Student Motorsport Privacy Policy 2025

Last Updated: April 15th, 2025

Version: 1.0

Student Motorsport – Trading as Student Motorsport Limited

Registered in England and Wales

Company Number: 09238023

  1. Introduction

Student Motorsport (“we,” “us,” or “our”) is committed to protecting the privacy and security of your personal data and ensuring the safety and well-being of all individuals who engage with our website (https://www.studentmotorsport.com) and activities. This policy outlines how we collect, use, store, and disclose your personal information, in accordance with the UK General Data Protection Regulation (GDPR), the Data Protection Act 2018, and our Safeguarding Policy.  

  1. Data Controller

Student Motorsport, a company registered in England and Wales (Company Number: 09238023), is the data controller responsible for your personal data.  

  1. Data Collection and Purposes

We collect personal data for various purposes, including:

  • General Website Access and Use:

     

    • We collect data related to your browsing activity on our website, including IP addresses and usage patterns.  
    • This helps us improve our website and provide relevant content.  
    • Legal basis: Legitimate interest (improving website functionality and user experience).  
    • Please refer to our Cookie Policy [INSERT COOKIE POLICY LINK HERE] for detailed information on how we use cookies.  
  • Customers (Schools, Colleges, Universities, Student Teams):

     

    • We collect contact details, financial information (for invoicing and payments), and records related to our services.  
    • Legal basis: Contractual obligation (to provide our services). 

       

  • Team Communication, PR, Managing Records, and Administration (Participating Racing Teams):

     

    • We collect contact details, team member information, performance data, and media content for communication, PR, and administrative purposes.  
    • Legal basis: Contractual obligation, legitimate interest (promoting team activities). 

       

  • Affiliated Organisations (Associates, Sponsors, Partners):

     

    • We collect contact details and communication records for maintaining our relationships and promoting collaborations.  
    • Legal basis: Legitimate interest (communication, collaboration). 

       

  • Work Experience:

     

    • We collect contact details (including next of kin/emergency contacts), CVs, and safeguarding information for managing work experience placements.  
    • Legal basis: Contractual obligation (work experience agreements), legal obligation (safeguarding). 

       

  • Social Media:

     

    • We collect and store media content (photos, videos) involving affiliated third parties securely on Google Drive (Google Workspace).  
    • Legal Basis: Legitimate interest (promotion of events and activities) Consent when required for usage of images of individuals. 

       

  • Recruitment and HR:

     

    • We collect data from job applicants (CVs, applications) and employees (contracts, performance reviews, payroll information).  
    • Legal basis: Contractual obligation, Legal obligation. 

       

  • Marketing and Customer Relations:

     

    • We may collect email addresses and other contact details for marketing communications, with your consent where required.  
    • Legal Basis: Consent, Legitimate Interest. 

       

  • Customer Service and Sales:

     

    • We collect customer data to provide support and process sales transactions.  
    • Legal Basis: Contractual obligation. 

       

  • Financial Data:

     

    • We collect financial information for processing payments and managing accounts.  
    • Legal Basis: Contractual obligation, Legal obligation. 

       

  • Safeguarding Information:

     

    • In accordance with our Safeguarding Policy, we may collect and process personal data relating to safeguarding concerns, including details of incidents, allegations, and interventions.
    • This may include sensitive personal data where necessary to protect individuals from harm.
  1. Data Storage and Security

We store your personal data securely in:

  • Google Drive (Google Workspace): For website data, design, intellectual property, customer data, media and PR, finance, participant, and work experience data.  
  • FreeAgent: For financial processing and accounting.  
  • Google Cloud Platform: For Website hosting.  
  • Meta Business Suite: For managing our social media.  

We implement appropriate technical and organisational measures to protect your personal data from unauthorised access, loss, or disclosure. We will regularly review and update our security measures on a monthly basis.  

  1. Data Sharing

We may share your personal data with:

  • Our affiliated organisations (associates, sponsors, partners) for communication and collaboration purposes.  
  • Service providers (e.g., FreeAgent) for specific business functions.  
  • When required by law.  

We will not sell or rent your personal data to third parties.  

Specifically, we may share your data with the following categories of third parties:

  • IT service providers who assist with website hosting and data storage.
  • Financial service providers who process payments on our behalf.
  • Affiliated organisations (sponsors, partners) for joint marketing and promotional activities, where we have a legitimate interest and have conducted a Legitimate Interests Assessment.
  • Legal authorities, when required by law.
  • Safeguarding authorities, where there is a risk of harm to an individual.
  1. Your Rights

Under GDPR, you have the following rights:

  • Right to access: You can request a copy of your personal data.  
  • Right to rectification: You can request corrections to inaccurate or incomplete data.  
  • Right to erasure: You can request the deletion of your personal data (where applicable).  
  • Right to restrict processing: You can request limitations on how we process your data.  
  • Right to data portability: You can request to receive your data in a portable format.  
  • Right to object: You can object to the processing of your data.  
  • Right to withdraw consent: If we rely on consent, you can withdraw it at any time.  
  • Right to complain to the ICO: You can lodge a complaint with the Information Commissioner’s Office (ICO).  
  1. Data Retention

We will retain your personal data for as long as necessary to fulfil the purposes outlined in this policy, or as required by law.  

