Our Privacy Policy
Introduction
This privacy policy describes how WRTC UK Limited t/a Run4It a company incorporated and registered in Scotland (registration number SC261029) having their registered office at 21 Holburn Street, Aberdeen AB10 6BS and their principal place of business at 57 Bothwell Street, Glasgow, G2 6TS trading as “Run4It” and as “Run4It Online” (referred to as “Run4It”, “we”, “our” or “us” in this document) is committed to protecting the security and privacy of all personal information or data collected from you. We conduct our business in compliance with applicable laws on data privacy protection and data security. This privacy policy tells you what to expect when we collect and process your personal information.
Personal information or data means any information capable of identifying you as an individual. It does not include anonymised data.
We try to meet the highest standards when processing your personal information. The data controller who is responsible for how we handle your personal information is:
WRTC UK Limited t/a Run4It (Company number SC261029) having their registered office at 21 Holburn Street, Aberdeen AB10 6BS and having their principal place of business at 57 Bothwell Street, Glasgow, G2 6TS.
Any queries you have in relation to the same should be directed to privacy@run4it.com.
Information we may collect from you
We may ask you to provide certain information about yourself when you use our website or are in contact with us about the products we provide (whether it is by telephone, email via the forms on our website, through applications or platforms we use, through our social media platforms or even face to face). By providing us with your data you warrant that you are over 13 years of age.
There are two distinct groups considered within this statement:
- Customers and prospective customers.
- Suppliers and Professional Advisers.
1. In respect of customers and prospective customers (including those who view our website or make enquiries about our products and/or services) the personal information collected may include:
- Details in relation to your identity such as your name where you purchase products or services from us.
- Contact details and shipping details for purchases including your postal/e-mail address and phone number.
- Your name and contact details where you make appointments to visit our store through our booking system
- Transaction details about products and services you specifically request from us.
- Financial details in relation to any services bought from us including addresses for invoices/billing and bank payment details (including credit card payment details).
- Profile details from documents you complete on-line such as your username and password, preferences, interests and your transaction history.
- Information from customer surveys and feedback forms in respect of any of our products you may have purchased.
- Details of your visits to our website including but not limited to traffic data, location data, weblogs and other communication data and the resources that you access or use.
- Marketing data including details of your preferences for receiving marketing information from us and communication preferences
- Technical data including but not limited to traffic data, location data, weblogs, page views and navigation paths, the number of times you have visited our website, other communication data and the resources that you access or use and details of the technology and devices you use to access our resources.
The personal information we hold about you will be held solely for the following purposes:
- To maintain records of your use of our services and administering those services.
- To communicate with you regarding any transactions with you.
- To make suggestions that may be of interest to you keeping you up to date regarding our services and activities whether by newsletter, email, or otherwise.
- To facilitate payments in respect of any services requested by you.
- To comply with our regulatory and legal obligations.
- For credit and identity verification and fraud detection in respect of transactions with you.
- To establish, exercise or defend any complaints made by or against you or any claims or litigation process raised by either of us against the other including in respect of us resorting to debt recovery or enforcing our terms of business.
- To administer our website and business (including web hosting and support) and to ensure that content from our website is relevant to you and is presented in the most effective manner for you including seeking your views on our products and service.
We are subject to the provisions of the General Data Protection Regulations (“GDPR”) that protect your personal data. Our legal basis under UK GDPR for processing your data is either performance of a contract with you, legal obligation or that such processing is in our legitimate interests in respect of running our organisation including developing our services, ensuring security and performance of our website and informing our overall marketing strategy.
We may also receive data about you from third parties such as Google analytics or advertising networks such as Facebook both of whom are based outside of the UK and from providers of technical, payment and delivery services.
2. In respect of suppliers and professional advisers (which also includes prospective suppliers and business contacts) personal information collected may include:
- Details in relation to your identity such as your name and contact details including your work postal/e-mail address and work phone number, job title and, if applicable, your qualifications in relation to the provision of those services.
- Details of products or services acquired by us and provided by you and advice received.
- Financial details in relation to the provision of any services by you to us.
The personal information we hold about suppliers and professional advisers will be held solely for the following purposes:
To administer or maintain records of the services or advice we receive from you including transaction and financial details about services we have requested or received from you and payments which are due in respect of those services.
- To establish, exercise or defend any complaints made by or against you or any claims or litigation process raised by either of us against the other including in respect of us resorting to debt recovery or enforcing our terms of business.
- For credit and identity verification and fraud detection in respect of transactions with you.
- To administer our website and business (including web hosting and support).
Our legal basis under UK GDPR for processing your data is that such processing is required in connection with fulfilling our legal obligations and is in our legitimate interests in respect of running our business including developing our services, ensuring security and performance of our website and informing our overall marketing strategy.
Sensitive Data
In respect of both groups, we will generally not collect sensitive data from you via our website. Sensitive data is personal information which includes your racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic or biometric data, or information concerning your health or mental wellbeing or sexual orientation. Much of the additional specific information referred to above will be sensitive data. Given the nature of the products and services we sell it is extremely unlikely that we will require to collect any sensitive data about you. Where we do require to process such sensitive data to provide services to you, we will notify you in advance and will request your express consent in writing to process such sensitive data.
