henley royal regatta
We are Henley Royal Regatta, a company which is registered in England and Wales with company number 10755921 and whose registered address is Regatta Headquarters, Henley-on-Thames, Oxfordshire RG9 2LY. We are a data controller for the purposes of any UK Data Protection Act, the General Data Protection Regulation, and all associated laws applicable in England and Wales, including the Privacy and Electronic Communications Regulations (Data Protection Law).
Our principal purpose is to organise and run Henley Royal Regatta (the Regatta), the world’s best-known rowing regatta held annually at our premises which attracts thousands of visitors and many competitors from around the world, and is broadcast in a variety of media. We also administer Membership of the Stewards’ Enclosure, the Regatta Shop and Temple Island venue, and the website available at www.hrr.co.uk (the Website).
This Privacy Notice outlines the way in which information relating to you is gathered and used by Henley Royal Regatta (referred to in this policy together as “we”, “our” or “us”).
We may collect your data in a number of ways, most often directly from you. This will usually happen in the following ways:
- by your use of the Website;
- by purchasing or applying for tickets and badges to the Regatta, or as a visitor;
- when you make a purchase from or enquiry of the Regatta Shop, including online;
- if you wish to enter the Regatta as a competitor, via www.regattaentries.co.uk or your rowing club;
- by submitting your details for accreditation, via hrr.accredit-solutions.com;
- if you do business with us – whether as part of a Club, or as a partner, or because you wish to hire Temple Island for an event;
- if you are a Member of the Stewards’ Enclosure; or
- when making enquiries of us or corresponding for any other reason.
We may sometimes collect information about you from third parties: for example from your rowing club, from referees or past employers, or if someone is making a gift purchase of tickets or Regatta Shop items on your behalf.
The Website has an online shop (https://www.hrr.co.uk/shop/) through which we will sometimes collect your personal data when you enter into a transaction with us. The shop terms and conditions can be found at www.hrr.co.uk/shop-terms-conditions and the ticket terms and conditions be found at https://www.hrr.co.uk/ticket-tcs
We may occasionally modify our Privacy Notice and/or Cookies Policy and will post those changes here on the Website, together with the date of the last update, so please do check it regularly. However, for any substantial changes we will, as far as reasonably possible, seek to provide this information to you directly so that you are always aware of what information we collect, how we use it and under what circumstances we disclose it.
Information collected online
When you shop on the Website or fill in forms on the Website, we will ask you to input and we will collect personal information from you such as your name, contact information (such as your email address, billing address, delivery address and telephone number), product selections, certain payment information (although please note that all credit and debit card transactions are handled by Stripe, so we do not hold your card details) and other information relevant to customer surveys and/or offers.
We may also collect anonymous information about your visit e.g. the URL you came from, your browser type, the country where your computer is located, the pages of our Website that were viewed during your visit, and any search terms that you entered on our Website (User Information). We may collect this information even if you do not register with us.
When you register on the HRR Accredit Platform for the purpose of acquiring a security pass to work at the Regatta we will collect personal information from you such as your name, contact information (such as your email address, home address, telephone number). Dependent on your role at the Regatta we may need your bank details or a proof of ID, such as a copy of your driving licence or passport and a utility bill.
Information collected from Members
We will collect biographical and other information from and about Members, including prospective Members. This is usually provided directly, or from their referees or those supporting their Membership, but we will occasionally need to make assessments about the suitability of present or prospective Members independently. We refer Members to the rules of Membership and Members’ Handbook for further details.
Competitors, and their coaches, clubs, crews and universities or schools, will provide us with racing information (preferred events and boat position), certain physiological information (height, weight etc.) and basic biographical information – name, date of birth, age, and affiliation (e.g. by club, school, university or employer) – for the purposes of our assessing entries and running the Regatta programme. This is usually provided either directly by the individual or by coaches or club officials.
We will also collect and process performance and results data relating to crews, and any additional sporting, career or biographical information that competitors may choose to share with us for the Regatta programme, or for broadcast media purposes (and which will be provided to production and presenting talent).
This will include some personal information of children under 18. We believe that the school-age competitors at the Regatta will still be of an age where they understand the process adequately to be able to provide personal data without recourse to parental consent or a separate child-facing privacy notice: but children, parents, clubs or schools with any concern or query should contact us on +44 (0) 1491 572153.
