PRIVACY POLICY - EU

Please note that this Policy is made in parallel to the Terms of Use and Privacy Policy (collectively, the "Legal Terms"). To the extent the terms of this Policy or the General Data Protection Regulation (EU) 2016/679 ("GDPR" and collectively with this Policy, the "EU Policies") conflict with any terms of the Legal Terms, the terms of the EU Policies shall control.

Tough Mudder Incorporated and its affiliated entities (collectively, "TM", "we", "us", and "our") value the privacy of those who provide personal information to us. This privacy policy (the "Policy") describes how and why we collect, store and use personal information, and provides information about individual's rights.

This Policy applies to both personal information supplied to us either by an individual or by others. We may use personal information supplied to us for any of the purposes as set out in this Policy, or as otherwise disclosed at the point of collection.

This Policy is an important document. We recommend that you read it carefully and print and keep a copy for your future reference.

In this Policy, we use the terms:

"Data Controller" shall mean the TM acting as the data controller as prescribed by GDPR
"Personal Information" is any information relating to an identified or identifiable natural person;
"identifiable natural person" is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors; and
"you" and "your" (and other similar terms) refer to our customers, job applicants, staff and visitors to the TM websites.

Your rights in relation to Personal Information and how to exercise them

Under certain circumstances you have the following rights:

  • the right to ask us to provide you, or a third party, with copies of the Personal Information we hold about you at any time and to be informed of the contents and origin, verify its accuracy, or else request that such information be supplemented, updated or rectified according to the provisions of local law;
  • the right to request erasure, anonymisation or blocking of your Personal Information that is processed in breach of the law;
  • the right to object on legitimate grounds to the processing of your Personal Information. In certain circumstances we may not be able to stop using your Personal Information, if
  • that is the case, we'll let you know why; and
  • withdrawal of consent - while we do not generally process Personal Information on the basis of consent when Personal Information is processed on the basis of consent an individual may withdraw consent at any time (this may apply to processing of special categories of Personal Information where you have instructed us to act on your behalf and includes the following: racial/ethnic origin, political opinions, religious or philosophical beliefs and trade union membership). In the event that you no longer want to receive any marketing material from us, please use the unsubscribe option (which is in all of our marketing emails to you), or contract the relevant Data Controller as set out below.


To exercise such rights and if you have any questions about how we collect, store and use Personal Information, then please contact us using the details as set out in the "Data Controller contact information" section below or use the form entitled "Data Subject Access Request and Customer Consent Removal Form" located at TM's legal policies webpage.

What basis do we have for processing your Personal Information?

We will only process personal Information where we have a lawful reason for doing so. The lawful basis for processing Personal Information by us will be one of the following:

  • the processing is necessary for the performance of a contract you are party to or in order to take steps at your request prior to you entering into a contract;
  • the processing is necessary in order for us to comply with our legal obligations (such as compliance with anti-money laundering legislation);
  • the processing is necessary for the pursuit of our legitimate business interests (including that of the delivery and the promotion of our services); and
  • processing is necessary for the establishment, exercise or defence of legal claims.


What Personal Information do we collect and process?

We aim to be transparent about why and how we process Personal Information. For further information on our processing activities please review the relevant section below:

Customer Information

  • Collection: We process Personal Information about contacts using through our third party ticketing website and other forms contained on this website, and such information may include: name, email address, telephone number, and other contact information. The Personal Information may also be collected by virtue of us providing our services to you on our event sites and related destinations.
  • Use: For contact and communication purposes: we may use your contact information to send you updates that we may circulate from time to time, news about any events we are organising or participating in, and/or other information about us and the services that we provide that we believe may be of interest to you. We may also use such information for performing analytics such as trends, sales intelligence, marketing effectiveness (such as click and open rates) uptake and progress.
  • Retention: Personal Information is retained until the customer tells us otherwise.


Job applicants: Please refer to information made available when applying online for further details as to how Personal Information is collected, processed and how long it is retained for.

Staff: Personal Information in relation to staff will be held on various internal systems and applications. A privacy notice which sets out the purposes for which Personal Information will be processed and contains information on data subject rights is provided to staff at the commencement of employment. If further information is required please contact the Human Resources department.

Who else may have access to your Personal Information?

On occasion, we may need to share your Personal Information with third parties. We will only share Personal Information where we are legally permitted to do so. We may pass your Personal Information to third parties such as:

  • events: we may need to pass on your Personal Information (e.g. name, age) to a third party in connection with management of an event, in which case the details will only be used by the third party for that specific purpose;
  • business partners, service providers and other affiliated third parties: to enable us to provide our services to you
  • disclosures required by law or regulation: in certain circumstances, please note that we may be required to disclose Personal Information under applicable law or regulation, including to law enforcement agencies or in connection with proposed or actual legal proceedings.


International transfers of Personal Information (including to outsourced service providers)

From time to time, we may need to transfer your Personal Information between Tough Mudder affiliated entities, who may have offices that are located in territories outside of the European Economic Area ("EEA"), including in the USA, in order to provide you with the services required.

Please note that the legal regimes of some territories outside of the EEA do not always offer the same standard of data protection as those inside the EEA, although we will ensure that your Personal Information is only ever treated in accordance with this Policy.

Where necessary, we have entered into standard European Commission approved form model data protection clauses (if a transfer is to the United States a service provider must either enter into the standard European Commission form approved data protection clauses or be Privacy Shield certified) to provide you with the service required and with our external service providers and business partners in relation to services that they may provide that involve processing data from locations outside of the EEA for which we are Data Controller.

How we look after your Personal Information

We have in place appropriate technical and organisational security measures to protect your Personal Information against unauthorised or unlawful use, and against accidental loss, damage or destruction.

We put in place strict confidentiality agreements (including data protection obligations) with our third party service providers.

Links to other websites

Our website may link to other, unaffiliated third party websites. Please note that TM is not, and cannot, control or be responsible for the content or privacy and confidentiality practices of any third party websites. You must always carefully review the privacy and confidentiality policy of any third party website that you may visit in order to understand how the operators of that website may collect, store and use your Personal Information.

Updates to this Policy

Please check back regularly to keep informed of updates to this Policy.

Complaints

While we hope that you will not need to, if you want to complain about our use of Personal Information please send an email detailing your complaint to TM's Data Protection Officer at [email protected].

You also have the right to lodge a complaint with the relevant supervisory authority. Please see further details below:

UK
Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow
Cheshire
SK9 5AF
www.ico.org.uk
Tel: 0303 123 1113
Tel: 029 2067 8400 (calls in Welsh)
Email: [email protected]

Germany
German Data Protection Regulators

Last Updated: May 25, 2018