Privacy Statement
Introduction and general section
1 Your personal data which we collect and obtain
1.1 This Privacy Statement ("Statement") sets out the basis on which EquiRatings Limited of Ballybolger Stud, Ballyloo, Co. Carlow, Carlow, Ireland ("we", "our", "us" or "EquiRatings"), processes personal data which we collect relating to you or which you provide to us. EquiRatings acts as the data controller for your personal data.
1.2 EquiRatings collects personal data from clients, riders, federations, brands, and website users across its business divisions. If the data we collect is not listed in this Statement, we will give individuals (when required by law) appropriate notice of what other data will be collected and how it will be used.
2.1 This Statement is split into multiple sections in a modular format for your ease of navigation. This is because you may not use all of our services. The introduction section sets out general data privacy information which generally relates to how we process your data. Later in the document, we provide sections setting out specifics around personal data use and collection relating to each of EquiRatings' three business divisions:
2.1.1 Sport Promotion,
2.1.2 Risk, and
2.1.3 Horse Sourcing.
2.2 EquiRatings works hard to protect your right to privacy and the protection of your personal data. We want you to feel secure and that when you deal with EquiRatings, your personal data is in good hands. EquiRatings protects your personal data in accordance with applicable laws and our data privacy policies. In addition, we maintain appropriate technical and organisational measures to protect your personal data against unauthorised or unlawful processing.
3 Who we share your personal data with
We need to share your personal data with third parties in certain circumstances.
As set out in Section 2 above, this Statement is structured on a modular basis across EquiRatings' three business divisions: Sport Promotion, Risk, and Horse Sourcing. Each business division engages its own IT and logistical service providers in the course of its operations. Details of the specific service providers and platforms used by each division, and the associated processing of your personal data, are set out in the relevant business division sections below (Sections 11–13).
We may also disclose your personal data to some or all of the following recipients:
Recipient(s)
3.1 Regulatory authorities and law enforcement agencies (where we are under a duty to disclose or share your personal data in order to comply with any legal or regulatory obligation or request).
3.2 External advisors e.g., lawyers, accountants, and auditors (as necessary or desirable to protect our legitimate and legal interests).
3.3 In the case of corporate transactions, we may transfer your personal data to appropriate third parties such as due diligence providers. In the case of the sale of EquiRatings, or any of its assets, we may transfer your personal data to relevant third-party companies.
3.4 Our suppliers and service providers. We may disclose your information to our third-party service providers, agents, subcontractors, and other organisations for the purposes of providing services to us or directly to you on our behalf.
3.5 Equestrian federations and governing bodies. Where you are a rider or official whose data has been provided to us by a federation or governing body, we may share relevant data back with those bodies in the performance of our services to them.
4 Storage and transfers of your personal data
4.1 EquiRatings stores all of your personal data within the European Economic Area ("EEA"). There may however be some instances where your personal data is transferred outside the EEA, for example, where our external third parties are based outside the EEA. If at any time we transfer your personal data to countries located outside the EEA, we will ensure that appropriate safeguards are in place for that transfer as required by law.
4.2 Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
4.2.1 Adequacy Regulations. We may transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
4.2.2 Additional Safeguards: Where we use certain service providers located in countries which do not provide the same personal data protection as within the EU and do not therefore benefit from an adequacy decision, we may use the EU Standard Contractual Clauses.
4.2.3 US Data Privacy Framework. Where we use service providers based in the US, we may transfer data to them if they are part of the Data Privacy Framework List based on the adequacy decision for the EU-US Data Privacy Framework which requires them to provide similar protection to personal data shared between Europe and the US.
4.3 We hold all of our personal data in accordance with appropriate standards of IT security. If you would like to find out more about the appropriate safeguards that we have in place you can contact us using the details at Section 10 (Contact).