Sometimes, when you contact us by telephone, post or email, including for feedback, a record will be created of that correspondence.
Regatta broadcasts and CCTV
The Regatta itself, including crowds and competitors, will be recorded for broadcast purposes and certain competitor information will be collected directly from coaches and crews for use in commentary and production. We also monitor our premises by CCTV, and will therefore capture images in this way (see further below).
We require this information to understand your needs, deliver the Regatta and provide you with a better service. In particular, we may use your information for the following reasons:
- to administer, operate and deliver the Regatta and fulfil our obligations in this respect to visitors, staff, volunteers, casual workers and competitors
- for processing and fulfilling your Regatta Shop and ticket orders and maintaining a record of customer correspondence and otherwise for internal record-keeping
- for statistical, feedback or survey purposes to improve our events, products and services and understand our customers and own performance better
- to administer the Website and to notify you about changes to our Website service and policies
- for security, the detection of fraud and to comply with any legal duties imposed on us
These uses will often be undertaken in fulfilling a contract we have with you, or otherwise because they are necessary for the purposes of our legitimate interests or those of others, potentially including yours.
We owe contractual duties to our Members to provide the offers, services, access, events and communications that they expect in the course of their membership.
Staff, Casual Workers and Volunteers
We owe contractual and legal duties to those we engage to deliver our services and events, including as regards providing payroll, pension or benefits. In some cases this will involve the processing of special category data or criminal convictions information under legal duties placed on us as employers, including as regards diversity, safeguarding, health and welfare.
In accordance with your preferences (please see below for more details about preferences, including consent and your right to object to marketing), we will use your details to send you:
by post, communications in connection with our products or Membership materials
- from time to time, electronic news or promotional emails (for example concerning the Regatta, related events, the Shop, Temple Island or Membership)
We consider we have a legitimate interest to send this type of material to you, and that (absent of any express wishes to the contrary that you notify to us) you will reasonably expect us to do this. However, except where directly solicited – which may include where expected as part of Membership – messages will only be sent electronically where you have:
- consented, subject to any preferences you may have notified to us; or
- previously bought or enquired about a product or service. Where we have obtained your details in this way, we will continue to stay in touch concerning our own similar products or services, unless and until you object.
Shop and Partner Communications
When we send information about the Regatta Shop, by post or email, this will include information about not only our own merchandise but also products which we sell on behalf of others (including clothing and equipment, and products of our Partners). Our Partners are the official partners of Henley Royal Regatta named on the Website.
Any mailings or emails will be sent using the details that you have provided to us either in accordance with your previous purchases or enquiries as to similar items, or your specific preferences concerning how and about what you wish to be contacted. This may include:
- news and information about the Regatta; or
- new products or special offers connected with the Regatta which we think you may find interesting (such as details about the Regatta Shop or Temple Island, or offers exclusive to Members, including in collaboration with our Partners).
Your personal information will not be disclosed to other businesses except where specifically requested: for example, if you were to personally express an interest in a partner’s product at the Regatta, you might ask us to pass on your details and we would then do so.
However, depending on your chosen preferences, our own marketing to you may include offers on behalf of our Partners, or offers that we are able to bring you because of our relationship with them; and certain elements of what we send you (including Shop brochures, event information or Member communications) will include Partner branding even if that is not the primary purpose of the mailing.
You may find out what marketing contact list you are on and/or unsubscribe from it at any time by following the instructions in the email, writing to us using the contact details set out at the bottom of this Privacy Notice, or telephoning us on (+44 (0)1491 572153).
Using the Regatta Shop
When you place an order through the Website, we will use your details to process your order in order to fulfil our contract with you. You will be given the option either to unsubscribe or to receive further information from Henley Royal Regatta by post or email, about the Regatta and related products, or similar promotions or offers which we feel may be of interest to you.
Please ensure you select the correct preferences for you by unticking the box if you do not wish to be contacted for those purposes. You may unsubscribe from our Shop marketing contact list at any time by following the “unsubscribe” link in the email.
Club and competitor information
Competitor information (usually collected via www.regattaentries.co.uk) will be needed for us to create and publish the Regatta programme, administer the entries, adjudicate and record results, to maintain an archive of historic results, and to manage the broadcasting of the Regatta and generally curate and oversee the Regatta event. This we consider to be in our legitimate interests, including where competitors under 18 are concerned.
