Responsible party and scope of application
The responsible party within the meaning of the DPA and the GDPR is:
Warrior Chimps LTD
6 Lebanon Close, Exeter,
Company Number 13115424
Principles of data processing
Personal data is any information relating to an identified or identifiable natural person. This includes, for example, information such as your name, age, address, telephone number, date of birth, e-mail address, IP address or user behaviour. Information for which we cannot (or can only with a disproportionate effort) establish a link to your person, e.g., by anonymising the information, is not personal data. The processing of personal data (e.g., collection, retrieval, use, storage or transmission) always requires a legal basis or your consent. Processed personal data will be deleted as soon as the purpose of the processing has been achieved and there are no longer any legally required retention obligations.
If we process your personal data for the provision of certain offers, we will inform you below about the specific processes, the scope and purpose of the data processing, the legal basis for the processing and the respective storage period.
Relevant legal basis
In accordance with Article 13 of the GDPR, we inform you of the legal basis for our data processing. If the legal basis is not stated, the following applies:
- the legal basis for obtaining consent is Art. 6(1)(a) and Art. 7 GDPR,
- the legal basis for processing in order to fulfil our services and carry out contractual measures and respond to enquiries is Art. 6(1)(b) GDPR,
- the legal basis for processing in order to fulfil our legal obligations is Art. 6(1)(c) GDPR, and
- the legal basis for processing in order to protect our legitimate interests is Art. 6(1)(f) GDPR. In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 (1) (d) GDPR serves as the legal basis.
Data Subject Rights
In connection with our processing of your data, you have the following rights:
- Right to information
- Right to have inaccurate or incomplete personal data corrected
- Right to erasure
- The right to restrict processing
- Right to object to the processing
- Right to data portability
- Right to revoke consent
- Right to complain
Please direct all requests for information, requests for information or objections to data processing to us using email@example.com.
The Supervisory Authority
If you believe that the processing of your personal data is not lawful, you can lodge a complaint with a data protection supervisory authority. The UK`s Information Commissioner`s Office (ICO) is the for us relevant data protection supervisory authority. The ICO is located at Wycliffe House, Water Ln, Wilmslow SK9 5AF, UK (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO.
Automated Decision Making
Automated decision making is not used at Warrior Chimps.
Provision and use of the web site
When you call up and use our website, we collect the personal data that your browser automatically transmits to our server. This information is temporarily stored in a so-called log file. When you use our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure its stability and security:
- IP address of the requesting computer,
- Date and time of access,
- name and URL of the file accessed,
- website from which the access was made (referrer URL),
- browser used and, if applicable, the operating system of your computer as well as the name of your access provider.
Art. 6 (1) f) GDPR serves as the legal basis for the aforementioned data processing. The processing of the aforementioned data is necessary for the provision of a website and thus serves to protect a legitimate interest of our company.
As soon as the aforementioned data is no longer required to display the website, it is deleted. The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility for the user to object. Further storage may take place in individual cases if required by law.
When you contact us, the data you provide will be stored by us based on Art. 6 (1) b) of the GDPR, insofar as it is necessary to answer your questions. The contact is logged in order to be able to prove the contact in accordance with the legal requirements. We delete the data accruing in this context when the respective conversation with you has ended and the facts concerned have been conclusively clarified.
Joining Warrior Chimps (Registration)
In order to enter any Warrior Chimps events, you are first asked to register. If you register on our website, we will request personal and, where applicable, non- personal data in accordance with our registration form this may include your Name, email address, and your password. The entry of your data is encrypted so that third parties cannot read your data when it is entered.
The basis for this storage is our legitimate interest in communicating with interested users according to Art. 6 (1) f) GDPR and, in the case of contracts, also the storage of contract data according to Art. 6 (1) b) GDPR.
Your data will remain stored for as long as the registration lasts, in particular the storage is still necessary for the fulfilment/execution of the contract, for legal prosecution by us or for our other legitimate interests or we are required by law to retain your data (e.g., within the framework of tax retention periods).