If you do not wish us to collect any of the personal information stated above, you should discuss this with us. We can explain the reasons for collection and discuss the consequences of not providing the information or of providing partial or incomplete information and the effect this may have on our ability to provide our services.
Marketing Information
We may provide you with information on products that we sell. In order to optimise your customer experience with you this may include emails to you to update you on our latest offers and events. We may also show you content via social media platforms and other external applications such as Facebook and Instagram. This is regarded as a marketing activity. Our lawful ground of processing your data for marketing communications is either your consent or our legitimate interests.
We will only market to you where you have:
- Specifically requested marketing information from us.
- Previously acquired similar services/goods from us.
- Consented by way of ticking a box or opting in to receiving marketing from us.
If you have opted out of marketing, we will not send you any future marketing without your consent.
Each time we market to you we will always give you the right to opt out of any future marketing by using the simple “unsubscribe” link in emails. We would point out that you have the right at any time to ask us not to market to you by emailing us at privacy@run4it.com rather than waiting on a specific opt out.
How long we hold information for
We will only retain your personal information for as long as is necessary in line with the purposes for which it was originally requested or collected or where we are required to do so for some legal or reporting purpose.
In working out how long we retain personal data we look at the type of personal data involved, the purpose of processing, how sensitive or confidential the data is and at legal and commercial considerations including any legal obligations we have. By way of example, by law we are required to keep accounting records for six years after the end of the year in which the last transaction occurred. This means that we will be required to keep some basic customer details for that purpose even although our relationship with you may be at an end. However, it should be noted that the requirement is basic customer details and therefore it is not legitimate to also keep information such as your preferences for that period of time.
In case of services requiring payment, any payment account information (including where applicable card details) requested from you will be used solely for processing payments. All direct payment gateways adhere to the latest security standards as managed by the PCI Security Standards Council and scans for malware are performed on a regular basis for additional security and protection. Your purchase transaction data is stored only for as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted.
In some circumstances we may anonymise your personal data for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
If you have any questions relating to either retention periods or require more detail on the purposes of processing or the specific reason or legal grounds, we are relying on for that processing then please contact privacy@run4it.com for additional information.
Sharing Your Information
We will not sell the personal information that we collect from you and will only use it for the purposes set out in this privacy policy. We may share your personal information with the following parties:
1. Service providers who provide us with hosting and administrative services to allow for the processing and management of orders, payments and associated communications with you. Our website is hosted on the Shopify Plus Ecommerce platform and payments are processed through Shopify payments. We also use Klarna who provide alternative payment options. We use Klaviyo marketing automation software to manage all of our customer communications and Brightpearl to administer all purchasing, order fulfilment and dispatch functions. You can find out more about how each of these providers use your personal information in their privacy policies:
Shopify: https://www.shopify.com/legal/privacy/customers
Klarna: https://www.klarna.com/uk/privacy/
Klaviyo: https://www.klaviyo.com/legal/privacy-notice
Brightpearl: https://www.brightpearl.com/privacy-policy
2. Third party providers of services such as contractors dealing with the logistics of transporting or delivering our products such as Royal Mail and DPD to deliver our products to you, review partners such as Feefo to enable feedback to be shared and viewed on our website. We use the services of Appointedd to enable appointments to be made and Buzzsprout for the provision of our Podcast hosting. We use the Freshdesk customer service platform to provide customer service support. We use the GoAffPro affiliate marketing app to track affiliate referrals to our website from Student Beans, and analyse sales resulting from referrals from Student Beans. We only share information with these partners to the extent necessary for the provision of their specific services. You can find out more about how each of these providers use your personal information in their privacy policies:
Feefo: https://www.feefo.com/en/business/privacy-policy
Appointedd: https://www.appointedd.com/privacy-policy
Buzzsprout: https://www.buzzsprout.com/privacy
Freshdesk: https://www.freshworks.com/privacy/
GoAffPro: https://www.goaffpro.com/policies/privacy
3. Regulatory authorities who require reporting of our activities by law such as the tax authorities.
4. Professional advisers such as our lawyers, accountants, bankers and insurers.
5. Debt collection agencies for the purposes of credit control or recovery of any sums due by you to us.
6. Third parties to whom we sell, transfer, or merge our business or any part of it.
All third parties with whom we share your data are required to protect your personal data, treat it confidentially and to process it in accordance with the law.
Where we use third parties, we will take all reasonable steps to ensure that they are UK GDPR compliant and, in particular, that:
- They have adequate technical and other measures in place to ensure the security of your personal information.
- That they only use it for specified purposes.
- That any employees or contractors who have access to the information are adequately trained and deal with it on a need-to-know basis only.
- That they act only in accordance with our instructions.
