< Home


Updated September 2019

1. About Us

The term ‘we’, ‘us’, ‘our’ refers to the owner of the website and application: XO Explore LTD, registered at 21 ALBERTA AVENUE, CHAPEL ALLERTON, LEEDS, LS7 4LX and operates from 21 ALBERTA AVENUE, CHAPEL ALLERTON, LEEDS, LS7 4LX. XO Explore LTD is registered in England & Wales 11456279. The term ‘you’ refers to the user or viewer of our website and/or application.

This Privacy Statement sets out how we at XO Explore LTD use & protect any information that you provide us when you use our website. If you have any requests concerning your personal information or any queries with regard to these practices please contact [email protected].

With the new EU legislation regarding the General Data Protection Regulation and the UK Data Protection Act 2018 (together, known as GDPR in this Privacy Statement), this Privacy Statement outlines to visitors how we collect, store and use your data, and how you can access it.

2. What is Personal Data?

Personal data is defined by the GDPR as ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’.

Personal data is, in simpler terms, any information about you that enables you to be identified. The personal data that we use is set out in Section 3, below.

3. What Personal Data Do You Collect?

The main purpose of our data collection process is to facilitate your participation in an XO event. This data comprises:
Contact Details
Medical Information: We stipulate only that relevant to your participation in an XO event
Emergency Contact Information
Team Information: Name and phone number of your XO partner, so we can send them the relevant registration information for that event.

We do not collect any special categories of personal information about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.

4. What Are My Rights?

Under the GDPR, you have the following rights, which we will strive to uphold:

  1. The right to be informed about our and use of your personal data. This Privacy Notice should tell you everything you need to know, but you can always contact us to find out more or to ask any questions using the details in Section 9.
  2. The right to access the personal data we hold about you. Section 8 will tell you how to do this.
  3. The right to have your personal data amended if any of your personal data held by us is inaccurate or incomplete. Please contact us using the details in Section 9 to find out more.
  4. The right to be forgotten, i.e. the right to ask us to delete or otherwise dispose of any of your personal data that we have. Please contact us using the details in Section 9 to find out more.
  5. The right to restrict (i.e. prevent) the processing of your personal data.
  6. The right to object to us using your personal data for a particular purpose or purposes.
  7. The right to data portability. This means that, if you have provided personal data to us directly, we are using it with your consent or for the performance of a contract, and that data is processed using automated means, you can ask us for a copy of that personal data to re-use with another service or business in many cases.

For more information about our use of your personal data or exercising your rights as outlined above, please contact us using the details provided in Section 9. Further information about your rights can also be obtained from the Information Commissioner’s Office or your local Citizens Advice Bureau. If you have any cause for complaint about our use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office.

5. How Do You Use My Personal Data?

Under the GDPR, we must always have a lawful basis for using personal data. This may be because the data is necessary for our performance of a contract with you, because you have consented to our use of your personal data, or because it is in our legitimate business interests to use it. Your personal data may be used for one of the following purposes:

  • Providing information about products and services
  • Delivering XO events as per our contract with you, the entrant
  • Dealing with your enquiries and requests
  • Administering orders and accounts relating to our suppliers or customers
  • Providing reservation or booking services
  • Providing the sponsors of our events you attend with ONLY the summary demographic information, for example X% male, Y% female, Z% from a Leeds postcode etc. This will be based on the personal information you provide, but will not disclose the information to our sponsors.

With your permission and/or where permitted by law, we may also use your personal data for marketing purposes, which may include contacting you by push notifications through the application, email and/or telephone with information, news, and offers on our products and events. You will not be sent any unlawful marketing or spam. We will always work to fully protect your rights and comply with our obligations under the GDPR, and you will always have the opportunity to opt-out.

We do not use your personal data for automated decision-making or profiling.

6. How Long Will You Keep My Personal Data?

We will not keep your personal data for any longer than is necessary in light of the reason(s) for which it was first collected. Emergency Contact Information and Medical Information will be discarded after a period of 3 years. To assist with strategic planning and historical trend mapping, we will retain the remaining personal information for a period of 7 years.

Any data and/or communications regarding a legal claim will be retained for a period of 7 years to assist with future procedures.

7. Do You Share My Personal Data?

Occasionally, we may be required to share data with third parties, for the following reasons:

  • Events: we may need to pass on your personal information (e.g. name, age) to a third party in connection with management of an event, in which case the details will only be used by the third party for that specific purpose;
  • Business partners, service providers and other affiliated third parties: to enable us to provide our services to you
  • Disclosures required by law or regulation: in certain circumstances, please note that we may be required to disclose personal information under applicable law or regulation, including to law enforcement agencies or in connection with proposed or actual legal proceedings.

