PRIVACY NOTICE

Introduction

This privacy notice tells you what to expect when Audax United Kingdom Long Distance Cyclists’ Association (Audax UK) collects and handles your personal information. This notice explains how we comply with the law on data protection, what your rights are and that for the purposes of data protection we will be the controller of any of your personal information.

If you are under 16, please get your parent/guardian’s permission before you provide any personal information to us.
Audax UK is committed to protecting and respecting your privacy and complying with the principles of applicable data protection laws: the UK General Data Protection Regulation (GDPR), the Data Protection Act (2018), and other laws that may come into effect to regulate the use of personal data. We are registered with the Information Commissioner’s Office (ICO) under registration number ZA106272 (a copy of our Registration Certificate is here).

We have not appointed a Data Protection Officer to oversee our compliance with data protection laws as we are not required to do so, but the General Secretary has overall responsibility for data protection compliance in our organisation.
This privacy notice tells you what to expect us to do with your personal information.

1. Contact details
2. What information we collect, use, and why
3. Lawful bases and data protection rights
4. Lawful basis for processing personal data
5. Conditions for processing special category data
6. Transferring personal data outside the UK
7. Security of your information
8. How long we keep information
9. How to complain
10. Last updated

1. Contact details

In the event of any query or complaint in connection with the information we hold about you, please email the General Secretary – secretary@audax.uk or write to us at Audax UK, Unit 6, Whitelands, Terling Road, Hatfield Peverel, Essex. CM3 2AG.

2. What information we collect, use, and why

A. When you visit or use our websites
Types of data we collect	Name, email address, IP address Information you send us when you communicate with us through our websites. See also our Cookie policy
How we collect data	Directly from you when you fill in forms on our websites.
What we use it for	To administer any query or enquiries made by you.
Who we share data with	Companies that process data on our behalf such as providers of website hosting and email services.

B. When you register to use our websites
Types of data we collect	Name, email address, phone number, emergency contact details, address, gender (special category data), date of birth, IP address, communication preferences, cycling club and/or Cycling UK membership details. Event participation information, including any event incident data. Multimedia files such as photographs and video footage from event participation. Information you send us when you communicate with us through our website, apps and via email.
How we collect data	Directly from you when you fill in forms while registering for activities and making purchases (such as Audax UK membership or event entry) on our websites. From your parent or guardian if you are a member under 16. Directly from you via your interactions with us via email, phone conversations, and other forms of correspondence. Via event entries either through our websites, or via organiser event returns.
What we use it for	To administer any registration account you have with us and managing our relationship with you, including arranging for any insurance and dealing with payments and any enquiries made by you. To meet our health and safety and incident management obligations, and to safeguard other members. To record your participation in our events and to record and publish event results. To record your involvement in any event incidents to assist us in managing the health and safety risks associated with the sport. To promote the work and impact of Audax UK. To send you news or marketing related to Audax UK if you choose to receive it. To gather statistics about memberships and people interested in and/or taking part in our activities. To undertake grievance and disciplinary investigations where we have reason to believe that a member has not complied with Audax UK’s policies or a complaint has been raised.
Who we share data with	Companies that process data on our behalf such as providers of website hosting, email services, and payment providers. Event organisers of Audax UK events. Our providers of Audax UK’s insurance cover if you are involved in or witness an incident, or if you make a claim. International audax and randoneuring homologation organisations Audax Club Parisien (ACP), Les Randonneurs Mondiaux (LRM), and Union des Audax Français (UAF).

