Privacy POLICY

PPA

The Point-to-Point Authority Data Protection Privacy Policy

1. Who we are

The Point-to Point Authority (PPA) is the body responsible for the administration, promotion and development (governance and strategy) of Point-to-Point horse racing. The PPA comprises of four Stakeholders - one each from The Jockey Club, the Point-to-Point Owners and Riders Association (PPORA), the Point-to-Point Secretaries Association (PPSA), the Master of Foxhounds Association (MFHA) and three independent members.

The PPA functions under delegated authority from the British Horseracing Authority (BHA.)

We are committed to protecting your personal data and respecting your privacy.

2.About this policy

a. This policy sets out the basis on which any personal data we collect from you, or that
you provide to us, will be processed by us.

b. For the purpose of the General Data Protection Regulation (GDPR), the data controller is The Point-to-Point Authority. We are registered with the Information Commissioner’s Office (ICO) as a Data Controller. Our registered number is: Z365228

c. During the course of our activities we,
The PPA, will process personal data (which maybe held on paper, electronically, or otherwise) under the legitimate interest of the PPA about:

  • PPA Staff
  • P2P Stewards
  • P2P Officials
  • P2P Organisers
  • P2P Doctors
  • P2P Riders
  • P2P Owners
  • P2P Keepers
  • P2P Enthusiasts
  • P2P Jockey Coaches
  • P2P Sponsors
  • P2P Photographers and Videographers
  • PPA Board Members
  • PPSA Committee Members
  • PPORA Committee Members
  • P2P Public Relations Officers and Press.
  • P2P Vets

e. We recognise the need to treat personal data in an appropriate and lawful manner
and in accordance with the Data Protection Act (DPA). The purpose of this policy is to
make you aware of how we will handle your personal data.

f. Data technology and rules change regularly, so we reserve the right to amend this policy
at any time.

3. Data protection principles

a. We will comply with the seven data protection principles in the DPA, which say that personal data must be:

  • Processed fairly and lawfully.
  • Processed for limited purposes and in an appropriate way.
  • Adequate, relevant and not excessive for the purpose.
  • Accurate.
  • Not kept longer than necessary for the purpose.
  • Processed in line with individuals' rights.
  • Be kept secure

b. "Personal data" means recorded information we hold about you from which you can be identified. It may include your contact details, other personal information,
photographs, expressions of opinion about you or indications as to our intentions about you.

c. "Processing" means doing anything with the data, such as accessing, disclosing,
destroying or using the data in any way.

4. How we are likely to use your personal data

a. We will usually only process your personal data where you have given us your explicit
consent for example for entry into a prize promotion, or where the processing is under the legitimate interest of The PPA to carry out our delegated administrative obligations.
Where we use legitimate interest as a legal basis, we have made sure that your information, and your rights in relation to that information are protected. Examples
may include provision of information about the PPA and our activities such as
newsletters or to communicate with you to raise awareness, to notify you of promotional activities or to invite you to attend specific events. In other cases, processing may be necessary for the protection of your vital interests, for our legitimate interests or the legitimate interests of others. The full list of conditions is set out in the
DPA.

  • We will only process your personal data for the specific purpose/s notified to you or for any other purposes specifically permitted by the DPA.
  • Your personal data will only be processed to the extent that it is necessary for the specific purposes notified to you.
  • We will seek to keep the personal data we store about you accurate and up to
    date. Data that is inaccurate or out of date will be deleted. However, it is your obligation to keep us informed of any changes to your personal data, e.g. if you move to a new house, or if you become aware of any inaccuracies in the personal data we hold about you.You may do this by sending an email as indicated in Para 6.
  • We will not keep your personal data for longer than is necessary for the purpose. This means that data will be destroyed or erased from our systems when it is no longer required, which, in some cases can be up to 7 years from your last interaction with us, by email, website or other means.
  • We will only process your data in line with your data rights.

b. You have the right to:

  • Request access to any personal data we hold about you.
  • Prevent the processing of your data for direct- marketing purposes.
  • Ask to have inaccurate data held about you amended.
  • Prevent processing that is likely to cause unwarranted substantial damage or distress to you or anyone else.
  • Object to any decision that significantly affects you being taken solely by a computer or other automated process.

c. To exercise any of these rights, please send us an email to the contact in Para 7
with your full name and details and we will do our best to make the amendments as soon
as possible. But do please understand that changes may not be immediate.

d. We will ensure that appropriate measures are taken against unlawful or unauthorised
processing of personal data, and against the accidental loss of, or damage to,
personal data.

e. We will ensure that we have
in place procedures and technologies to maintain the security of all personal data from the point of collection to the point of deletion.

5. Providing information to third parties
  • a. Unless we have obtained your specific consent, we will never transfer your data to third parties for them to communicate direct ly with you. The only exception is where it is necessary to fulfil our obligations to you as delegated administrators of the sport, for example to give a fixture organiser your details in order for them to contact you regarding acting at a Point
    -to-Point.
6. Subject access requests
  • a. If you wish to know what personal
    data we hold about you, you may make a request in writing. Send all such requests to the address in Para 7.
7. Data Contacts
  • For email requests: Peter Wright
    (info@p2pa.co.uk)
  • For written requests: Peter Wright
    -The Point-to-Point Authority, 30A ShrivenhamHundred Business Park, Majors Road, Watchfield, Swindon. SN6 8TZ
  • Full Address of the Data Controller – The Point-to-Point Authority, 30A Shrivenham Hundred Business Park, Majors Road, Watchfield, Swindon. SN6 8TZ
8. About this Policy

a. This policy was written and updated on 21 May 2020. Any amendments will be
available on this page.

Scroll to Top