We also need to maintain a database of central administrative contacts within each crew’s club or institution at home or overseas. Although we will collect various permissions from crews and clubs as part of entry, in general the processing of information in this way is also part of our legitimate interest in running the Regatta.
Broadcasting and drone footage
The Regatta is regularly broadcast (live and via highlights packages) in various media: on our Website; via YouTube; and via digital or terrestrial television channels or broadcaster online platforms. This will include the races as well as the general ambience of the Regatta, including interviews and visitors (usually as part of crowd shots). We also make use of drone technology in the collection of footage. The cameras used in such filming ought to be obvious.
The production of sports events, including collection and broadcasting of footage and other uses of personal data of crowds and participants, is generally a permitted exemption to the usual rules of Data Protection Law but is subject to usual broadcasting standards and regulation. Otherwise, we consider this use is in our legitimate interests.
CCTV and automatic number plate recognition
We consider we have a legitimate interest in using CCTV and ANPR cameras to monitor Henley Royal Regatta buildings and premises (including the riverside and boat moorings), primarily for the purposes of security, monitoring car parking, and detection or prevention of crime (although in limited circumstances it may be used to investigate complaints, missing persons, staffing issues or other matters of public interest brought to our attention).
These cameras will be visible and notified by signage around our premises. We do not commonly use concealed cameras, and these will only be employed when there is a serious, specific and proportionate reason and then on a temporary basis. We will typically only retain camera images for one month, unless there is a specific lawful reason to retain for longer (such as an incident, request or complaint).
You are entitled to request a copy of footage that you reasonably believe relates to you. However, our ability to provide it may be limited by factors including the privacy of others; your ability to provide us with accurate information about time, date, and location of camera; and the retention period mentioned above.
Other than data subject requests by individuals affected, we will only share footage outside our organisation where it is lawful and reasonable to do so for one of the legitimate purposes mentioned above (for example, with police or local authorities). Within our organisation, footage is generally only accessed or viewed by our senior staff, and our external security contractors to whom we delegate the operation of the system, unless there is a compelling reason to involve other staff members.
For enquiries, requests or complaints about CCTV please contact email@example.com.
General, legal and regulatory uses
We confirm that any personal information which you provide to us (or which, exceptionally, is available on public registers) and any data from which we can identify you (which may include images such as CCTV or video recordings of events), will only be stored and processed in accordance with Data Protection Law.
While we may collect competitor or visitor data from around the world, in our usual course of operations we will not transfer any personal data we collect to anywhere outside the EEA.
We will not generally either collect personal information about you from publicly available sources, nor disclose your Personal Information to third parties, except where there is a lawful and legitimate reason for doing so. This may include where we are required to do so by law (for example, if we are asked to provide your details by the police, HMRC, a court, or any other regulatory or government authority acting under their powers). We may occasionally need to make disclosures under legal proceedings, or to our legal advisers.
In the unlikely event that the operations of Henley Royal Regatta are transferred to or integrated with another operation, your details may be disclosed to our advisers and to any transferee of those operations.
If someone else exercises a right of subject access, it may sometimes be reasonable and legally necessary for us to include documents that also identify others (see further below on Your Rights).
Individuals have various rights under Data Protection Law to access and understand personal data about them from data controllers, and in some cases ask for it to be erased or amended or no longer processed, but subject to certain exemptions and limitations.
Rights of access, transfer, erasure or amendment
Any individual wishing to access or amend their personal data, or wishing it to be transferred to another person or organisation, or who has some other objection to how their personal data is used (including as regards its relevance or accuracy), should put their request in writing to us via the contact details at the bottom of this Privacy Notice.
We will endeavour to respond to any such written requests as soon as is reasonably practicable and in any event within statutory time-limits, which in the case of requests for access to information is one month. We will be better able to respond quickly to smaller, targeted requests for information.
If any request is manifestly excessive or similar to previous requests, we may refuse or charge a proportionate fee, where Data Protection Law allows it. You should be aware that certain data is exempt from the right of access. This may include information which identifies other individuals (unless it is reasonable in all the circumstances to provide it), or information which is subject to legal professional privilege or some other valid exemption.
Similarly, we may have sound and compelling reasons to refuse specific requests to stop processing your data, or to amend or delete it: for example, because it is necessary for a legitimate purpose identified in this Privacy Notice.
