Privacy policy

GENERAL INFORMATION

This Privacy Policy explains the way in which any personal information that we collect from you, or that you provide to us, will be processed by us when you visit our website kidneywales.realbuzzevents.com (“site”).

The site is operated and managed by Realbuzz Group Limited., a company registered in England and Wales with company number 11951356 and with its registered office at Suite 6, 3rd  Floor, 1 The Exchange, St John Street, Chester, CH1 1DA, United Kingdom (hereinafter “Realbuzz”,"we", "usor "our").

For the purposes of Data Protection Legislation: 

  • When you create a realbuzzevents membership account, Realbuzz is the data controller for your personal information;
  • When you enter the Taith Dros Gymru Virtual Challenge, Kidney Wales  is the data controller for your personal information;
  • You are the data subject whose personal data is being processed.

We endeavour to take all due care to protect your personal information in accordance with all applicable Data Protection Legislation.

We review our Privacy Policy on an annual basis, or more often if required. This policy was last updated on March 10th, 2021.  


HOW TO CONTACT US

For data privacy enquiries, please email privacy@realbuzz.com or write to:

Head of Information Security, Suite 6, 3rd Floor, 1 The Exchange, St John Street, Chester, CH1 1DA.

For general enquiries about our products and services, please email feedback@realbuzz.com
 

TERMS OF USE

Your use of the site is subject to this Privacy Policy and our Terms of Use. By using our site, you are agreeing that you accept our Privacy Policy, Cookies Policy and Terms of Use. If you do not agree with any of these, please refrain from using our site.


PERSONAL INFORMATION WE COLLECT AND WHY

In order for us to provide you with our products and services, we need to collect some personal information about you. The personal information we collect includes:

  • Name and email address - these are required to register your realbuzzevents membership account, and so that we uniquely recognise you and can contact you;
  • Username and password - these credentials are required to allow you to securely log into your account and to protect any personal information within your account; 
  • Optional Google or Facebook login - You may opt to log into your account via a secure online source such as Google or Facebook to whom you have already provided authentication information;
  • Home Address - this is required so that we can send your completion medal to you;
  • Phone number - if we can't contact you by email, we may need to contact you by phone instead;
  • Photograph (optional) - once you have completed the Virtual Event, you will need to send us your Finisher Photo as evidence;
  • Our web server collects standard information such as your computer's IP address, browser type, access time and operating system so that we can gather analytics data about visitors to our site, which may help us improve our services in the future; 
  • Records of emails and other correspondence when you contact us to request information, report a problem or provide feedback on our services.


YOUR RIGHTS

Your privacy is of utmost importance to us. As such, we wish to be as transparent with you as we possibly can regarding how we process and secure your personal information, and to provide you with as much control over your personal information as possible whilst it is under our care and protection. We recognise that this is your personal information and we don’t want to use it in ways that you don’t want us to.

Data protection laws, including the General Data Protection Regulation ("GDPR"), give you very specific rights regarding your personal data and how we process your data. Your rights include:

Right of access - you can ask us for access to, or for a copy of, the information we have about you on our systems;

Right to rectification - although you can quite easily keep your own information up-to-date via your membership account, you can ask us to rectify any incorrect personal information that we have about you and we'd be happy to assist you;

Right to erasure - you can ask us to completely erase all personal information we have about you from our systems and mailing list (if you opted in to receiving newsletters from us), including deletion of your membership account; 

Right to restrict processing - as an alternative to erasing your information, you can ask us to restrict the processing of personal information we have about you in certain circumstances. For example, you could request that we temporarily make your information unavailable under certain circumstances, such as a dispute; 

Right to object - you can object to us processing your personal information in specific circumstances. For example, we may email you from time-to-time with suitable products or services that we may think you'd be interested in. If you did not wish to receive such emails, you could object to us using your email address for this purpose (although you can unsubscribe to our emails at any time).

To exercise any of these rights, please email privacy@realbuzz.com with your request. We endeavour to respond to all requests within a reasonable time but within 30 days.

NOTE: Not all of these rights may be enforceable in your jurisdiction or under certain conditions. For example, we might not be able to completely erase your personal data if we are required by law to retain specific information to comply with those laws ourselves. We will however review all Data Subject Requests fairly.