We put in place strict confidentiality agreements (including data protection obligations) with our third-party service providers.

Our website may link to other, unaffiliated third-party websites. Please note that XO Explore Ltd is not, and cannot, control or be responsible for the content or privacy and confidentiality practices of any third-party websites. You must always carefully review the privacy and confidentiality policy of any third-party website that you may visit in order to understand how the operators of that website may collect, store and use your personal information.

We may transfer your collected data to storage outside the European Economic Area (EEA). It may be processed outside the EEA to provide the event and deal with payment. If we do store or transfer data outside the EEA, we will take all reasonable steps to ensure that your data is treated as safely and securely as it would be within the EEA and under the GDPR. Such steps may include, but not be limited to, the use of legally binding contractual terms between us and any third parties we engage with and the use of the EU-approved Model Contractual Arrangements. Your acceptance of this Privacy Statement shall be your consent permitting us to store or transfer data outside the EEA if it is necessary for us to do so.

Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US. For further details, see the European Commission: EU-US Privacy Shield.

8. How Can I Access My Personal Data?

If you want to know what personal data we have about you, you can ask us for details of that personal data and for a copy of it (where any such personal data is held). This is known as a “subject access request”. All subject access requests should be made in writing and sent to the email or postal addresses shown in Section 9. There is not normally any charge for a subject access request. If your request is ‘manifestly unfounded or excessive’ (for example, if you make repetitive requests) a fee may be charged to cover our administrative costs in responding.

We will respond to your subject access request within two weeks and, in any case, not more than one month of receiving it. Normally, we aim to provide a complete response, including a copy of your personal data within that time. In some cases, however, particularly if your request is more complex, more time may be required up to a maximum of three months from the date we receive your request. You will be kept fully informed of our progress.

9. Cookies

Cookies are small text files placed on your device when you visit our site and are used to make the users experience more efficient. We are able to store cookies on your computer where they are necessary for the operation of the site however, for non-essential cookies we need your permission.

How we use Cookies

do not track individual users or use cookies to identify individuals. We use cookies to recognise you and your preferences, improve our site's performance and collect analytical information for ourselves and our business partners. Without the knowledge gained we would not be able to provide the service we do.

'Session' and 'Persistent' Cookies

'Session cookies' allow us to track your actions during a single browsing session, but they do not remain on your device afterwards.

'Persistent cookies' remain on your device between sessions. We use them to authenticate you and to remember your preferences. We can also use them to balance the load on our servers and improve your experience on our site.

Session and persistent cookies can be either first or third party cookies. A first-party cookie is set by the website being visited; a third-party cookie is set by a different website. Both types of cookie may be used by us or our business partners.

Third Party Cookies we use include: Google Analytics, which is a web analytics service provided by Google, Inc. The cookies used by Google Analytics help us to analyse how users use the site and to count the number of people who use the site. Google Analytics stores your IP address anonymously and neither us or Google associate your IP address with any personally identifiable information. We also use Facebook for advertising services, and Facebook uses cookies to help analyse clicks and views on our adverts.


All our cookies are categorised by the role they fulfil on our website:

  • Strictly Necessary: these are essential to enable you to move around our website and use features such as secure services. Without these cookies such services could not be provided;
  • Functionality: allow the website to remember your choices and to personal certain features. These cookies may be anonymised and cannot track your browsing activity on other websites; and
  • Performance: collect information as to how users use the website. These cookies don't collect information that identifies a visitor. The information collected is aggregated and used to improve our website.
  • None of the cookies employed are classified as Behavioural Targeting.
  • If at any time you wish to disable our cookies, you may do so through the settings on your browser. However, if you choose to disable or delete our cookies that will prevent certain important areas and features of our service from functioning properly. (but if you do so you will not be able to use certain important features of our service). You can find additional information at AboutCookies.org.

Notwithstanding, the audit undertaken regarding our cookies, it is possible we may have missed one from our list above. If you happen to find one that is being set on our site, please let us know.

10. How Do I Contact You?

To contact us about anything to do with your personal data and data protection, including to make a subject access request, please use the following details:
Email address: [email protected]
Postal Address: XO Explore Ltd, 21 Alberta Avenue, Chapel Allerton, Leeds, LS7 4LX.

11. Amendments

Please note that this privacy policy is subject to change from time to time. It was last updated in September 2019.