Right to withdraw consent
Where we are relying on your consent as a means to process personal data, any person may withdraw this consent at any time. Examples where we do rely on consent are certain types of direct marketing activities. Please be aware however that in many cases we may be relying on a lawful reason to process your personal data that does not require your consent, and withdrawal of consent after the event may be too late to prevent lawful processing we have already undertaken.
6. How long we keep personal data
We will retain personal data securely and only in line with how long it is necessary to keep for a legitimate and lawful reason, and in accordance with our retention policies. For example:
- consumer or contract law, or future claims, may require that details are kept for as long as we or you might have rights to exercise under a contract (which might be up to seven years after that contract is concluded).
- even where you have requested we no longer keep in touch with you, we will need to keep a record of the fact in order to fulfil your wishes (called a “suppression record”).
- CCTV footage will be kept in accordance with the principles set out above.
- a certain amount of participation and performance information, including results and event footage, may be kept indefinitely for historical archiving records of the Regatta and for media data purposes (meaning data we may be asked to or wish to provide to sports media).
We consider such retention periods to be necessary for, and consistent with, the purposes for which the personal data was collected.
If you have any specific queries about how our retention policy is applied (or wish to request that personal data that you no longer believe to be relevant is considered for erasure), please contact us directly. However, please bear in mind that we may have lawful and necessary reasons to hold on to some personal data even following such request.
A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
When you use certain parts of the Website, we store a cookie in your browser which is needed to allow some services to work.
- For the Regatta Shop. When you add an item to your shopping basket we use a cookie to store the contents of your basket. This cookie will be deleted after you checkout or when you empty your basket. If you create an account for the shop you will be given the option to store a cookie to save your delivery address(es) and/or remember your account details the next time you visit. Before we store your delivery information in the address book or your account details for the ‘Remember Me’ function, you will be given the chance to opt out of consenting to us saving this information. Please ensure you tick or untick the appropriate boxes if you do not want your information to be stored for this purpose.
- For website analytics purposes. We use Google Analytics to see how users interact with our Website, so we can make improvements to the service we provide. For example, if we can tell that our users are having difficulty finding a page we can improve the navigation, or if we know that a high proportion of our visitors view the site from mobile phones, we can improve the layout for those devices.
Set out below is a list of the cookies we use on the Website and what information they store.
- appVersion – Used by Curator.io to store which version of their application is being used
- SpektrixClientName – Used by Spektrix to store information about Henley Royal Regatta (their client)
- CookieDetection – Used by Spektrix to detect whether cookies are supported and enabled
- woocommerce_recently_viewed – Used by WooCommerce to store which products the current user has viewed on the shop
- AWSALBCORS – This cookie is used for load balancing services provided by Amazon in order to optimize the user experience. Amazon has updated the ALB and CLB so that customers can continue to use the CORS request with stickness.
- SessionId – Used by Spektrix to identify the currently logged in user
- AWSALB – AWSALB is a cookie generated by the Application load balancer in the Amazon Web Services. It works slightly different from AWSELB.
- crisis-modal-845 – Used to decide whether the current user has already seen and dismissed the latest Crisis Modal pop-up
- __cfduid – Unknown use
- .ASPXAUTH – Used by Spektrix to identify the currently logged in user
- _ga- Google Analytics
- wordpress_test_cookie – Used by WordPress to detect whether cookies are supported and enabled
- tk_ai – Unknown use
- _ga_HB6KMV8HM6 – Google Analytics
- __cf_bm – Unknown use
- cookie_notice_accepted – Used to decide whether the current user has already seen and dismissed the Cookie notification bar
- mailchimp_landing_site – Used by Mailchimp to store which page was visited first
- spektrix_auth – Used by Spektrix to identify the currently logged in user
Privacy / Cookies Enquiries
Henley Royal Regatta
Oxfordshire RG9 2LY
We do not have a Data Protection Officer within the meaning of Data Protection Law, but our staff dealing with requests will have relevant training to be able to respond to your enquiries.
If you believe that we have not complied with this Privacy Notice or acted otherwise than in accordance with Data Protection Law, you should at first instance notify us directly. You can also make a referral to or lodge a complaint with the Information Commissioner’s Office (ICO), although the ICO recommends that steps are taken to resolve the matter with the data controller directly before involving the regulator.
This Privacy Notice and Cookies Policy was last updated in March 2022.