We use Google`s reCAPTCHA from Google Inc of 1600 Amphitheatre Parkway Mountain View, CA 94043, US to check whether the data input in our registration form is made by a human being or by an automated program. For this purpose, reCAPTCHA analyses the behaviour of the website visitor on the basis of various characteristics. This analysis begins automatically as soon as the website visitor enters the website.
Membership, Conquer 24 Series and other Events
Following your registration and to enable you to conveniently book your participation and/or membership with us online, we use the Sports Event Registration, Promotion And Marketing Software “Eventrac” provided by Eventrac LTD of 19 Graylands Estate, Langhurst Wood Road , Horsham, West Sussex.
Your data will be used exclusively for the contractual relationship established with your participation and/or membership and for any pre- and post- participation and/or membership communication. If you wish to book your participation or membership with us online, it is necessary for the conclusion of the contract that you provide your personal data, which we require for the processing of your participation or membership. Mandatory data required for the processing of contracts are marked separately, other data are voluntary. We process the data you provide to process your participation and/or membership. The legal basis for this is Art. 6 (1) b) GDPR.
Contract fulfilment and data management in the context of service provision
We process various data within the framework of the provision of our services (your participation or membership) and for the initiation and processing of the existing contractual relationship between you and us. If you have commissioned us to provide a service, we process your data (if provided: Name, contact details address, bank details and payment data) and all information that is necessary in the context of fulfilling the services, exclusively for the purpose of processing and handling the contractual relationship. Accordingly, the data is processed on the basis of Art. 6 (1) b) GDPR as well as to fulfil our legal obligations pursuant to Art. 6 (1) c) GDPR.
Administration, financial accounting, office organisation, contact management.
We may also process your personal data in the context of administrative tasks as well as organisation of our operations, financial accounting and compliance with legal obligations, such as archiving Art. 6 (1) c) GDPR. In this regard, we process the same data that we process in the course of providing our contractual services Art. 6 (1) b) GDPR.
As the Event organiser, we require a record of your registration details including third party emergency contact details for internal administration purposes in order to properly conduct and to safely administer the Event. We will also keep records of medical information provided that it is kept confidential and may be shared only with medical personnel or teams allocated to the Event. Such information shall be deleted within a reasonable time following the completion of the Event unless you agree that we may use such information in your entry for future Events, which are staged within a reasonable timeframe thereafter.
By registering for an Event, you acknowledge that our Events may be filmed and/or otherwise recorded and photographs and/or footage may be taken, all of which may capture your participation in any such event.
By entering an Event you grant us and those authorised by us the free and unfettered right to use such photographs, filming and recording for any purposes it deems reasonable including, but not limited to, publication, display, sale and distribution by means of film, television, radio, print media, internet, publicity material or any other new media now or in the future.
Accordingly, the data is processed on the basis of Art. 6 (1) b) GDPR as well as to fulfil our legal obligations pursuant to Art. 6 (1) c) GDPR and your consent Art. 6 (1) a) GDPR. To revoke your consent simply contact us using firstname.lastname@example.org. The legal basis for storing your data is Art. 6 para. 1 lit. b) and f) GDPR. We reserve the right to delete comments if they are objected to by third parties as unlawful.
If you apply for an internship, we process the information we receive from you as part of the application process, e.g., through your letter of application, CV, references, correspondence, telephone, or verbal details. In addition to your contact details, information about your education, qualifications, work experience and skills is particularly relevant to us.
Your data will initially be processed solely for the purpose of carrying out the application process. If your application is successful, it will become part of your personnel file and will be used to carry out and terminate your employment and will be deleted in accordance with the rules applicable to personnel files. If we are unable to offer you employment, we will continue to process your data for up to six months after sending the rejection in order to defend ourselves against any legal claims, in particular alleged discrimination in the application process.
