Updated September 2019
The term ‘we’, ‘us’, ‘our’ refers to the owner of the website and application: XO Explore LTD, registered at 21 ALBERTA AVENUE, CHAPEL ALLERTON, LEEDS, LS7 4LX and operates from 21 ALBERTA AVENUE, CHAPEL ALLERTON, LEEDS, LS7 4LX. XO Explore LTD is registered in England & Wales 11456279. The term ‘you’ refers to the user or viewer of our website and/or application.
This Privacy Statement sets out how we at XO Explore LTD use & protect any information that you provide us when you use our website. If you have any requests concerning your personal information or any queries with regard to these practices please contact [email protected]
With the new EU legislation regarding the General Data Protection Regulation and the UK Data Protection Act 2018 (together, known as GDPR in this Privacy Statement), this Privacy Statement outlines to visitors how we collect, store and use your data, and how you can access it.
Personal data is defined by the GDPR as ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’.
Personal data is, in simpler terms, any information about you that enables you to be identified. The personal data that we use is set out in Section 3, below.
The main purpose of our data collection process is to facilitate your participation in an XO event. This data comprises:
Medical Information: We stipulate only that relevant to your participation in an XO event
Emergency Contact Information
Team Information: Name and phone number of your XO partner, so we can send them the relevant registration information for that event.
We do not collect any special categories of personal information about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
Under the GDPR, you have the following rights, which we will strive to uphold:
For more information about our use of your personal data or exercising your rights as outlined above, please contact us using the details provided in Section 9. Further information about your rights can also be obtained from the Information Commissioner’s Office or your local Citizens Advice Bureau. If you have any cause for complaint about our use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office.
Under the GDPR, we must always have a lawful basis for using personal data. This may be because the data is necessary for our performance of a contract with you, because you have consented to our use of your personal data, or because it is in our legitimate business interests to use it. Your personal data may be used for one of the following purposes:
With your permission and/or where permitted by law, we may also use your personal data for marketing purposes, which may include contacting you by push notifications through the application, email and/or telephone with information, news, and offers on our products and events. You will not be sent any unlawful marketing or spam. We will always work to fully protect your rights and comply with our obligations under the GDPR, and you will always have the opportunity to opt-out.
We do not use your personal data for automated decision-making or profiling.
We will not keep your personal data for any longer than is necessary in light of the reason(s) for which it was first collected. Emergency Contact Information and Medical Information will be discarded after a period of 3 years. To assist with strategic planning and historical trend mapping, we will retain the remaining personal information for a period of 7 years.
Any data and/or communications regarding a legal claim will be retained for a period of 7 years to assist with future procedures.
Occasionally, we may be required to share data with third parties, for the following reasons:
We put in place strict confidentiality agreements (including data protection obligations) with our third-party service providers.
Our website may link to other, unaffiliated third-party websites. Please note that XO Explore Ltd is not, and cannot, control or be responsible for the content or privacy and confidentiality practices of any third-party websites. You must always carefully review the privacy and confidentiality policy of any third-party website that you may visit in order to understand how the operators of that website may collect, store and use your personal information.
We may transfer your collected data to storage outside the European Economic Area (EEA). It may be processed outside the EEA to provide the event and deal with payment. If we do store or transfer data outside the EEA, we will take all reasonable steps to ensure that your data is treated as safely and securely as it would be within the EEA and under the GDPR. Such steps may include, but not be limited to, the use of legally binding contractual terms between us and any third parties we engage with and the use of the EU-approved Model Contractual Arrangements. Your acceptance of this Privacy Statement shall be your consent permitting us to store or transfer data outside the EEA if it is necessary for us to do so.
Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US. For further details, see the European Commission: EU-US Privacy Shield.
If you want to know what personal data we have about you, you can ask us for details of that personal data and for a copy of it (where any such personal data is held). This is known as a “subject access request”. All subject access requests should be made in writing and sent to the email or postal addresses shown in Section 9. There is not normally any charge for a subject access request. If your request is ‘manifestly unfounded or excessive’ (for example, if you make repetitive requests) a fee may be charged to cover our administrative costs in responding.
We will respond to your subject access request within two weeks and, in any case, not more than one month of receiving it. Normally, we aim to provide a complete response, including a copy of your personal data within that time. In some cases, however, particularly if your request is more complex, more time may be required up to a maximum of three months from the date we receive your request. You will be kept fully informed of our progress.
Cookies are small text files placed on your device when you visit our site and are used to make the users experience more efficient. We are able to store cookies on your computer where they are necessary for the operation of the site however, for non-essential cookies we need your permission.
'Session cookies' allow us to track your actions during a single browsing session, but they do not remain on your device afterwards.
'Persistent cookies' remain on your device between sessions. We use them to authenticate you and to remember your preferences. We can also use them to balance the load on our servers and improve your experience on our site.
Session and persistent cookies can be either first or third party cookies. A first-party cookie is set by the website being visited; a third-party cookie is set by a different website. Both types of cookie may be used by us or our business partners.
All our cookies are categorised by the role they fulfil on our website:
Notwithstanding, the audit undertaken regarding our cookies, it is possible we may have missed one from our list above. If you happen to find one that is being set on our site, please let us know.
To contact us about anything to do with your personal data and data protection, including to make a subject access request, please use the following details:
Email address: [email protected]
Postal Address: XO Explore Ltd, 21 Alberta Avenue, Chapel Allerton, Leeds, LS7 4LX.