 

OUR LAWFUL BASIS FOR PROCESSING YOUR PERSONAL INFORMATION

The following table provides information regarding what we deem as our lawful basis for processing personal information for different purposes:

PURPOSE / ACTIVITY

TYPE OF INFORMATION

LAWFUL BASIS FOR PROCESSING

Set up your account on the site

Identity
 

Contact

Consent


Legitimate Interest

Provide website functionality and user tools

Identity
 

Contact
 

Technical

Consent
 

Legitimate Interest
 

Legitimate Interest

To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, data handling and reporting)

Identity

 

Contact

 

Usage

 

Professional

Our legitimate interests to run our business, provision of administration and IT services, network security, to prevent fraud or prevent access to the information we hold

 

Necessary to comply with a legal obligation

To deliver relevant website content and advertisements to you and to measure and understand the effectiveness of  the advertising we serve to you

Identity

 

Contact

 

Usage

 

Marketing and Communications

 

Technical

Consent

 

Our legitimate interests to run our business, keep our website and marketing relevant and updated, develop our business and inform our marketing strategy

To make suggestions and recommendations to you about services/ products that may be of interest to you

Identity

 

Contact

 

Technical

 

Usage

Consent

 

Our legitimate interest to develop and grow our business

To send you marketing communications (email newsletters)

Marketing and Communications

 

Contact

 

Identity

Consent

 

 Legitimate interest

To notify you of website activity as per your user profile settings

Contact

Identity

Legitimate interest


HOW LONG DO WE KEEP YOUR PERSONAL INFORMATION FOR?

We will continue to process your personal information to provide you with our products and services for as long as we have a legitimate reason for doing so, or until such a time whereby you withdraw your consent for us to do so.

Where required by local laws in some jurisdictions, we may be forced to hold your personal information for a longer period of time to comply with such laws.
 

HOW DO WE PROTECT YOUR PERSONAL INFORMATION?

Our services are hosted on state-of-the-art Amazon Web Services ("AWS") cloud technology. We follow industry best practice, standards and frameworks such as NIST, ISO 27001 and ICS to provide robust security and resilience.

Your personal information relating to your account will be stored on AWS' servers in the United Kingdom ("UK") and will never be transferred outside of the UK. Some of your personal information including Name, Address and Email Address may be transmitted via AWS’ United States servers to facilitate secure communication services such as email sending; Where your personal data is transmitted via the US, it will be done so securely within AWS’ own network in accordance with their GDPR DATA PROCESSING ADDENDUM. None of your personal information will ever be transferred outside of the UK, only transmitted.

All of your interaction with our site will be encrypted using secure SSL. You will see a small padlock in front of the website's URL in your browser and you will also notice that the URL itself is preceded with https. This indicates that you are in a secure environment.

No data transmissions over the internet, including emails and messaging methods, can be guaranteed to be 100% secure. You are responsible for ensuring that your operating system and browser are kept up-to-date with the latest software and that you use reputable anti malware protection on your devices. We do not accept responsibility for any unauthorised access or loss of personal information that is manifested beyond our control.

Access to your personal information by our employees is highly restricted and on a 'need-to-know' and 'least privilege' basis only. All staff undergo periodic security awareness training to ensure they understand how to securely handle personal information in accordance with data privacy laws, and fully understand their responsibility for the security of your personal information.


WHAT ABOUT LINKS TO OTHER THIRD PARTY SITES?

You may find links to external third party websites on our site such as advertisers. Such websites are not managed by us nor are they covered under this Privacy Policy. 

If you access websites by following links from our site, the operators of these sites may collect personal information about you themselves, which will be used by them in accordance with their own Privacy Policy. We advise you to read each site’s Privacy Policy and Terms carefully prior to use. 
 

WHO DO WE SHARE YOUR PERSONAL INFORMATION WITH?

We may need to securely share your information with affiliated organisations and third party service providers who render services to us on your behalf. We may also be required to share your personal information if required by law, requested by law enforcement authorities or to enforce legal rights (e.g. to HMRC when you claim a Gift Aid).  

Our third party service providers may include:

  • Banks and payment providers - to authorise and securely complete payment transactions
  • IT, information security and cloud service providers - to assist us in providing the service and keeping your personal information safe 
  • Communications providers - to provide essential communication services such as email delivery

Where you have made the decision to make a Gift Aid declaration, Kidney Wales will use your personal information (full name, house name/number and postcode) to claim Gift Aid against your donation.


FURTHER INFORMATION ABOUT DATA PROTECTION LEGISLATION IN THE UK

Here in the UK, Data Protection Legislation (e.g. GDPR and UK Data Protection Act) is governed by the Information Commissioner’s Office (ICO), who are the independent regulatory office in charge of upholding information rights in the interest of the public here in the UK.

You can find out more about your Data Protection Rights by visiting the ICO’s website.


MAKING A COMPLAINT

If you wish to raise a complaint on how we handle your personal data, you can contact us by writing to the

   Head of Information Security at Suite 6, 3rd Floor, 1 The Exchange, St John Street, Chester, CH1 1DA, United Kingdom, or by emailing   privacy@realbuzz.com.

If you are not satisfied with our response, you may escalate your complaint by contacting the Information Commissioner’s Office (ICO); Their Helpdesk phone number is 0303 123 1113.
 

PRIVACY NOTICE UPDATES

We will update this policy from time-to-time. We will endeavour to notify you of any changes by contacting you using an email address you have provided, or by placing a notice on the site indicating the new revision date. We encourage you to periodically check back and review this Privacy Policy; Your continued use of the site signifies your acceptance of the policy.