The legal basis for processing data during the application process is Art. 6 (1) b) GDPR and, if you have given your consent, for example by sending us information that is not necessary for the application process, it is Art. 6 (1) a) GDPR. The legal basis for data processing after a rejection is Art. 6 (1) f) GDPR.
As a rule, we do not require any special categories of personal data within the meaning of Art. 9 GDPR for the application process. We ask you not to provide us with any such information from the outset. If such information is relevant to the application process, we process it together with your other data. Your data will not be used by us for automated decision-making or profiling, nor will it be passed on to third parties. Your data will be processed by us or on our behalf.
You are not obliged to provide us with personal data. However, we can only assess your suitability for the respective position under consideration if we receive information in particular about your education, work experience and skills, and we cannot include you in the application process without providing your contact details.
Becoming a Marshal
If you want to become a Marshal, we process the information we receive from you as part of the application form (name, e-mail address, address, contact details, information about your availability). Your data will initially be processed solely for the purpose of carrying out the application process. If we are unable to offer you participation in our events as a Marshall, we will continue to process your data for up to six months after sending the rejection in order to defend ourselves against any legal claims, in particular alleged discrimination in the application process.
The legal basis for processing data during the application process is Art. 6 (1) b) GDPR and, if you have given your consent, for example by sending us information that is not necessary for the application process, it is Art. 6 (1) a) GDPR. The legal basis for data processing after a rejection is Art. 6 (1) f) GDPR.
Leader boards and Gallery
With your consent your name and/or Image(s) are posted on our website. However, before we post any of your data on the website, we obtain your consent, and of course you may revoke your consent at any time with effect for the future. To revoke your consent simply contact us using email@example.com. Your revocation will not affect the lawfulness of the processing up to the time of revocation. The legal basis for data processing is your consent Art. 6 (1) a) GDPR.
In the context of the review function on this website, in addition to your comment, information on the time of the creation of the comment and the comment name you have chosen will be stored and published on the website. Furthermore, your IP address will be logged and stored. This storage of the IP address is for security reasons and in case the person concerned infringes the rights of third parties by posting a comment or posts illegal content. We need your e-mail address to contact you if a third-party objects to your published content as being illegal. The legal basis for data processing is your consent Art. 6 (1) a) GDPR. To revoke your consent simply contact us using firstname.lastname@example.org. The legal basis for storing your data is Art. 6 para. 1 lit. b) and f) GDPR. We reserve the right to delete comments if they are objected to by third parties as unlawful.
On our website, you can subscribe to our newsletter. In principle, our newsletter can only be received by the data subject if he or she registers for the newsletter mailing. For legal reasons, a confirmation email is sent to the email address entered by a data subject for the first time for the newsletter dispatch using the double opt-in procedure. This confirmation e-mail serves to verify whether the owner of the e-mail address as the data subject has authorised the receipt of the newsletter.
When registering for the newsletter, we also store the IP address of the device used by the data subject at the time of registration as well as the date and time of registration, which is assigned by the Internet service provider (ISP). The collection of this data is necessary in order to be able to trace the (possible) misuse of the e-mail address of a data subject at a later date and therefore serves our legal protection.
The personal data collected in the context of a registration for the newsletter is used exclusively for sending our newsletter. Furthermore, subscribers to the newsletter could be informed by e-mail if this is necessary for the operation of the newsletter service or a related registration, as could be the case in the event of changes to the newsletter offer or changes to the technical circumstances.
The processing of your e-mail address is thus based exclusively on your consent. You can revoke this consent at any time. An informal communication by e-mail to us is sufficient for this purpose. The legality of the data processing operations carried out until the revocation remains unaffected by the revocation.
The provider is Rocket Science Group LLC, (MailChimp). MailChimp is a service with which, among other things, the sending of newsletters can be organised and analysed. When you enter data for the purpose of receiving newsletters (e.g., email address), this data is stored on MailChimp’s servers in the USA.
