Privacy

CONSULTATION PRIVACY NOTICE

What does this policy cover?

This policy describes how the British Horseracing Authority Limited (also referred to as "the BHA", "we" or "us") will make use of data provided to it and held in connection with the a BHA consultation. This policy also describes your data protection rights, including a right to object to some of the processing which the BHA carries out.  More information about your rights, and how to exercise them, is set out in the “What rights do I have?” section.

If you respond to a consultation on behalf of an organisation, not all of this page applies to you.  Please see the section on ‘responding on behalf of an organisation’ below.

What information do we collect from you?

When providing a response to a consultation, you can do so anonymously. If you choose to provide personal information, the information we hold about you may include:

  • Name;
  • Address;
  • Email address; and
  • Telephone number.

For some consultation activity, we will ask specific questions that may result in the provision of personal data. For example, this might include:

  • Your role(s) within the horseracing industry;
  • The general location of your place of work;
  • Your views and/or experiences in relation to the subject area of the consultation.

We may also ask a series of equality monitoring questions. We ask these to ensure that our consultation activity reaches as many sections of the horseracing industry and wider community and to improve the effectiveness of the way we communicate with all our stakeholders. Answering these questions is voluntary and you can still respond in full to the consultation without providing this information.

If you respond to a consultation via this portal, the BHA will collect the IP address used by your device for the purposes of system management and to audit the use of the portal. To enable the portal to function, we also sometimes place small data files on your computer. These are known as cookies and further information about this is available here.

How do we use this information, and what is the legal basis for this use?

We process your personal data for the following purposes:

  • we will use your information for the purpose of administering consultations and informing the development of our policy, guidance and other regulatory work in the subject area of the consultation
  • we will use any email address provided by you to send you an email:
    • when you complete the consultation via our online portal
    • to let you know when the results of the consultation are published
    • to update you on any future developments with the proposal

The information we hold is provided by you when you respond to a BHA consultation. All consultation responses are held within our consultation portal – Citizen Space. Delib provides Citizen Space for the BHA, and their privacy policy can be accessed here.

We may publish a summary of the consultation responses, but these will not contain any personal data. We may decide to publish your name (and on whose behalf you have responded) to indicate that you have responded to this consultation, we will only ever do this with your consent.

Who will we share this data with, where and when?

We share your information only in limited circumstances as follows:

  • We share consultation respondent’s information with any member of the consultation review team for the purposes of administering the consultation and assessing the responses. We sometimes deliver consultations in partnership with the BHA’s member organisations and we will share full responses with all members of the consultation review team in these situations.
  • We occasionally use external consultants to support the analysis of consultation responses or conduct focus groups on the BHA’s behalf, but all names of respondents are removed before providing them with such information.

Where information is transferred outside the EEA, and where this is to a stakeholder or consultant in a country that is not subject to an adequacy decision by the EU Commission, data is adequately protected by EU Commission approved standard contractual clauses, an appropriate Privacy Shield certification or a vendor's Processor Binding Corporate Rules.  A copy of the relevant mechanism can be provided for your review on request.

What rights do I have?

You have the right to ask us for a copy of your personal data; to correct, delete or restrict (stop any active) processing of your personal data; and to obtain the personal data you provide to us for a contract or with your consent in a structured, machine readable format and to ask us to share (port) this data to another controller.

In addition, you can object to the processing of your personal data in some circumstances (in particular, where we don’t have to process the data to meet a contractual or other legal requirement).

These rights may be limited, for example if fulfilling your request would reveal personal data about another person, where they would infringe the rights of a third party (including our rights) or if you ask us to delete information which we are required by law to keep or have compelling legitimate interests in keeping.  Relevant exemptions are included in both the GDPR and in the Data Protection Act 2018. We will inform you of relevant exemptions we rely upon when responding to any request you make.

To exercise any of these rights, or to obtain other information, such as a copy of a legitimate interests balancing test, you can get in touch with us – or our data protection officer – using the details set out below. If you have unresolved concerns, you have the right to complain to an EU data protection authority where you live, work or where you believe a breach may have occurred.  This is likely to be the Information Commissioner’s Office in the UK.

Responding on behalf of an organisation

If responding on behalf of an organisation (e.g. BHA member organisations, charities, trade bodies, etc.) you are asked to provide the name of the organisation and this response should be provided in an official capacity.  The name of the organisation may be published in final consultation reports and potentially associated with a consultation response, but any personal information provided in relation to the individual respondent will not be publicly available.

How do I get in touch with you, or your data protection officer?

We hope that we can satisfy queries you may have about the way we process your data.  If you have any concerns about how we process your data, you can get in touch at dataprotection@britishhorseracing.com or by writing to either the Head of Legal or Data Protection Officer c/o British Horseracing Authority, 75 High Holborn, London, WC1V 6LS.

How long will you retain my data?

The BHA will retain personal information in line with its data retention policies. This means that we will not hold information for longer than is necessary for the purposes we obtained it for.

If you respond to a BHA consultation, we retain consultation response information until our work on the subject matter of the consultation is complete and for a period of XX years after completion.

Amendments to this notice

The BHA reserves the right to update this privacy notice at any time, and so you should check this page regularly to find out more. Your continued use of the site will mean that you accept any such revisions. This page was last updated in February 2020.

Delib Privacy Information

Delib’s software (this website) enables organisations to set up and operate democratic exercises, through which they will engage with you.

When you access and use this site, your information submitted to these exercises will go to the data controller: the organisation running this site. If you have provided it, this information may include personal data (e.g. your name, age, contact details etc.).

Delib’s role is to process this data on behalf of the controller. Processing means (among other things): making sure this website runs properly, that your data is securely stored and is available to the controller so that they can do their work effectively.

Our primary purpose is in making software platforms that help you to have your say. To do this we need to make sure that when you do, your data is safe, secure, and can be worked with effectively. So that’s what we do. Delib will not access your personal data unless requested to do so by the controller, and only for the purposes of helping them or you.

The data controller will have a privacy policy or other information notice, which sets out how they will hold and use the information you provide, as well as your rights in relation to that information. This policy or notice may be included on this page, or can be obtained by contacting them.

If you have any questions or requests about your personal data, these should be sent to the data controller in the first instance. Delib cannot directly deal with such enquiries as it does not control how your information is used.

Collection of Anonymous Browser Information

Delib stores information which is provided by your computer when you use the website. For example, your browser type, IP address, language preference, referring site, and the date and time. Delib's purpose in collecting this information is to maintain the security of the website and for the purposes of operating and improving the software.