4.4 Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to or from the website; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
5 General processing, AI and marketing
5.1 Data Anonymisation and use of Aggregated Information. Your personal data may be processed in some instances for the limited purpose of converting it into statistical or aggregated data in such a way as to ensure that you are not identified or identifiable from it. Our legal basis to process your personal data for this purpose is legitimate interests. Aggregated data cannot be linked back to you as a natural person. We may use this data for various business reasons including analytical and research purposes.
5.2 AI and Automated Processing. We do not engage in automated personal data processing which leads to automated decision making. We use automated processes and AI tools primarily for internal business operations and productivity enhancement. This includes AI-powered tools for document processing, data analysis, system monitoring, and operational efficiency. These AI tools do not generally process your personal data as part of providing our services to you, and we do not use your personal data to train AI models or for AI development purposes.
5.3 Direct Marketing. EquiRatings may use your personal data, in particular your business contact details and email address, to send you marketing communications about our products, services, events, and activities. These communications are directed at business contacts and professional stakeholders in the equestrian industry, including clients, prospective clients, federation contacts, event organisers, and brand partners. Such communications are distributed primarily through our Sport Promotion division and are sent via third-party email marketing platforms.
5.4 The lawful basis upon which we rely for the processing of your personal data for direct marketing purposes is our legitimate interests (Article 6(1)(f) GDPR), namely our legitimate interest in promoting our products, services, and activities to business contacts and professional stakeholders in the equestrian industry. We have carried out a balancing test to ensure that our legitimate interests are not overridden by your interests, fundamental rights, or freedoms. In conducting this assessment, we have had regard to the fact that our marketing communications are directed at individuals in their professional or business capacity, that the content of such communications is relevant to the recipient's professional activities, and that recipients are provided with a clear and accessible mechanism to opt out of receiving further communications at any time.
5.5 You have the right to object to the processing of your personal data for direct marketing purposes at any time. This right is absolute and may be exercised free of charge and without detriment to you. You may exercise this right by clicking the unsubscribe link included in any marketing communication you receive from us, or by contacting us directly using the details set out in Section 10 (Contact). Where you exercise your right to object, we will cease processing your personal data for direct marketing purposes without undue delay.
5.6 EquiRatings uses Mailchimp, a third-party email marketing platform provided by The Rocket Science Group LLC, to distribute marketing communications on our behalf. Mailchimp processes your personal data as a data processor acting on our instructions and pursuant to a data processing agreement. As Mailchimp is a US-based service provider, your personal data is transferred outside the EEA in connection with the distribution of marketing communications. We ensure appropriate safeguards are in place for such transfers as described in Section 4 (Storage and transfers of your personal data) above.
6 How long we keep your personal data for
6.1 In general, we expect to keep your personal data for as long as is necessary for the purposes for which it was collected. Generally, this will be when EquiRatings has ceased to be in a business/commercial relationship with you, and it is no longer necessary for us to process your personal data or we are informed that your relationship with us has changed.
6.2 The other criteria which we will use to determine the period for which we will hold your personal data may include: (a) the length of our relationship with you; (b) whether we are under a legal obligation which requires the retention of your personal data; (c) whether the retention of your personal data is required in light of our legal position; and (d) to fulfil our legitimate business interests as described in this Statement or until you revoke a consent you previously granted to us to process your personal data.
7.1 The website or our services may present links to other websites for which we are not responsible as your data controller or from a legal perspective more generally speaking ("Linked Websites"). We are not responsible for the privacy statements or practices on Linked Websites. This Statement governs only personal data where EquiRatings is acting as data controller. When accessing Linked Websites, you should read the privacy statement published on the relevant Linked Website. Please check the statements on such websites before you submit any personal data.
7.2 EquiRatings' websites contain links to other websites and resources provided by third parties for your convenience and information only. We accept no liability in connection with any Linked Website, or any contract entered into with any third party on or through a Linked Website. We have no control over the content of those websites or resources and accept no responsibility for them or for any loss or damage that may arise from your use of Linked Websites.