Comments and contributions in our blog and posts
When you leave comments in our blog or posts, your IP addresses is stored for 7 days on the basis of our legitimate interests. This is done for our security in case someone leaves unlawful content in comments and posts. In this case, we ourselves can be prosecuted for the comment or post and are therefore interested in the identity of the author.
Within the blog you may be able to display certain profile information, share certain details, engage with others, exchange knowledge and insights, post and view relevant content. It’s your choice whether to include sensitive information on your comment and to make that sensitive information public. Please do not post or add personal data to your comment that you would not want to be available. The legal basis for the storage is our legitimate interest Art. 6 (1) f) GDPR.
Disclosure of data
In general, and unless otherwise mentioned in this policy, we will not share your data. However, if we do so we will only pass on your personal data to third parties if:
- you have given your express consent to this in accordance with Art. 6 (1) a) GDPR,
- this is legally permissible and necessary for the fulfilment of a contractual relationship with you according to Art. 6 (1) b) GDPR,
- if there is a legal obligation for the disclosure according to Art. 6 (1) c) GDPR,
- the disclosure is necessary in accordance with Art. 6 (1) f) GDPR for the protection of legitimate business interests and for the assertion, exercise or defence of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data.
- If we commission third parties with the processing of personal data, this is done on the basis of a contract processing agreement in accordance with Art. 28 of the GDPR.
Storage and deletion periods for personal data
If the purpose of processing your personal data no longer applies, your personal data processed by us will be routinely deleted or blocked, unless you have consented to the permanent storage of your personal data. If individual data must be retained after the processing purposes have ceased to apply due to statutory retention periods (e.g., retention requirements under tax and commercial law), the deletion will be replaced by the blocking of the data. The data to be retained may then be processed exclusively for the aforementioned purposes on the legal basis of Article 6(1) c) GDPR.
Our main operations are based in the UK and your personal information is generally processed, stored and used within in the UK. In some instances, your personal information may be processed outside the UK. If and when this is the case, we take steps to ensure there is an appropriate level of security, so your personal information is protected in the same way as if it was being used within the UK. Where we need to transfer your data outside the UK, we will use approved standard contractual clauses in contracts for the transfer of personal data to third countries.
Automated decisions in individual cases including profiling
We do not use automated decision-making – including profiling in accordance with Article 22(1) and (4) of the GDPR.
We use technical and organisational security measures to protect the processing of personal data, in particular against accidental or intentional manipulation, loss, destruction or against attack by unauthorised persons. Our security measures are continuously improved in line with technological developments.
Cooperation with processors and third parties
If, in the course of our processing, we disclose data to other persons and companies (processors or third parties), transmit it to them or otherwise grant them access to the data, this will only be done on the basis of a legal permission (e.g., if a transmission of the data to third parties, such as to payment service providers, is necessary for the performance of the contract pursuant to Art. 6 (1) b) GDPR), you have consented, a legal obligation provides for this or on the basis of our legitimate interests (e.g., when using agents, web hosts, etc.). If we commission third parties to process data on the basis of a so-called “processing agreement”, this is done on the basis of Art. 28 GDPR.
Analysis / Marketing
- a) Google Analytics
We use Google Analytics, a service provided by Google Inc. This means that the data collected can in principle be transmitted to a Google server in the USA, whereby the IP addresses are anonymised by means of IP anonymisation so that an allocation is not possible. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. You can object to the collection and processing of this data by Google Analytics by setting an opt-out cookie that prevents the future collection of your data when you visit this website: http://tools.google.com/dlpage/gaoptout?hl=en. The legal basis for this processing is Art. 6 (1) f) GDPR, our legitimate interest.
- b) Facebook Remarketing
Within our website, so-called “Facebook pixels” of the social network Facebook, which is operated by Meta Platforms Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or if you are a resident of the EU, Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”), are used. With the help of the Facebook pixel, it is possible for Facebook to determine the visitors to our offer as a target group for the display of advertisements, so-called “Facebook ads”. Accordingly, we use the Facebook pixel to display the Facebook ads placed by us only to those Facebook users who have also shown an interest in our website. This means that with the help of the Facebook pixel we want to ensure that our Facebook ads correspond to the potential interest of the users and do not have a harassing effect. With the help of the Facebook pixel, we can also track the effectiveness of the Facebook ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Facebook ad.