C. When you become a paid member of Audax UK
Types of data we collect	Name, email address, phone number, emergency contact details, address, gender (special category data), date of birth, IP address, communication preferences, cycling club and/or Cycling UK membership details. Event participation information, including any event incident data. Multimedia files such as photographs and video footage from event participation. Information you send us when you communicate with us through our website, apps and via email.
How we collect data	Directly from you when you fill in forms while registering for activities and making purchases (such as Audax UK membership or event entry) on our websites. From your parent or guardian if you are a member under 16. From your lead household member if you are a household member. Directly from you via your interactions with us via email, phone conversations, and other forms of correspondence. Via event entries either through our websites, or via organiser event returns.
What we use it for	To administer any registration account you have with us and managing our relationship with you, including arranging for any insurance and dealing with payments and any enquiries made by you. To meet our health and safety and incident management obligations, and to safeguard other members. To record your participation in our events and to record and publish event results. To record your involvement in any event incidents to assist us in managing the health and safety risks associated with the sport. To promote the work and impact of Audax UK. To send you our magazine (Arrivée), news or marketing related to Audax UK if you choose to receive it. To gather statistics about memberships and people interested in and/or taking part in our activities. To undertake grievance and disciplinary investigations where we have reason to believe that a member has not complied with Audax UK’s policies or a complaint has been raised.
Who we share data with	Companies that process data on our behalf such as providers of website hosting, email services, and payment providers. Event organisers of Audax UK events. Our providers of Audax UK’s insurance cover if you are involved in or witness an incident, or if you make a claim. International audax and randoneuring homologation organisations Audax Club Parisien (ACP), Les Randonneurs Mondiaux (LRM), and Union des Audax Français (UAF).

D. When you become an organiser of Audax UK events (in addition to the data usage in item A, B and C above)
Types of data we collect	Event organisation information. Event participation information and any feedback received. Event registration, entry, validation and brevet card fees, together with any other purchases of Audax UK items. Details of organiser’s payment processing accounts
How we collect data	Directly from you when you fill in forms while registering to be an organiser, and from registering your events on our websites. Directly from you via your interactions with us via email, phone conversations, and other forms of correspondence. Via event correspondence made directly to Audax UK relating to your events.
What we use it for	To administer your event organiser status and to monitor your performance as an organiser. To route event entry fees to you. To fulfil our legal and regulatory requirements.
Who we share data with	Companies that process data on our behalf such as providers of website hosting, email services, and payment providers. Our providers of Audax UK’s insurance cover if an incident occurs during your events, or a claim is made relating to your events. Statutory, legal and regulatory bodies and our professional advisors which we are obliged to share information with.

E. When you become a director or delegate of Audax UK (in addition to the data usage in item A, B and C above)
Types of data we collect	National insurance number, identification documents, banking details.
How we collect data	Directly from you via your interactions with us via email, phone conversations, and other forms of correspondence.
What we use it for	To facilitate payments from Audax UK. To fulfil our legal and regulatory requirements.
Who we share data with	Companies that process data on our behalf such as providers of website hosting, email services, and payment providers. Statutory, legal and regulatory bodies and our professional advisors which we are obliged to share information with.

3. Lawful bases and data protection rights

Under UK data protection law, we must have a “lawful basis” for collecting and using your personal information. There is a list of possible lawful bases in the UK GDPR. You can find out more about lawful bases on the ICO’s website.

Which lawful basis we rely on may affect your data protection rights which are set out in brief below. You can find out more about your data protection rights and the exemptions which may apply on the ICO’s website:

• Read more about the right of access.

• Your right to rectification - You have the right to ask us to correct or delete personal information you think is inaccurate or incomplete. Read more about the right to rectification.

• Your right to erasure - You have the right to ask us to delete your personal information. Read more about the right to erasure.

• Your right to restriction of processing - You have the right to ask us to limit how we can use your personal information. Read more about the right to restriction of processing.

• Your right to object to processing - You have the right to object to the processing of your personal data. Read more about the right to object to processing.

• Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you. Read more about the right to data portability.

• Your right to withdraw consent – When we use consent as our lawful basis you have the right to withdraw your consent at any time. Read more about the right to withdraw consent.

If you make a request, we must respond to you without undue delay and in any event within one month.

To make a data protection rights request, please contact us using the contact details at the top of this privacy notice.

Our lawful bases for collecting or using personal information to provide services and goods, including delivery and third party referrals are:

• Consent - we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.

• Contract – we have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.

• Legitimate interests – we’re collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability. Our legitimate interests are necessary to enable us to properly manage and administer your membership and/or participation in Audax UK events.