8.1 You have a number of rights in relation to your personal data as set out in the table below subject to the exceptions set out in applicable law.
8.2 Note that in certain circumstances these rights might not be absolute.
|
Right |
Further Information |
|
Right of Access |
You have the right to request a copy of the personal data held by us about you and to access the information which we hold about you. We will charge you for making such an access request where we feel your request is manifestly unfounded or excessive. |
|
Right to Rectification |
You have the right to have any outdated or inaccurate personal data which we hold about you updated or corrected. |
|
Right to Erasure |
In certain circumstances, you may also have your personal data deleted, for example if you exercise your right to object and we do not have an overriding reason to process your personal data or if we no longer require your personal data for the purposes set out in this Statement. |
|
Right to Restriction of Processing |
You have the right to ask us to restrict processing your personal data in certain cases, including if you believe that the personal data we hold about you is inaccurate or that our use of your personal data is unlawful. If you validly exercise this right, we will store your personal data and will not carry out any other processing until the issue is resolved. |
|
Right to Data Portability |
You may request us to provide you with your personal data which you have given us in a structured, commonly used and machine-readable format and you may request us to transmit your personal data directly to another data controller where this is technically feasible. This right only arises where we process your personal data on the legal bases of your consent or where it is necessary to perform our contract with you. |
|
Right to Object |
You have a right to object at any time to the processing of your personal data where we process your personal data on the legal basis of pursuing our legitimate interests. Where you object to the processing of your personal data for direct marketing purposes, this right is absolute and we will cease such processing without undue delay upon receipt of your objection. |
8.3 If you want to exercise any of these rights, please email us at info@equiratings.com. In relation to certain rights, we may ask you for information to confirm your identity and, where applicable, to help us to search for your personal data.
8.4 We will provide you with information on any action taken upon your request in relation to any of these rights without undue delay and at the latest within one month of receiving your request. We may extend this by a further 2 months if the request is complex or if we have received a number of requests from the same individual, however we will inform you if this arises.
8.5 We are registered with the relevant data protection authority. In respect of the EU, our lead regulatory authority is the Data Protection Commission ("DPC") which is based in Ireland. You may have the right to lodge a complaint with the DPC with regards to our processing of your personal data. However, in the first instance we would encourage you to contact us directly at info@equiratings.com to discuss any queries you may have. You can contact the DPC directly with the following contact details:
|
DPC |
|
|
Address: |
6 Pembroke Row, Dublin 2, D02 X963, Ireland |
|
Phone: |
+353 57 868 4800 / +353 761 104 800 |
|
Email:
|
9.1 We may amend this Statement on occasion, in whole or part, at our sole discretion. Any changes will be posted on this page which will be kept up to date. Please check this Statement regularly for changes.
9.2 If at any time we decide to use your personal data in a manner significantly different from that stated in this Statement, or otherwise disclosed to you at the time it was collected, we will change this Statement, and you will have a choice as to whether or not we can use your personal data in the new manner.
Questions, comments and requests regarding this Statement are welcomed and should be addressed to our Data Protection Lead at the following address: info@equiratings.com
11.1 Overview
EquiRatings' Sport Promotion division provides data and media services to shows, events, and brands in the equestrian industry. Through this division, EquiRatings operates a number of public-facing platforms including its main website and associated media dashboard platforms.
11.2 Personal Data We Collect - Sport Promotion
We may collect and process the following personal data in connection with the Sport Promotion division:
|
Category of Personal Data |
Types of Personal Data |
|
'Account and Identity Data' |
Name, email address, and password, provided by you when creating an account on our platforms. |
|
'Device and Usage Data' |
IP addresses, unique device identifiers, time zone settings, operating system, and platform information collected through your use of our websites. |
|
'Statistical Data' |
Anonymous data collected through our hosting servers and analytics tools for statistical purposes. |
11.3 How We Collect Your Personal Data - Sport Promotion
We collect personal data in the Sport Promotion context through the following means:
11.3.1 Directly from you, when you register for or log into an account on any of our Sport Promotion platforms.
11.3.2 Through your use of our platforms, including browsing activity, preferences, and interactions recorded automatically.