You can object to the collection by the Facebook pixel and use of your data for the display of Facebook ads. To do so, you can visit the page set up by Facebook and follow the instructions there on the settings for usage-based advertising: https://www.facebook.com/settings?tab=ads or declare the objection via the US page http://www.aboutads.info/choices/ or the EU page http://www.youronlinechoices.com/. The legal basis for this processing is Art. 6 (1) f) GDPR, our legitimate interest.
Our web site contains so-called hyperlinks to websites of other providers. When you activate these hyperlinks, you will be redirected from our web site directly to the web site of the other provider. You will recognise this by the change of URL, among other things. We cannot accept any responsibility for the confidential handling of your data on these third-party web sites, as we have no influence on whether these companies comply with data protection regulations. Please inform yourself about the handling of your personal data by these companies directly on these web sites.
We are present in various “social media” platforms in order to communicate with our customers, interested parties and users registered there and to be able to inform them about our offers there. We would like to point out that you use these platforms and their functions on your own responsibility. This applies in particular to the use of the interactive functions (e.g., commenting, sharing, rating).
In addition, your data may be processed for market research and advertising purposes. For example, usage profiles can be created from your usage behaviour and the resulting interests. This allows, for example, advertisements to be placed within and outside the platforms that presumably correspond to your interests. Cookies are usually stored on your computer for this purpose. Independently of this, data that is not directly collected from your devices may also be stored in the usage profiles (especially if you are a member of the respective platforms and are logged in to them).
We, as the provider of this information service, do not collect and process any data from your use of our service beyond this.
The processing of users’ personal data is based on our legitimate interests in providing users with effective information and communicating with users pursuant to Art. 6 (1) f) GDPR. If you are asked by the respective providers for consent to data processing, the legal basis for processing is Art. 6 (1) a), Art. 7 GDPR.
If you are a member of a social network and do not want the network to collect data about you via our website and link it to your stored membership data with the respective network, you must
- log out of the respective network before visiting our website,
- delete the cookies on your device and
- close and restart your browser.
After logging in again, however, you will once more be recognisable to the network as a specific user. In the case of requests for information and the assertion of user rights, we would also like to point out that these can most effectively be asserted with the providers. Only the providers have access to the users’ data and can take appropriate measures and provide information directly. If you still need help, you can contact us.
It is important that the data we hold about you is accurate and current, therefore please keep us informed of any changes to your personal data.
Updating your information
If you believe that the information, we hold about you is inaccurate or that we are no longer entitled to use it and want to request its rectification, deletion or object to its processing, please do so within your user account or by contact us. For your protection and the protection of all of our users, we may ask you to provide proof of identity before we can answer the above requests.
Keep in mind, we may reject requests for certain reasons, including if the request is unlawful or if it may infringe on trade secrets or intellectual property or the privacy of another user. Also, we may not be able to accommodate certain requests to object to the processing of personal data, notably where such requests would not allow us to provide our service to you anymore.
Our website is not intended for children. However, parents or legal guardians may sign up Children for our free fun runs at our Conquer24 series using the above-described mechanism through the eventrac system. As such parental consent is obtained and can be revoke by simply contacting us using email@example.com. If you become aware that your Child has provided us with Personal Data, without parental consent, please contact us, and we take the necessary steps to remove that information from our server and inform eventrac accordingly.
Concerns and Contact
If you have any concerns about a possible compromise of your privacy or misuse of your personal data on our part, or any other questions or comments, you can contact us using firstname.lastname@example.org.
What are cookies?
Cookies are small files that are stored on your computer when you visit a website. The next time you visit, the website can recognise the file. The files are thus typically used to compile statistics or for behavioural advertising purposes. Cookies help us to provide you with our services on our website and are partly necessary for website functionality purposes. The personal data stored in our cookies is encrypted.