IP Addresses and Cookies
When you visit our website, we automatically collect certain information about the device you use to do so (“your device”), including information about your web browser, IP address, time zone and some of the cookies that are installed on your device. Additionally, as you browse the website we collect information about the individual webpages or products that you view, what websites or search terms referred you to the website and information about how you interact with the website. We refer to this automatically collected information as Device Information.
We collect Device Information using the following technologies:
- “Cookies” are data files that are placed on your device and often include an anonymous unique identifier. For more information about cookies, and how to disable cookies, visit the website: all about cookies.
- “Log files” track actions occurring on the website and collect data including your IP address, browser type, Internet service provider, referring/exit pages, and date/time stamps.
- “Web beacons”, “tags” and “pixels” are electronic files on the website used to record information about how you use the website.
Full details on what cookies we use and how to disable them are included in our cookies policy.
Security of Personal Data
We take information security very seriously. Your information and records will be stored securely to ensure privacy of your personal data. We take all reasonable steps to ensure that there are technical and organisational measures of security in place to protect your personal data from unauthorised access to or disclosure of it, and against loss or accidental damage or unauthorised alteration of it. Staff handling your personal data are also adequately trained in relation to the legal requirements for handling personal data. These include robust procedures for dealing with breaches including incident reporting and notifying the national supervisory or data protection authorities, and where appropriate you, of any breaches, the consequences of the same and the remedial action taken.
Where possible the information you provide us with will be held within the European Economic Area (“EEA”) or within the UK.
Overseas Transfers
We would point out that countries outside of the UK do not always have similar levels of protection for personal data as those inside the UK. The law provides that transfers of personal data in respect of UK based individuals outside of the UK is only permitted where the recipient country has adequate safeguards in place for the protection of personal data. Some types of processing may use cloud solutions which can mean information may sometimes be held on servers which are located outside of the UK or they may use processors who are based overseas.
Where we use cloud-based services or third-party providers of such services and in either or both circumstances the data is processed outside of the UK if you are a UK based individual that will be regarded as an overseas transfer. Before instigating an overseas transfer, we will ensure that the recipient country and/or processor has security standards at least equivalent to UK GDPR standards and, in particular, one of the following permitted safeguards applies:
- The country in question is deemed to have adequate safeguards in place as determined by the UK Regulatory Authorities.
- There is a contract or code of conduct in place which has been approved by the UK Regulator which gives your personal information the same protection it would have had if it were retained within the UK.
- If the overseas transfer is to the United States, then we may only use US Providers that are part of a UK Regulator approved framework which obliges them to give your personal information the same degree of protection it would have had if it were retained within the UK and therefore has adequate safeguards.
If none of these safeguards exist, then we may seek your explicit consent for an overseas transfer. In line with your rights as an individual you are free to withdraw this consent at any time.
Your Rights
In certain instances, you have rights as an individual which you can exercise in relation to the information we hold about you. These rights are the right to:
- Restrict processing of your personal data.
- Rectification or correction of your personal data.
- Object to processing of your personal data.
- Request erasure of personal data (also referred to the right to be forgotten).
- Not be subject to a decision based solely on automated processing or profiling.
- Transfer your personal data (also referred to as the right of portability).
- Withdraw your consent to processing your personal data.
- Request access to your personal data.
Additional information about these rights can be found on the website of the UK Regulator, the Information Commissioner (ICO).
If you wish to exercise any of these rights or if you have provided consent and we are relying on that as the legal ground of processing your personal information and you wish to exercise your right to withdraw that consent you can do so at any time by contacting us at privacy@run4it.com.
Access to Personal Information
We try to be as open as we can in giving people access to their personal information. You can make a subject access request at any time about the personal information we process about you. Any request requires to be in writing and is not subject to any charges or fees. If we do hold any personal information about you, we will:
- Give you a description of it.
- Tell you why we are holding it.
- Tell you who it has or will be disclosed to.
- The source of the information (if not you).
- Where possible, the period for which it will be stored.
- Let you have a copy of the information in an intelligible form.
We will respond to a subject access request within 30 days. On occasion we may need additional information from you to determine your identity or help us find the information more quickly. Where the information you have requested is complex, we may take longer than this but shall keep you advised as to progress should this be the case.
If you believe that any information we hold about you is incorrect or incomplete you should email us at privacy@run4it.com. Any information which is found to be incorrect will be corrected as soon as possible.
Complaints
We would prefer to resolve any issues or concerns you may have direct with you, our contact details are in section below. If you feel you are unable to resolve matters by contacting us direct or are unhappy or dissatisfied with how we collect or process your personal information you have the right to complain about it to the UK Regulator, the Information Commissioner (ICO).
Third Party Links
This website and our online services may include links to third party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control those websites and are not responsible for their privacy statements. When you leave our website we encourage you to read the privacy notice of any third party website or application enabled by clicking that link or enabling that connection.
Contact
Questions, comments, and requests regarding this privacy policy are welcomed and should be referenced 'Privacy' and addressed to us at:
Run4It Office
57 Bothwell Street
Glasgow
G2 6TS
E-mail: privacy@run4it.com
Changes to this Privacy policy
We keep our privacy notice under regular review. This privacy policy was last updated on 29th November 2023.