11.3.3 Via forms and surveys, where you choose to provide information to us directly.
11.3.4 Through newsletter and marketing sign-ups, where you subscribe to receive communications from us.
11.4 Legal Bases and Purposes - Sport Promotion
|
Relevant Category of Personal Data |
Purpose(s) |
Legal Basis |
|
'Account and Identity Data' |
To create and manage your account on our platforms; to provide you with access to our Sport Promotion services and content; to communicate with you about your account. |
Performance of a contract - processing is necessary for the performance of our contract with you to which you are a party or in order to take steps at your request prior to entering into a contract. |
|
'Device and Usage Data'; 'Statistical Data' |
Improving platform functionality and efficiency - to analyse usage, monitor performance, understand user behaviour, and improve our services and platforms. |
Legitimate interests - the processing is necessary for EquiRatings' legitimate interest in improving and developing its platforms and services. |
|
All categories above |
Legal Claims - to investigate, establish, exercise or defend a legal claim. |
To defend, establish or be a party to legal claims - processing is necessary in order for us to establish, investigate, exercise or defend a legal claim. |
11.5 Applications and Service Providers - Sport Promotion
In connection with the Sport Promotion division, EquiRatings uses third-party applications and service providers, including cloud hosting and deployment providers, file storage providers, survey and form tools, and email marketing platforms.
These providers may process your personal data on our behalf and in accordance with our instructions. Where these providers are located outside the EEA, we ensure appropriate safeguards are in place as described in Section 4 above.
12.1 Overview
EquiRatings' Risk division provides equestrian safety and venue risk analytics services to federations and governing bodies. This division operates dedicated risk dashboard platforms for federations and their officials.
12.2 Personal Data We Collect - Risk
We may collect and process the following personal data in connection with the Risk division:
|
Category of Personal Data |
Types of Personal Data |
|
'Federation-Sourced Rider and Horse Data' |
Rider first name, rider surname, rider display name, rider nationality, rider gender, rider date of birth, rider source ID, rider federation identifier, horse date of birth, horse name, rider postcode, horse height, horse colour, horse sex, rider region, rider title, and country. The specific fields available depend on the data source federation: certain federations provide only the year of birth, while others may have previously provided the full date of birth. |
|
'Risk Survey Data' |
Data submitted by officials or riders in connection with venue risk assessments, collected via survey tools. |
|
'Device and Usage Data' |
IP addresses, unique device identifiers, and related technical information collected through use of our risk platforms. |
12.3 How We Collect Your Personal Data - Risk
We collect personal data in the Risk context through the following means:
12.3.1 Directly via data transfer from relevant federations - certain federation partners provide data directly to EquiRatings. This data is supplied to us, rather than accessed via an API.
12.3.2 Via API from relevant federations - EquiRatings collects data via API endpoints from certain federation partners. Data is retrieved programmatically by EquiRatings systems. Each organisation retains control over its API and underlying data source. Access is governed by agreed API terms and permissions.
12.3.3 Via shared database with a relevant federation partner - EquiRatings has access to a shared database environment with certain federation partners.
