Privacy Policy

Last updated: 2025

This Privacy Policy explains how Premier Paddock Racing (“we”, “us”, “our”) collects and processes your personal information when you use our website, purchase or lease shares, access My Paddock, enter ballots, or contact us. We act as a controller for the personal data described below.

At a glance

  • We only collect what we need to run your membership and our services.
  • Legal bases: contract, legitimate interests, consent, legal obligation.
  • You can access, correct, delete, or object to certain processing.
  • We use reputable providers (e.g., Supabase, Stripe, email delivery, hosting).
  • Data may be transferred outside the UK/EEA with appropriate safeguards (e.g., SCCs).

1) Who we are & how to contact us

Controller: [Legal Entity Name] trading as Premier Paddock Racing
Registered in: [England & Wales] — Company No: [Company Number]
Registered office: [Full Address]

Email: support@premierpaddockracing.co.uk

2) What we collect

2.1 Data you provide

  • Identity & contact: name, email, phone, postal address.
  • Account data: login email, authentication tokens (via Supabase), preferences.
  • Transaction data: purchases/leases, number of shares, price paid, invoices, last 4 digits of card (Stripe).
  • Communications: messages via forms, support enquiries, ballot entries, vote participation.
  • Marketing choices: email preferences and consent status.

2.2 Data we collect automatically

  • Usage & device info: IP address, browser type, pages viewed, timestamps, referrers, approximate location.
  • Security logs: sign-in events, failed logins, session state (to keep your account secure).
  • Cookies & similar tech: see Cookie Policy.

2.3 Data from third parties

  • Payment processors (e.g., Stripe): payment status (success/fail), limited card meta.
  • Email delivery/CRM (e.g., Resend, Amazon SES, Microsoft 365): delivery, open/click signals where permitted.
  • Anti-fraud/abuse and security tools.

We do not collect special category data by default and we do not sell personal data.

3) How and why we use your data (legal bases)

We process personal data only where we have a valid legal basis:

  • Contract — to create and manage your account; fulfil purchases/leases; operate My Paddock; run ballots and votes; send essential service emails; provide support.
  • Legitimate interests — to keep services secure; prevent fraud and abuse; improve the site and features; understand usage; announce stable visits and community updates; light direct marketing to existing members (you can opt out).
  • Consent — for non-essential cookies/analytics/marketing emails; you can withdraw at any time.
  • Legal obligation — tax and accounting records; responding to lawful requests from authorities; compliance with racing regulations where applicable.

Service communications

You’ll receive essential service emails (e.g., account, receipts, ballot outcomes, critical updates). You can opt out of marketing but not these essential communications.

4) Sharing your data (service providers & partners)

We share data with providers who help us run our services. They act under contract, use data only on our instructions, and apply security measures. Typical categories:

  • Hosting & infrastructure (e.g., Vercel) — website and edge runtime.
  • Database & authentication (e.g., Supabase) — user auth, data storage.
  • Payments (e.g., Stripe) — secure payment processing.
  • Email delivery & CRM (e.g., Resend, Amazon SES/Microsoft 365) — transactional emails and support.
  • Analytics/monitoring (privacy-respecting where possible) — product performance and errors.
  • Professional services — legal, accounting, compliance advisers.

We may disclose data where required by law, to enforce our terms, or to protect rights, property, and safety. If we undergo a reorganisation, merger, or sale, personal data may transfer under appropriate safeguards.

5) International transfers

Some providers store/process data outside the UK/EEA (e.g., USA). Where we do, we use lawful transfer mechanisms such as the UK Addendum to the EU Standard Contractual Clauses, EU SCCs, and/or other adequacy measures to protect your data.

6) How long we keep data

We retain personal data only as long as necessary for the purposes above:

  • Account & membership records: for your active relationship, then a reasonable period for queries/defence of claims.
  • Transaction records: typically 6–7 years (tax/accounting).
  • Marketing preferences: until you opt out or your account is deleted.

When no longer needed, we delete or anonymise data. Where deletion isn’t feasible (e.g., backups), we securely isolate the data until deletion is possible.

7) Security

We implement technical and organisational measures (encryption in transit, access controls, least-privilege, monitoring). No system is 100% secure, but we work to protect your data and promptly assess and act on incidents.

8) Your privacy rights

Under UK GDPR/EEA law, you may have the right to: access, rectification, erasure, restriction, objection (including to direct marketing), and data portability. Where we rely on consent, you can withdraw it at any time.

To exercise rights, email support@premierpaddockracing.co.uk. We may need to verify your identity. We respond within applicable timeframes.

9) Cookies & analytics

We use essential cookies to make the site work and (with your consent) may use analytics or marketing cookies. For details (including how to change your preferences), see our Cookie Policy.

10) Children

Our services are for users aged 18+. We do not knowingly collect personal data from children.

11) Changes to this policy

We may update this policy to reflect changes in law or our services. We’ll post the new version here and, where required, notify you.

12) Contact & complaints

Questions or requests: support@premierpaddockracing.co.uk

You may also complain to the UK Information Commissioner’s Office (ICO): ico.org.uk/make-a-complaint.