Our full details are:
Full name of legal entity: Impact Marathon Series Ltd (IMS)
Main Contact: Nicholas Kershaw
Email address: [email protected]
Postal address: 18a/20 King Street, Maidenhead, Berkshire, United Kingdom, SL6 1EF
Impact Marathon Series Ltd (IMS) takes data privacy and security very seriously. We take steps to make sure that we comply with our data privacy law obligations in the EU (primarily, the Data Protection Directive 95/46/EC as implemented into the national laws of EU Member States) and the General Data Protection Regulation ("GDPR") beginning in May of 2018), and make it easy for our Partners/Participants to comply with their respective obligations too. With GDPR set to take effect on May 25, 2018, Impact Marathon Series updated our data privacy program so that we, and our Partners, are comfortable that we will meet the new requirements. Here are a few highlights.
1. IMS Data Processing Obligations
a. IMS as a data controller. —Where a Participant provides IMS with personal data in the course of signing up to an event, IMS will be a data controller over the personal data provided to IMS directly by that Participant. IMS will also be a data controller of the personal data that IMS obtains in the course of a Partner or Participant's use of IMS Services.
b. IMS as a data processor. — IMS will be a data processor over a Participant's personal data that IMS obtains as a result of providing its core payment and booking management services to our Partners. For example, allowing Partners to learn more about their Participants during the booking process, facilitating the transmission of emails to Participants at the request of the Partner, collating personal information and processing payments.
Given that IMS processes a Participant's personal data both in providing services to the Partner, and to the account-holding Participant directly in his or her own use of IMS, IMS may be both a controller and a processor of the same personal data and will be held to different processing obligations as a result.
2. Data Security
IMS is committed to maintain the highest level of security to protect personal data.
IMS have put in place security measures to prevent personal data from being accidentally lost, used, altered, disclosed, or accessed without authorisation. In this effort, IMS has implemented numerous security measures and monitors them on a regular basis.
IMS information systems are protected by industry standard firewalls, encryption and intrusion detection systems and access is only allowed to employees and partners who have a business need to know of such data, which they must keep confidential.
3. Data Deletion
As a data controller of our account-holding participants, IMS will adhere to a Participant's request that IMS delete that Participant's personal data. As a result, there may be a time when IMS will show anonymized personal data for a particular Participant, however the financial data associated with that Participant should remain as part of the trip. Similarly, if IMS removes personal data on its own in accordance with our internal data retention policy, this same process will apply.
Once a trip has been completed, IMS will no longer provide Partners with access to personal data of its former Participants. This should be collated directly through the Participants.
IMS will only retain personal data for as long as necessary to fulfil the purposes IMS collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
Should one of the Participants ask to have their personal data removed from our system, the request should be sent to [email protected]
4. Data Incident Notifications
In cases where IMS are a data controller (even if IMS are both a data processor and a data controller) over data accessed in an unauthorized manner, IMS will notify the affected Partner or Participant directly.
5. International Transfers
Countries outside of the European Economic Area (EEA) do not always offer the same levels of protection to personal data, so European law has prohibited transfers of personal data outside of the EEA unless the transfer meets certain criteria.
Many of our third parties service providers are based outside the European Economic Area (EEA) so their processing of personal data will involve a transfer of data outside the EEA.
Whenever IMS transfer personal data out of the EEA, we do our best to ensure a similar degree of security of data by entering in to a specific contract or code of conduct with our service providers.
6. Marketing Communications
Participants will receive marketing communications from IMS if they made a purchase or asked for information from us about our goods or services, this may have been in the form of emailing IMS, clicking on the website or attending an IMS event.
Before IMS share personal data with any third party for marketing purposes IMS will ask for express consent.
7. IMS and GDPR
a. Accountability and Training. — IMS have updated our data privacy guidelines to make sure they're in line with the GDPR and we're making sure that our employees are trained on them appropriately. This means that everyone at Impact Marathon Series plays a role in handling personal data in a legitimate and fair way.
b. Privacy by Design. — IMS implementing enhanced procedures to help ensure that all of our systems and tools that collect and store personal data are designed in a privacy-friendly way. By doing this, we can reduce privacy risks at the outset and offer our Partners and Participants more control over their information.
The IMS website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share personal data. IMS do not control these third-party websites and are not responsible for their privacy statements. When you leave the IMS website, we encourage you to read the privacy notice of every website you visit.