• Legal obligation – we have to collect or use your information so we can comply with the law. All of your data protection rights may apply, except the right to erasure, the right to object and the right to data portability.

For some of your personal information you will have a legal, contractual or other requirement or obligation for you to provide us with your personal information. If you do not provide us with the requested personal information, we may not be able to admit you as a member or we may not be able to properly perform our contract with you or comply with legal obligations and we may have to terminate your position as a member. For other personal information you may not be under an obligation to provide it to us, but if you do not provide it then we may not be able to properly perform our contract with you.

4. Lawful basis for processing personal data

Our lawful bases for collecting or using personal information to provide services and goods, including delivery and third party referrals are:

• Consent - we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.

• Contract – we have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.

• Legitimate interests – we’re collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability. Our legitimate interests are necessary to enable us to properly manage and administer your membership and/or participation in Audax UK events.

• Legal obligation – we have to collect or use your information so we can comply with the law. All of your data protection rights may apply, except the right to erasure, the right to object and the right to data portability.

For some of your personal information you will have a legal, contractual or other requirement or obligation for you to provide us with your personal information. If you do not provide us with the requested personal information, we may not be able to admit you as a member or we may not be able to properly perform our contract with you or comply with legal obligations and we may have to terminate your position as a member. For other personal information you may not be under an obligation to provide it to us, but if you do not provide it then we may not be able to properly perform our contract with you.

5. Conditions for processing special category data

We collect and process special categories of personal data for the purposes of equality monitoring, safeguarding, and for the presentation of certain awards and trophies.

6. Transferring personal data outside the UK

Where necessary, we will transfer personal information outside of the UK. When doing so, we comply with the UK GDPR, making sure appropriate safeguards are in place.

We transfer limited personal data relating to event participation outside the UK, relating to events which are homologated by Audax Club Parisen, Les Randonneurs Mondiaux, and Union des Audax Français. These organisations are based in the European Economic Area and has been assessed as providing adequate protection to data subjects (also known as Adequacy Regulations or UK data bridge).

We do not envisage transferring any other information about, or relating to, individuals to anyone who is located outside of the UK and European Economic Area.

However, sometimes companies who process data on our behalf may store or process data in other countries. Where we permit this, we will ensure that those companies provide and maintain appropriate safeguards so that your personal information is subject to the same standards and protections as it is inside the UK and European Economic Area.

7. Security of your information

Audax UK will take all steps reasonably necessary including policies, procedures and security features to ensure that your data is processed securely and protected from unauthorised and unlawful access and/or use, and in accordance with this notice.

Where we require you to use a password to access certain parts of the websites, you are responsible for keeping this password confidential and not sharing it with anyone.

Where any payments are being collected on our behalf, we require our payment providers to be compliant with the Payment Card Industry’s Data Security Standards (PCI-DSS).

8. How long we keep information

The duration for which we retain your personal information will differ depending on the type of information and the reason why we collected it from you. However, in some cases personal information may be retained on a long-term basis: for example, personal information that we need to retain for legal purposes will normally be retained in accordance with usual commercial practice and regulatory requirements.

Generally, where there is no legal requirement we retain all physical and electronic records for a period of 6 years after your last contact with us. Exceptions to this rule are:

• Information that may be relevant to personal injury claims, or discrimination claims may be retained until the limitation period for those types of claims has expired. For personal injury or discrimination claims this can be an extended period as the limitation period might not start to run until a long time after you have worked for us.

• Information relating to awards, trophies and participation in events which we hold on a permanent basis.

It is important to ensure that the personal information we hold about you is accurate and up-to-date, and you should let us know if anything changes, for example if you change your phone number or email address.

9. How to complain

If you have any concerns about our use of your personal data, you can make a complaint to us using the contact details at the top of this privacy notice.

If you remain unhappy with how we’ve used your data after raising a complaint with us, you can also complain to the ICO.

The ICO’s address is

• Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.

• Helpline number: 0303 123 1113.

• Website: https://www.ico.org.uk/make-a-complaint.

 

10. Last updated

18 December 2025.