12.4 Legal Bases and Purposes - Risk
|
Relevant Category of Personal Data |
Purpose(s) |
Legal Basis |
|
'Federation-Sourced Rider and Horse Data'; 'Risk Survey Data' |
To process and analyse risk-related data for the purpose of equestrian venue and competition safety assessments; to provide risk analytics dashboards and reports to the relevant federation clients; to assist federations in fulfilling their safety obligations under applicable sporting regulations. |
Performance of a contract - processing is necessary for the performance of our contract with the relevant federation. |
|
'Federation-Sourced Rider and Horse Data'; 'Risk Survey Data' |
To develop and improve EquiRatings' risk models and safety analytics methodologies. |
Legitimate interests - the processing is necessary for EquiRatings' legitimate interests in improving the accuracy and effectiveness of its risk analytical services. |
|
'Device and Usage Data' |
Improving platform functionality - to monitor, test and improve the effectiveness of our Risk platforms. |
Legitimate interests - processing is necessary for EquiRatings' legitimate interests in maintaining and improving its platforms. |
|
All categories above |
Legal Claims - to investigate, establish, exercise or defend a legal claim. |
To defend, establish or be a party to legal claims - processing is necessary for us to establish, investigate, exercise or defend a legal claim. |
12.5 Applications and Service Providers - Risk
In connection with the Risk division, EquiRatings operates dedicated risk analytics platforms and dashboards for its federation clients.
Third-party applications and service providers used in connection with this division include cloud hosting and deployment providers, file storage providers, and survey tools. These providers may process your personal data on our behalf and in accordance with our instructions. Where these providers are located outside the EEA, we ensure appropriate safeguards are in place as described in Section 4 above.
13.1 Overview
EquiRatings' Horse Sourcing division provides services to riders in connection with the identification and sourcing of horses. EquiRatings operates a dedicated platform for this division.
13.2 Personal Data We Collect - Horse Sourcing
We may collect and process the following personal data in connection with the Horse Sourcing division:
|
Category of Personal Data |
Types of Personal Data |
|
'Personal Contact Data' |
Name, email address, phone numbers, and addresses. |
|
'Rider Profile Data' |
Rider first name, rider surname, rider display name, rider nationality, rider gender, rider date of birth, rider source ID, rider federation identifier, rider postcode, rider region, rider title, and country. |
|
'Horse Data' |
Horse date of birth, horse name, horse height, horse colour, and horse sex.
Note that horse data, while not personal data in its own right in most cases, may be associated with personal data relating to riders and owners. |
13.3 How We Collect Your Personal Data - Horse Sourcing
We collect personal data in the Horse Sourcing context through the following means:
13.3.1 Directly from you, when you engage with EquiRatings in connection with the Horse Sourcing service, including by contacting us, using our internal CRM, or accessing the eventing sales platform.
13.3.2 Via our internal CRM platform, which records interactions, preferences, and communications in connection with the Horse Sourcing service.
13.3.3 Via our eventing sales platform.
13.3.4 From federation data sources, where rider data is sourced from equestrian federations and governing bodies.
13.4 Legal Bases and Purposes - Horse Sourcing
|
Relevant Category of Personal Data |
Purpose(s) |
Legal Basis |
|
'Personal Contact Data'; 'Rider Profile Data' |
To manage the business relationship with you in connection with horse sourcing services; to communicate with you about potential horse matches and associated transactions; to maintain records on our internal CRM platform. |
Performance of a contract - processing is necessary for the performance of our contract with you or in order to take steps at your request prior to entering into a contract. |
|
'Personal Contact Data'; 'Rider Profile Data'; 'Horse Data' |
To develop and improve our horse sourcing analytical models and matching services; to carry out internal analysis and profiling to assess the suitability of horses for particular riders. |
Legitimate interests - the processing is necessary for EquiRatings' legitimate interests in providing and improving its horse sourcing services. |
|
All categories above |
Legal Claims - to investigate, establish, exercise or defend a legal claim. |
To defend, establish or be a party to legal claims - processing is necessary for us to establish, investigate, exercise or defend a legal claim. |
13.5 Applications and Service Providers - Horse Sourcing
In connection with the Horse Sourcing division, EquiRatings operates dedicated horse sourcing platforms, an internal CRM platform, and its main website.
Third-party applications and service providers used in connection with this division include cloud hosting and deployment providers and file storage providers. These providers may process your personal data on our behalf and in accordance with our instructions. Where these providers are located outside the EEA, we ensure appropriate safeguards are in place as described in Section 4 above.