PRIVACY NOTICE FOR CELTIC LEISURE PUBLIC EVENTS

This Privacy Notice (Notice) explains how Celtic Leisure (we, our, us) processes your personal data when you attend its events (including publicly available events and online events made available to members of the public and your rights in relation to the personal data we hold.

For the purposes of the UK GDPR Celtic Leisure is the data controller of your personal data.

How your personal data is collected?

Celtic Leisure collects your personal data from the following sources:

•       from you, typically when you:

  • complete forms in relation to attending or participating in an Event, including buying or registering for tickets online;
  • attend and participate in an Event;
  • interact with one of our representatives or employees during an Event (for example when you sign up to a mailing list or enter a competition);
  • complete our surveys and feedback forms;
  • communicate with us by post, email, online chat, social media, telephone or another format;
  • visit our website, including when you search, register or use our online payment/ticketing portals or sign-up for an event.

•       from third parties such as:

  • ticketing agencies who sell tickets or process ticket orders on our behalf;
  • a third party who may purchase tickets on your behalf or register your details with us;
  • our website, webinar, ticketing and sign-up platform providers;
  • our payment provider who will confirm details of your payment;

What categories of personal data are collected?

We collect the following categories of personal data:

Identification, background and contact details

  • personal information such as your name, title, gender and date of birth;
  • your image, audio and likeness (as captured on a webinar, in photographs or on recordings we make of the Event, and on CCTV where the Event is hosted at our premises);
  • your contact details including address, email address, online chat or social media account details and phone number;

Online and transactional

  • details of your IP address, browser type and operating system when you visit our website;
  • events that you have attended in the past or for which you are registered to attend in the future;
  • payment details and your financial transactions in relation to Events;
  • records of communications sent to you by Celtic Leisure or received from you;

We may also collect the following special category of personal data where it is necessary for the purposes set out in the Notice (please also see the section on Special categories of personal data for details about how we process this data):

  • information concerning your health and medical conditions (e.g. disability and dietary needs) where this is necessary for your safety during our events

The basis for processing your data, how we use that data and with whom we share it
We will process your personal data either in ways you have consented to, or because it is otherwise necessary for a lawful purpose. We set these out as follows:

As part of the contractual relationship between you and Celtic Leisure (for example in relation to a ticket you have purchased)
In this respect we use your personal data for the following purposes:

  • to deliver the Event you have registered for;
  • to correspond with you about the Event, including sending you pre and post-event information.

As part of this process, we will expect to share your personal data with:

  • our agents, contractors and service providers where applicable and where it is necessary for them to receive the information;
  • our bank to whom payment details are provided in order to process a payment;
  • co-organisers or partners who are involved in the delivery of an Event;

Other legitimate interests

Your personal data will also be processed because it is necessary for Celtic Leisure’s legitimate interests or the legitimate interests of a third party. This will always be weighed against your rights, interests and expectations. Examples of where we process data for purposes that fall under legitimate interests include:

  • filming, photographing or otherwise recording Events and publishing such content on our website, social media accounts and other formats where it would not be necessary, appropriate or practicable to obtain your specific consent (for example, we may seek specific consent for prominent or impactful uses);
  • analysing and improving the use of our website;
  • using digital tools to monitor the impact of our marketing communications (such as using email tracking to record when an email we send you has been opened);
  • analysing who is attending our Events, including so that we can monitor the success of our programs and understand trends in participation
  • processing feedback to improve the quality of our Events and marketing activities;
  • marketing Celtic Leisure and its Events by post, telephone, social media and electronic mail (but without prejudice to your rights under the legislation that regulates the sending of marketing communications by electronic means);

In addition to those organisations named above, we will also share your personal data with:

  • our agents and contractors where they require your personal data to perform the services outlined above.