Specifically, we will retain data as follows:

  • Customer data (contact details, financial information): Retained for seven years after the termination of the contract, in accordance with financial record-keeping requirements.
  • Team member data (contact details, performance data): Retained for two years following the end of the competition + 1 year for any queries.
  • Website access data (IP addresses, usage patterns): Retained for 12 months.
  • Marketing data: Retained until consent is withdrawn.
  • Recruitment data: Retained for one year after the recruitment process is completed (or longer if required by law).
  • Safeguarding records: Retained in accordance with relevant legislation and best practice guidelines.

We will review these retention periods regularly and update them as necessary.

  1. Cookies and Tracking

Our website uses cookies to enhance your browsing experience. Please refer to our Cookie Policy [TBC] for more information.  

  1. Data Processing Principles

Any operation performed on personal data, including collection, storage, use, and disclosure, is conducted in compliance with GDPR.  

  1. Data Sharing with Third Parties

We will obtain appropriate consent or have a lawful basis for sharing personal data with third parties.  

  1. Data Deletion (Right to Erasure)

Individuals have the right to have their personal data deleted under GDPR, and we will comply with these requests when legally required.  

  1. Responding to Data Subject Requests

We have a suitable process in place to respond to data subject requests, including requests for access, rectification, and erasure.  

  1. Record Keeping

We keep records of our data processing activities to ensure compliance with GDPR.  

  1. Data Transfer

Currently, Student Motorsport does not transfer personal data outside of the UK. If, in the future, we need to transfer data outside of the UK, we will ensure that appropriate safeguards are in place in compliance with UK GDPR.  

This may include:

  • Transferring data to countries with an adequate level of protection as determined by UK adequacy regulations.
  • Implementing Standard Contractual Clauses (SCCs) approved by the Information Commissioner’s Office (ICO).
  • Obtaining your explicit consent for the transfer, where required.
  1. Data Protection Impact Assessment (DPIA)

We have considered the need for a Data Protection Impact Assessment (DPIA) and have determined that, currently, a DPIA is not required as our processing activities do not involve systematic and extensive profiling with significant effects, large-scale use of sensitive data or public monitoring. We will review the need for DPIAs on a regular basis, particularly if there are any significant changes to our processing activities.  

  1. Safeguarding
  • We are committed to ensuring the safety and well-being of all participants in the Student Motorsport Competition, both online and at in-person events.  
  • Our Safeguarding Policy outlines our commitment to best practices and robust safeguarding measures across all our operations.  
  • We will only collect data that is necessary for the purposes of Student Motorsport activities.  
  • We will ensure that data is stored securely and is only accessible to authorised personnel.  
  • We have procedures in place for responding to data subject access requests.  
  • If applicable, age verification procedures will be implemented to prevent underage access to inappropriate content and to ensure that we are only communicating with individuals who are old enough to participate in our programs.  
  • We will be implementing more robust age verification on the new website in 2025.  
  • Users are responsible for behaving appropriately online and at in-person events.  
  • Users must treat others with respect and courtesy, and must not engage in any form of bullying, harassment, or discrimination.  
  • Users should report any concerns or violations of this policy to Student Motorsport staff.  
  • Student Motorsport will cooperate fully with law enforcement agencies and other relevant authorities in case of serious violations of this policy or where there is a risk of significant harm to an individual.  
  • This includes sharing information as required by law and participating in joint investigations.  
  • We will ensure safe recruitment practices are followed, including:

     

    • Developing clear role descriptions.  
    • Requiring and checking references.  
    • Conducting interviews.  
    • Carrying out appropriate background checks (see section 12 of the Student Motorsport Safeguarding Policy 2025).  
    • Providing staff and volunteers with a code of conduct.  
  • All staff will receive initial data protection training upon joining Student Motorsport.  
  1. Staff Training

We will endeavour to provide regular training to staff on data protection best practices. This training will cover the principles of UK GDPR, the importance of data security, and the organisation’s data protection policies and procedures. Refresher training will be provided annually, and whenever there are significant changes to data protection law or our policies. Training will be delivered through a combination of online modules, and in-person workshops.  

  1. Contact Us

If you have any questions or concerns about this Privacy Policy or your personal data, please contact us at:

[Your Contact Information – Email and Postal Address]

  1. Changes to this Privacy Policy

We will review and update this Privacy Policy at least annually, or more frequently if there are any changes to data protection law or our processing activities, to ensure that it accurately reflects our data processing practices. We may update this Privacy Policy from time to time. We will notify you of any significant changes.  

  1. ICO Information

For further information on your rights and data protection, please visit the Information Commissioner’s Office (ICO) website: https://ico.org.uk/

Important Notes: It is essential to review and adapt this policy to your specific circumstances and to seek legal advice if required.