We collect and process data for the following purposes:
- Optimisation of the website and your user experience
- Creation of statistics on the use of the website by you and other users
- Advertising purposes, including profiling and behavioural advertising initiatives, so that we can make our product information and offers as relevant as possible to you
- Compliance with applicable legal requirements (e.g., General Data Protection Regulation (GDPR), the Privacy and Electronic Communications Regulation (PECR)) and the UK`s Data Protection Act 2018 (DPA), including documentation requirements:
- Compliance with basic principles concerning the processing of personal data and legal basis for the processing (e.g., obtaining consent)
- Implementation and maintenance of technical and organisational security measures
- Investigation of suspected or known security breaches and notification to data subjects and authorities
- Statistics on the use of the website
How long are cookies stored?
Cookies are stored on your computer for different lengths of time depending on their type. From a technical point of view, a distinction is made between two types of cookies:
Session cookies: session cookies are used, for example, to temporarily store the items in your shopping cart while you navigate the website. Session cookies are not stored on your device and disappear when you close your browser.
Persistent Cookies: Persistent cookies are stored as text files on your device. Persistent cookies allow our server to recognise your device the next time you visit our website.
What are the categories of cookies
There are different categories of cookies:
- a) Necessary cookies
Necessarycookies are essential cookies to provide a correct and user-friendly website. Some examples:
- Storing your language preferences;
- Detecting abuse or fraud;
- Storing browser settings to display the website according to the screen size.
- b) Analytical cookies
These cookies are typical third party cookies that we use to collect statistical data about how our website is used, including:
- Average page load time;
- Pages visited;
- Browser data;
- IP address;
- MAC address;
- Duration of a (page) visit;
- Data about the operating system;
- Data about the device used;
- Clicking behaviour and other interactions on one or more pages.
The main purpose of these cookies and their statistical data is, after analysis, to optimise our performance, security, usability, content and services.
- c) Non-essential Cookies
Non-essential Cookies are any cookies that do not fall within the definition of essential cookies, such as cookies used to analyse your behaviour on a website (‘analytical’ cookies) or cookies used to display advertisements to you (‘advertising’ cookies).
The Cookies we use
|_mcid||Necessary||This is a Mailchimp functionality cookie used to evaluate the UI/UX interaction with its platform||1 year|
|_abck||Necessary||This cookie is used to detect and defend when a client attempt to replay a cookie. This cookie manages the interaction with online bots and takes the appropriate actions.||1 year|
|ak_bmsc||Necessary||This cookie is used by Akamai to optimize site security by distinguishing between humans and bots||2 hours|
|bm_sz||Necessary||This cookie is set by the provider Akamai Bot Manager. This cookie is used to manage the interaction with the online bots. It also helps in fraud preventions||4 hours|
|_fbp||Advertisement||This cookie is set by Facebook to display advertisements when either on Facebook or on a digital platform powered by Facebook advertising, after visiting the website.||3 months|
|_ga_JBZREKNY4P||Analytics||This cookie is installed by Google Analytics.||2 years|
|_ga||Analytics||The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site’s analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors.||2 years|
How can I prevent and delete cookies?
When you visit our website, one or more cookies are automatically stored on your device. If you do not want this to happen, it is best to use the following links (depending on the browser you use) to set your browser to prevent cookies from being stored on your computer in the future. (Google Chrome, Mozilla Firefox, Flash cookies, Microsoft Internet Explorer, Opera, Safari)
If your browser is not listed above, it’s best to check your browser’s help menu or search the Internet for “cookies” in conjunction with your browser’s name.
Why do we provide information about cookies?
Cookies are small text files that can be used by websites to make a user’s experience more efficient. The law states that we can store cookies on your device if they are necessary for the operation of this site. For all other types of cookies, we need your permission.
Does this policy change?
Who should I contact for more information?