Legal obligations

Your personal data will be processed for compliance with Celtic Leisure’s legal obligations. For example:

  • for the detection and prevention of crime and to assist the police and other competent authorities with investigations;
  • to comply with reasonable measures to be taken to minimise the risk of exposure to coronavirus on premises open to the public under Regulation 21 of the Health Protection (Coronavirus Restrictions) (No. 4) (Wales) Regulations 2020

In this respect, as well as the organisations mentioned above, we may in specific circumstances need to share your personal data with third parties who have made legitimate requests under data protection or freedom of information law; the police and other law enforcement agencies; HMRC and Celtic Leisure’s external auditors.

Where you have consented

Your personal data will also be processed by Celtic Leisure where we have your consent.

Examples where consent would be sought include where the law or some other protocol requires that Celtic Leisure obtains your consent (for certain marketing communications) or where, having balanced Celtic Leisure’s legitimate interests against your rights, interests and expectations, we feel it is appropriate to obtain your consent for our processing, rather than rely on the legitimate interests basis.

Where applicable, consent will always be specific and informed on your part, and the consequences of consenting or not, or of withdrawing consent, will be made clear.

Special categories of personal data

In addition to the above, Celtic Leisure may process personal data that the law considers falls into the special category of health.  This will be under the following circumstances:

  • where you have provided your explicit consent. Examples might include where you have provided information on your dietary requirements, allergies or where you inform us of the requirement for wheelchair access;
  • where such processing is necessary for the establishment, exercise or defence of legal claims (including sharing with Celtic Leisure’s insurers and legal advisers) or the prevention or detection of crime (for example, detecting criminal actions through the use of CCTV or reporting allegations to the police);
  • where it is in your vital interests to do so and you are incapable of giving consent, for example to inform your specified emergency contact, the NHS or emergency services in the event of your illness or other emergency.

International transfers of data

Celtic Leisure will in limited circumstances disclose personal data to third parties, or allow personal data to be stored or handled, in countries outside the European Economic Area.  For example, we will transfer data to IT and ticketing/sign-up platform providers based overseas (such as MailChimp, Google and EventBrite).

In these circumstances, your personal data will only be transferred where the transfer is subject to one or more of the “appropriate safeguards” for international transfers prescribed by applicable law, such as:

  • an approved certification mechanism such as Privacy Shield;
  • where Celtic Leisure has entered into contractual clauses approved by the European Commission that provide appropriate safeguards; or
  • there exists another situation where the transfer is permitted under applicable law (for example, where we have your explicit consent).

Profiling

We may use personal characteristics such as age, role, your expressed interests, your previous interactions with Celtic Leisure or geographical location to target our communications, and advertising and promotions so that they are relevant to you.

Your rights under the Data Protection Legislation

  • to obtain access to, and copies of, the personal data we hold about you.
  • to require that we cease processing your personal data if the processing is causing you damage or distress;
  • to require us not to send you marketing communications;
  • to request that we erase your personal data;
  • to request that we restrict our data processing activities in relation to your personal data;
  • to receive from us a copy of some or all of the personal data we hold about you, which you have provided to us, and
  • to require us to correct the personal data we hold about you if it is incorrect.

Please note that the above rights are not absolute, and requests may be refused where exceptions apply.

If you have any questions about these rights or how your personal data is used by us, you should contact the Data Protection Officer using the details below:

By email: DPO@Celticleisure.org

Or write to us at: Data Protection Officer, Celtic Leisure, Dyfed Road, Neath SA11 3AW

If you are not satisfied with how your personal data is used by Celtic Leisure you can make a complaint to the Information Commissioner (www.ico.org.uk).

How long is my personal information retained for?

Where you have expressed an interest in our products or services/where we have collected your contact details for us to provide you with information about our services, we will keep your information for 3 years, or until you ask us to stop sending you such information.

Where you have purchased a service from us, we will keep your personal information for 3 years, to deal with any queries, complaints or legal claims you may have.

In addition, we hold information on participants for up to three months after an Event unless we have a legitimate reason for retaining your information for longer; for example, where you have requested to receive further information from us and to keep you informed about future Events.

Document updated: May 2021

MENU