
ul. Stawki 2
Tel. +48 22 53 10 300; 606-950-000
Fax +48 22 53 10 301
The National Supervisory Authority for Personal Data Processing
President: Mrs Ancuţa Gianina Opre
B-dul Magheru 28-30
Sector 1, BUCUREŞTI
Tel. +40 21 252 5599
Fax +40 21 252 5757
Office for Personal Data Protection of the Slovak Republic
820 07 Bratislava 27
Tel.: + 421 2 32 31 32 14
Fax: + 421 2 32 31 32 34